6th SIMU project meeting in Hanover
The 6th SIMU project meeting took place on December 10th at the University of Applied Sciences and Arts Hanover. All partners presented their recent development results all of which registering progress. The project plan is still kept well. This time the focus was on the completion of the conception phase with first prototypical realizations as well as upcoming producer workshops and fairs/conferences.
The development of SIEM collectors is well advanced as regards the IF-MAP clients of DECOIT and University Hanover can be used already. Additionally, DECOIT will start developing an Android client which will support IF-MAP and Icinga. That way, events can also be involved via smartphone. The File Integrity Check (FIC) is a new development that tests files and folders for modifications. The SIEM GUI was presented for the first time: The prototype which works closely with a ticket system was presented live. The development of the Pattern Matching Engine also notes improvement as well as the visualization of communication relationships worked on by VisITMeta.
Further producers expressed their interest in the SIEM developments of the project. The producer TELCO TECH based in Berlin was gained as additional project partner. Close cooperation is to be expected as TELCO TECH and DECOIT already worked together before efficiently.
Next development steps are the installation of different prototypes on a test bed and interface communication. An exemplary use case was already presented by Fraunhofer SIT during the project meeting and a data model was showed. NCP and macmon continue working on IF-MAP extensions for their VPN-/NAC solutions.
Finally, all project partners worked on a generic use case together which will include all developed components. That is the best way to test, evaluate, and improve the interaction of security components so that real attacks can be defined and recognized. The overall goal is to present first results at the RSA conference in the U.S. April 2015.