Research Result :: MASSIF creates next-generation framework for Security Information and Event Management (SIEM)
Cyber Security is an area of great global focus, yet it is both hard to manage and arguably even harder to measure. In order to provide high-level situational security awareness, a next-generation Security Information and Event Management (SIEM) environment is thus needed, which should provide an architecture for trustworthy and resilient collection of security events from source systems, processes and applications. In addition, an anticipatory impact analysis should enable us to predict the outcome of threats and mitigation strategies and thus enable proactive and dynamic response. While organizations recognize the crucial value of SIEM functionalities, the complexity and resources needed to deploy it has been a deterrent for many.
The MASSIF FP7 project has successfully developed a next-generation SIEM framework for service level infrastructure. The MASSIF solution combines novel security technologies to provide the industry’s most advanced security management solution. While still many vendors only focus on solving log management and compliance use cases, MASSIF combines different approaches.
MASSIF provides increased reliability of business operation by detecting and predicting threats and unusual behaviours in the network and applications within a short time frame by correlation of security events from different event sources, and delivering real-time security alerts and effectively enforces automated countermeasures.
MASSIF is also able to perform security and risk assessments and predict potential attack paths. Finally MASSIF is able to ensure robustness operation, when the SIEM is itself the target of an attack.
MASSIF's competitive advantage lies in its multi-domain capacity. Its applicability was demonstrated in various industry-relevant misuse-case scenarios regarding the convergence of physical and logical security in critical infrastructures, fight against fraud in mobile-based money transfers, detection and mitigation of complex attack patterns in large IT infrastructures, or addressing additional business requirements like forensic capability, privacy & risk reduction.
The modular nature of the MASSIF solution eases integration of single components or combinations into existing products or services, providing them with enhanced and trustworthy functionality, while preserving the systems legacy. This enables the MASSIF offer to be easily adapted to different customers' needs in terms of technological solution and pricing. Additionally, it allows a relatively straightforward integration with existing commercial solutions, such as OSSIM and Prelude.
The MASSIF security features will be partially included in partners’ products as well as into their business, research and development networks.
MASSIF stands for “MAnagement of Security information and events in Service InFrastructures”. MASSIF is a collaborative research project co-funded under the European Commission's FP7 ICT Work Programme 2009 (FP7-ICT-2009-5). It is aligned with the objective ICT-5-1.4 - Trustworthy ICT.
The MASSIF Consortium, led by Atos, consists of twelve partners from six European countries (France, Germany, Italy, Portugal, Russia, and Spain) and South Africa. The MASSIF consortium consists of four industrial use case providers (Atos, Orange Labs, T-Systems South Africa and Epsilon srl), two Open Source SIEM providers (AlienVault and 6cure), and six scientific research organizations (Consorzio Interuniversitario Nazionale per l'Informatica, Fraunhofer – SIT, Fundaçao da Faculdade de Ciencias da Universidade de Lisboa, St.Petersburg Institute for Informatics and Automation of Russian Academy of Science, Institut Mines-Télécom, and Universidad Politécnica de Madrid).
For more information on MASSIF, please visit:
Elsa Prieto (Atos): firstname.lastname@example.org