SMESEC aims at providing a unified security framework for Small Medium Enterprises (SME). SME’s are one of the most important drivers for innovation, but they often tend not properly to plan their cybersecurity defence, either by underestimating the risks and consequences of cyber attacks or by not being capable of keeping pace with the progress in this ever-evolving field. New threats appear on a daily basis, and SMEs are usually unready to protect their IT assets and therefore the business continuity.
The main goal of SMESEC is to identify what are the needs from the SME perspective and translate them into requirements for a unified framework, which will eventually consist of the SMESEC partners’ contributed products. The products can cover a wide range of security market segments, and it is expected that the unification will bring even higher added value to the products and the Framework.
Securityaware.me is an online platform for creating and managing interactive training courses using real infrastructures and testbeds (servers, computers, networks etc.). Contrary to other e-learning platforms, Securityaware.me focuses only on cybersecurity. All hosted courses are created by experts from security companies and institutes around Europe and include training material for many different security topics and levels of expertise.
The SMESEC XL-SIEM is a platform for collecting cybersecurity alerts and deviations from correct behaviour in a system. The information comes from the correlation of several monitoring tools focusing in different areas of the target system. The tool provides real-time analysis of the alerts and information about them in an easy and accessible way. In contrast to other SIEM tools the XL-SIEM guides end-users with concrete and actionable recommendations of what to do againstspecific alerts andprotect better theirorganization.
CYSEC provides SMEs with the ability to assess, plan, and track improvements in cybersecurity in a simple, do-it- yourself fashion. For an SME that is aware of cyber risks, CYSEC offers easily understandable cybersecurity advice and offers a personalized, self-adaptive journey of building cybersecurity capabilities to protect the SME. For the open cybersecurity expert community serving SMEs, CYSEC gives insights into how cybersecurity practices are adopted and a channel for helping SMEs to solve their difficult challenges.
SMESESC GravityZone from Bitdefender gives small and medium-sized companies a unified approach to security management that addresses the scalability and performance challenges your organization is facing today. GravityZone is architected from the ground up to unify security control over virtualized, physical, and mobile environments.It protects all the things that keepyour business going:workstations, servers,mailboxes and mobiledevices. It is incrediblyeasy to install andlight on yourresources.
EWIS is a honeypot-based intrusion detection solution tailored for SMEs. It can run in parallel with the real system, attracting attacks away from the SME’s systems. EWIS also provides a graphical interface visualizing the events that are captured by our sensors, this interface is part of the final SMESEC framework.
SMESEC partially integrates the industry-leading Citrix Application Delivery Controller, which provides solutions for granting SMEs the visibility and control they need over encrypted traffic, thus ensuring compliance with their privacy, regulatory, and acceptable user behaviour. To keepusers safe inside an organization, all communications must be inspected, not just clear-text traffic.Without, organizations areat risk from attacks:Hackers can infiltratemalware and steal dataacross multipleendpoints in the guiseof encrypted traffic.
IBM Anti-ROP Compiler Plugin (Shakedown) allows compiling a C/C++ program with binary shuffling enabled so that the resulting executable is different for each build. The shuffling prevents buffer overflow and ROP attacks scale out: an exploit that targets one instance ofthe application will not successfullyexecute on other instances.
The TasS (Test as a Service) allows SMEs to develop standards-based interoperable and secure products with short time-to-market and low engineering and financial overhead. TaaS offers capabilities to verify and validate the potentiality of vulnerabilities related to oneM2M and LoRa security requirements. Our motivation is to meet the market requirements related to sensors and IoT platforms domain. For example, TaaS analyzes the LoRa network stack for the susceptibility of LoRa devices to different types of attacks using commercial-off-the-shelf hardwareand execute the appropriatesecurity test cases.
Cybersecurity is somewhat like quality management. Slightest changes may affect the security of a product. Not only the product itself is defining the level of security achieved. Surrounding effects such as shared infrastructures, changing regulatory environments, shifted public perception, or new threats are factors too which may have a drastic impact on the security of a system.
The improvement or maintenance of a certain security standard is thus a demanding task for an SME. Keeping track of the parts is very hard as there is often not enough expertise within the company to identify all weaknesses of the product. SMESEC aims here to give a framework enabling SMEs to keep track of all relevant parts and support them in analysis and scoring.
SMESEC helps SMEs become aware of threats and build capabilities to counter these threats with a threat-oriented incremental approach. The threat-orientation ensures that the SME understands the value of the actions that SMESEC encourages. The incremental approach ensures that capability-building is lightweight and the SME is under control of when to stop.
innovation items to be developed in the project should decrease the usual complexity level of security tools, making them more attractive for adoption by the SMEs. The complexity term refers to usability, but also the installation and updating requirements of these tools.
SMESEC solutions should provide better or at least comparable level of cybersecurity protection to the offered by the available solutions in the market.
Since one of the main entrance barriers of cyber-security solutions in the SMEs ecosystem is the budget constraints, any incremental innovation must keep costs low.
apart from the technical aspects, SMESEC wants to evangelise the importance of cyber-security protection among SMEs. Innovation road-mapping will also consider the development of supporting material to attain this non-technical objective.