Focusing on the business case for SMEs and relevance of C3ISP:
The aim of the C3ISP SME Pilot is to enable SMEs to collect and share their Cyber Threat Information (CTI) data with the C3ISP platform in such a manner that each SME remains in full control of what is shared and how it is shared, preserving the confidentiality of their sensitive data. Vendors or service providers of Managed Security Service (MSS) solutions (such as the BT Intelligent Projection Service) can enhance their offerings with the C3ISP-enabled CTI sharing capability. This allows for constant feedback from SMEs about threats detected by their MSS agents deployed on their infrastructure. This threat intelligence can be rapidly promulgated to the other C3ISP partners and thus enhance the product/service capability and the SMEs experience and level of protection.
Where SMEs wish to outsource the security management aspect of their infrastructure by using MSS solutions, Managed Security Service Providers (MSSP), who typically only offer services to large enterprises, could consider extending their market to include SMEs. Usually the complexity and ROI to deal with many SMEs would be prohibitive, but the integrating capability of C3ISP should enable sufficient automation and scale to allow a group of SMEs to be effectively treated as a single enterprise, in order to derive a cost-effective solution tailored to SMEs needs.
The business value of joining the C3ISP platform for an SME derives from the effective scale that the sharing of CTI brings, which means that an SME gains access to what is effectively an enterprise-scale threat intelligence and response capability that it would otherwise not have access to. The scale derives from the sharing community of SMEs which together should see a range of CTI analogous to that seen across a larger enterprise. The quantity and quality of this capability can be further augmented by C3ISP's ability to share CTI with other organizations including ISPs and CERTs etc. The sharing of CTI data on C3ISP helps provide earlier detection of cyber threats and attacks on the SME participants with the potential to significantly reduce and or avoid business impacts
Visualisation of Security Analytics
The C3ISP framework will allow the definition of advanced Visual Analytics services that will render the data under the constraints of the Data Sharing Agreement (DSA). The service will enable users with security domain knowledge to perform data analytics via interactive data exploration and visualisation. An artificial intelligence layer will allow structured data to be analysed in order to discover patterns and to generate new levels of insight and knowledge for existing data. Users will be able to interactively filter the data, based on temporal, spatial, or logical clusters, in order to explore and drill down into the data to find patterns, anomalies, or other items of interest. The Visual Analytics capability will be combined with C3ISP preservation and transformation components, thereby integrating various data sources such as from data anonymisation module, the managed security services and other entities such as CERT or external analytics tools. The following video introduces the SATURN Visual Analytics software suite that has been developed by BT Applied Research. It shows an example analytics use case coming from Managed Security Service (MSS) provider where a number of its enterprise customers are affected by potential malware outbreak. The video also shows that by using anonymisation techniques such as differential privacy useful insights can be gained from the aggregated customers data while at the same time preserving each customer's privacy.
Disclaimer: Note that open source and fictitious datasets have been used to produce the video.