DIACA

IVACE

Business R&D+i Plan

PIDI-CV. SME R&D projects - 2018

File Number IMIDTA / 2018/31

Objective: The objective of this project is to build a prototype of a distributed threat hunting tool based on CARMEN, which allows combining analysis mechanisms, event correlation and intelligence at the endpoint with the analogous mechanisms already available in the analysis center, thus having the advantages of being able to observe the host from the inside, without making it stop working due to the overload caused.

Features:

The result of this project will be a module for detecting malicious traffic on the endpoint, allowing for more effective detection of the presence of a cyber-attack.

The possibility of having direct access to the host and not only to its network traffic, will allow the incorporation of more sophisticated detection techniques that, leaving aside traditional blacklist-based approaches, are capable of identifying potential threats never seen before, which is vital when dealing with APTs.

To show the feasibility of the concept, a proof-of-concept prototype will be built based on the existing threat hunting tool CARMEN.

The technologies developed in this project will allow S2 Grupo to continue offering cutting-edge products and services at an international level and have artificial intelligence capable of detecting APTs. In particular, it is expected that the results of the project will be applied in the future in the CARMEN product, mentioned in the previous section.

CARMEN (Center for the Analysis of Records and Mining of EveNts) is the national capacity for the identification of advanced persistent threats (specifically, advanced malware associated with these threats). It is an S2 Grupo development supported by the National Intelligence Center in which the Center’s own capabilities have converged with those of S2 Grupo in the field of advanced surveillance.