Support

Lorem ipsum dolor sit amet:

24h / 365days

We offer support for our customers

Mon - Fri 8:00am - 5:00pm (GMT +1)

Get in touch

Cybersteel Inc.
376-293 City Road, Suite 600
San Francisco, CA 94102

Have any questions?
+44 1234 567 890

Drop us a line
info@yourdomain.com

About us

Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec.

PROJECT

Intrusion detection via multi-dimensional analysis of security data streams

The processes employed by modern businesses, and consequently their economic success, increasingly hinge upon IT-systems, which in turn are increasingly hard to defend against security risks. On the one hand high interconnectivity grants suppliers with the opportunity to implement more efficient process chains, on the other it introduces complex dependencies and new attack vectors. Meanwhile, the last decade has seen the rise of highly organized, professional, financially motivated attackers, threatening businesses with a multitude of criminal methods.

Furthermore, the growing integration of classic information technology (IT) and operational technology (OT) creates risks of its own. These call for an increased emphasis on logging and monitoring, in addition to classic methods like firewalls and malware protection, as businesses need to assume that

1. adversaries will bypass perimeter protection and that

2. deployed malware may not be detected.

Any intrusion can only be detected through unusual behaviour of systems or applications, as well as anomalous network communication. Detecting these anomalies usually requires the aggregation of data stemming from different systems in a centralized system for correlation and analysis. This gives rise to new challenges due to the large volume of data involved. Furthermore, the development of algorithms performing the analysis is hindered by the poor availability of concurrent annotated datasets required to train and evaluate them.

In today’s IT landscape multiple tools are already being used to detect attacks, weaknesses and undesired behaviour in computer systems and networks. Signature-based methods search for the occurrence of predefined negative behaviour. Anomaly-based methods, however, build a model of normal behaviour in order to find irregularities in new data. These irregularities tend to correspond to unwanted behaviour. The structure of the data, like attributes, metrics and aggregations, from which this model is built, needs to be defined a priori. This is problematic, since it limits the analysis to finding only the anomalies that are visible in that exact structure, while missing others.

This is why the objective of this project is to develop advanced concepts for automatic aggregation and analysis of network data related to information security. In addition to covering all possible data structures to detect a variety of anomalies, automatic aggregation directly yields the view of the data that best displays anomalies. As the aggregations are generated automatically, the configuration of the system is simplified.

One of the major concerns when constructing these concepts will be efficiency, since regular hardware needs to be sufficient for supporting the resulting system. Horizontal scalability will enable the system to grow alongside an expanding IT infrastructure. Another concern is the presentation of results, which is of increased importance in automated systems. On the one hand, the results and any information explaining their classification needs to be shared with other Monitoring- and SIEM-Systems (Security and Information Management) in a structured format (Indicator of Compromise). On the other, they need to be communicated to human Security Analysts, who perform manual analysis and need to react to malicious behaviour. This necessitates proper visualization of all relevant information.

Project Partners

Open Source. Open Solutions. Open Strategies. The mission of the Bremen-based IT system integrator and software house is to provide, optimize, secure and support innovative open source software solutions. Among the main priorities are security applications and monitoring systems, which can be implemented and continuously developed in customer centred projects using various products (SIEM systems, IDS, firewalls, VPN, Nagios, etc.). In addition to providing consulting, system management and software development, research projects are conducted in association with both national and international partners.

rt-solutions.de GmbH is a consulting firm which was founded in 2000 by scientists and entrepreneurs with the goal of realising performant and secure IT processes and infrastructures as a basis for effective business processes. rt-solutions.de provides consulting to leading international businesses in all questions regarding information security and data privacy. The core business of the firm are developing and operating security management systems and technological security measures, as well as auditing complex IT environments and conducting forensic investigations to analyse and solve security breaches.

The research group Trust@HsH has been operating in the areas of trusted computing, network security and mobile security since 2006. Various BMBF-funded research projects were conducted within these areas, like tNAC, ESUKOM, VisITMeta and SIMU. Members of the research group present their results on national and international conferences and workshops, while also actively participating as liaison members in the specification processes of the Trusted Computing Group, a worldwide consortium of major IT companies ans research institutions, with the purpose of introducing internationally recognized standards in the area of IT security.

Associated Partners

Plate Büromaterial Vertriebs GmbH

The Plate Büromaterial Vertreibs GmbH consists of an association of companies, located in Bremerhaven, Isernhagen, Brandenburg, Magdeburg, Dessau, Leipzig, Duisburg, Hamburg, Düsseldorf, Freiburg, Ratingen and Gütersloh. Today the group employs over 300 people and sells about 100 mio. EUR worth of “everything good for the office” annually.

hanseWasser Bremen GmbH

The sewage company hanseWasser Bremen GmbH of about 400 employees operates the 2,300 kilometre long sewer network beneath Bremen, while securing a cost effective and environmentally sensitive purification process in two water treatment plants, located in Seehausen and Farge, for about 50 mio. Cubic metres of sewage per year from Bremen, neighbouring communities, as well as industrial and business customers.

NEWS

News from the GLACIER project

GLACIER consortium meeting in Bremen showed new approach to intelligent anomaly detection for the first time

On February 19, the consortium partners of the GLACIER research project (www.glacier-project.de) met to exchange information about the ongoing development work. The focus was on future planning and not on what has been achieved so far.

Third GLACIER project meeting in Cologne in mid-November

The participants of the BMBF project GLACIER came together for the third consortium meeting on November 13th in Cologne in the offices of rt-solutions.de GmbH to discuss the status of the project and to agree on the high-level architecture.

Second GLACIER project meeting took place in July at the University of Applied Sciences in Hannover

The still quite young BMBF project GLACIER met on 30th July at the research partner University of Applied Sciences in Hannover to discuss the results achieved in the first work packages.

Security fair it-sa: Successful participation of GLACIER-partner DECOIT® GmbH

The security fair it-sa in Nuremberg set new records for yet another year. 753 exhibitors from 25 countries were in attendance to display their products and solutions to an audience of 15,000 experts, thus making the exhibition grounds Germany’s main address for IT-security for the three day duration of the fair.

First Open Source Business Day at the Bremen Chamber of Commerce

On May 21st the Open Source Business Day took place for the first time in the Bremen Chamber of Commerce. The event was initiated by the Open Source Business Alliance (OSBA) and organized by DECOIT® GmbH.

Kick-off meeting on the 4th of April 2019 in Bremen

At the beginning of April, the new GLACIER research project with the long title "Attack detection by multidimensional analysis of security-relevant data streams" was launched at DECOIT® GmbH in Bremen.

Conference entries and presentations

Project meetings, telephone conferences and other important dates

22.06.2020 Bremen Video conference with the partners regarding the work on AP1, AP2. AP3 and AP4
16.06.2020 Bremen Developer video conference with the partners regarding visualization,
back-end development and anomaly detection
08.06.2020 Bremen Telephone conference with the partners regarding the work on AP1, AP2. AP3 and AP4
18.05.2020 Bremen Telephone conference with the partners regarding the work on AP1, AP2. AP3 and AP4
12.05.2020 Cologne Developer telephone conference with the partners regarding the programming language for visualization,
back-end development and anomaly detection
04.05.2020 Bremen Telephone conference with the partners regarding the work on AP1, AP2. AP3 and AP4
20.04.2020 Bremen Telephone conference with the partners regarding the work on AP1, AP2. AP3 and AP4
06.04.2020 Bremen Telephone conference with the partners regarding the work on AP1, AP2. AP3 and AP4
26.03.2020 Bremen Developer telephone conference with the partners regarding the incident report
23.03.2020 Bremen Telephone conference with the partners regarding the work on AP1, AP2. AP3 and AP4
19.03.2020 Bremen Developer telephone conference with the partners regarding the analysis process
09.03.2020 Bremen Telephone conference with the partners regarding the work on AP1 and AP2
05.03.2020 Hannover Developer workshop at the University of Applied Sciences in Hannover
19.02.2020 Bremen Fourth project meeting at DECOIT GmbH in Bremen
14.02.2020 Bremen Developer telephone conference with the partners regarding the anomalie detection
10.02.2020 Bremen Telephone conference with the partners regarding the work on AP1 and AP2
27.01.2020 Bremen Telephone conference with the partners regarding the work on AP1 and AP2
21.01.2020 Bremen Developer telephone conference with the partners regarding the anomalie detection
20.01.2020 Bremen Developer telephone conference with the partners regarding the Docker development
13.01.2020 Bremen Telephone conference with the partners regarding the work on AP1 and AP2
09.01.2020 Bremen Docker workshop with rt-solutions
16.12.2019 Bremen Telephone conference with the partners regarding the work on AP1
05.12.2019 Bremen Telephone conference with the partners regarding the development of agents
02.12.2019 Bremen Telephone conference with the partners regarding the work on AP0 and AP1
14.11.2019 Cologne Third project meeting at rt-solutions in Cologne
04.11.2019 Bremen Telephone conference with the partners regarding the work on AP0 and AP1
21.10.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
07.10.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
23.09.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
09.09.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
26.08.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
19.08.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
12.08.2019 Bremen Telephone conference with the developers regarding the high-level architecture
12.08.2019 Bremen Telephone conference with the partners regarding the work on AP0 and AP1
30.07.2019 Hannover Second project meeting in Hannover
15.07.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
01.07.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
17.06.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
27.05.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
26.05.2019 Bremen Workshop at the associated partner hanseWasser
21.05.2019 Bremen Open Source Business Day at the Bremen Chamber of Commerce
13.05.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
29.04.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
15.04.2019 Bremen Telephone conference with the partners regarding the work on the AP0-reports
04.04.2019 Bremen Kick-off meeting at DECOIT® GmbH
01.04.2019 Bremen Official BMWi start date for the GLACIER project

Contents

Do you have questions regarding our product?

Contact us: info (at) decoit.de

Funded through:

BMBF
Copyright 2020 GLACIER--Konsortium 2019. All Rights Reserved.
It will load necessary cookies, Google Fonts, Google Maps, OpenStreetMap and Youtube. More details in our privacy policy and our imprint.