Liaison between Threat Intelligence platform and DDoS Clearing House tasks

The CONCORDIA Platform for Threat Intelligence

In the context of T3.3 (“Developing the CONCORDIA’s Ecosystem: Virtual Lab, Services and Training”), task T3.1, as well as task T3.2, fit the concept of delivering CTI-related services and support to the CONCORDIA stakeholders. The figure below provides a schematic overview of the mentioned tasks, their interactions, and the key involved technologies.

The CONCORDIA Platform for Threat Intelligence collects the efforts of Task 3.1 and T3.2 and attempts to align the respective contributions within the broader landscape provided by T3.3.

Goal & Key Features

The CONCORDIA Platform aims at building one central point of contact for all services related to Threat Intelligence. The idea develops along with three main guidelines:

  • A virtual platform: the CONCORDIA Platform will consist of a collection of software solutions running on heterogeneous technologies and providing different services
  • Compatible models and structures: services provided by the platform will take advantage of each other, mutually exchanging information and jointly contributing to support possible new features
  • Uniform engagements rules: policies to access services and data should be aligned and integrated as much as possible so to guarantee straightforward and trustworthy interactions to platform’s users

The main technological components, aka core components, corresponds to three solutions developed within T3.1 and T3.2. The former task focuses on threat intelligence sharing and contributes with a platform allowing the creation and retrieval of “Indicator of Compromises” (MISP) as well as an infrastructure to deliver cyber incident notifications and support (the “Incident Clearing House”). The latter task focuses instead on Denial of Service attacks and delivers a platform implementing a proactive, coordinated, and distributed DDoS defense strategy (the “DDoS Clearing House”). Together, the core components form the backbone of the CONCORDIA Platform for Threat Intelligence. Beyond the core components, the CONCORDIA Platform envisions the development of accessory components. Those components will come from ideas and contributions collected within T3.1 and T3.2 by both the responsible project partners (Siemens, DFN-CERT, SIDN) and the supporting ones (e.g., UZH, CODE, CUT, FORTH, EesyInnovation). The accessory components will interact with the core ones to deliver increasingly complex services eventually becoming a fully interconnected infrastructure supporting all CONCORDIA stakeholders in dealing with threat intelligence information and making the best use of it to improve their security postures.

Components Overview

Name Resp. Parner Description
MISP SAG Represents the gateway to the information stored in the CONCORDIA platform.
ICH DFN-CERT Provides support for cyber incident mitigation.
DDoS-CH SIDN Data sharing platform that describe characteristic of on-going distributed denial of service campaigns.
COA-HP SAG The "Course of Action - Handling Platform" organizes and delivers information about “incident response actions”.