Project title:

„Fortifying SOCs Against Evolving Cyber Threats”, acronym CYBERGUARD

Financing source:

The project is financed by European Commission through the Digital Europe Programme  (DIGITAL), under call DIGITAL-ECCC-2024-DEPLOY-CYBER-06, action type DIGITAL JU Simple Grants.

Implementation period:

36 months, starting December 1, 2024. 

Total value of the project:

7.690.250,50 euro, of which the eligible non-reimbursable amount is 3.845.125,25 euro.

Consortium:

The coordinator: I-ENERGYLINK SRL (I-ELINK) - Romania

Partners:

1. BOLTON TECHNOLOGIES LIMITED (BOLTON) – Cyprus;
2. CACTUS DIGITAL A.E. (CACTUS) - Greece
3. CLONE SYSTEMS CY LTD (CLONE) - Cyprus
4. COLUMBIA SHIPMANAGEMENT LTD (COLUMBIA) - Cyprus,
5. DIRECTORATUL NATIONAL DE SECURITATE CIBERNETICA (DNSC) - Romania,
6. ELIAS NEOCLEOUS AND CO. LLC (ENC) - Cyprus, 
7. DIETHNES PANEPISTIMIO ELLADOS (IHU) - Greece, 
8. JOT INTERNET MEDIA ESPANA SL (JOT) - Spain,
9. SOCIETATEA NATIONALA DE GAZE NATURALE ROMGAZ SA (ROMGAZ) - Romania
10. SPITALUL CLINIC DE URGENTA BUCURESTI (SCUB) - Romania,
11. ARISTOTELIO PANEPISTIMIO THESSALONIKIS (AUTH) - Greece,
12. SC Siqsess Technology SRL (SIQ)- Romania.

Project summary:

CYBERGUARD Project addresses the escalating complexity of cyber threats targeting critical infrastructure sectors such as Transportation, Energy, Finance, Maritime, Government, and Health. The key point of this approach is the deployment of sophisticated defense & attack strategies, driven by experts specializing in AI and enabling technologies.

In response to the European Commission's call for proposals on enabling technologies for Security Operation Centers (SOCs), the "CyberGuard" project presents a technical concept focusing on the integration of advanced technologies to strengthen the capabilities of SOCs in detecting, preventing, and responding to cyber threats. 

The CyberGuard project encompasses a comprehensive approach, leveraging state-of-the-art methodologies in malware analysis, penetration testing, privilege escalation detection, research & mitigation of attacks targeting Large Language Models (LLMs), and adversarial attacks in Machine learning models employed and used in Security Operation Centers. Furthermore, the project prioritizes the development of scalable and interoperable solutions, facilitating seamless integration with existing SOC infrastructure and third-party security tools. CyberGuard advocates for a collaborative approach, fostering partnerships with industry stakeholders, academia, and government agencies to share knowledge and best practices in cybersecurity. 

By promoting information sharing and cooperation, CyberGuard seeks to enhance the resilience of SOCs against evolving cyber threats. Ultimately, the project's goal is to empower SOCs with the tools and expertise needed to effectively protect digital assets and safeguard critical infrastructures from cyber-attacks. 

CyberGuard directly addresses the escalating complexity of cyber threats targeting critical infrastructure sectors such as Energy, Transportation, Finance, Maritime, Government, and Health. Central to this approach is the deployment of sophisticated defense & attack strategies, driven by experts specializing in AI and enabling technologies. These strategies are rooted in the early identification of cyber incidents and the perpetual, interactive exchange of vital information in real-time, facilitated by cutting-edge AI applications and technologies.

The Project objectives are: 

1. develop and deploy advanced AI-driven technologies within Security Operation Centers (SOCs) to enhance their capabilities in analyzing, detecting, and preventing cyber threats; 
2. establish a secure and efficient Cyber Threat Intelligence (CTI) sharing framework to facilitate collaboration and information exchange among stakeholders; 
3. implement proactive vulnerability management and incident response mechanisms to mitigate cybersecurity risks effectively; 
4. enhance the resilience of SOCs against emerging threats, including those posed by Large Language Models (LLMs) and adversarial attacks; and 
5. promote cybersecurity awareness and capacity-building initiatives to foster a culture of security within European societies and organizations.

The project is designed to leverage the synergy of multiple innovative solutions, including:

1. The deployment of machine learning algorithms for the detection and prevention of cybersecurity threats on networks and hosts, addressing complex security challenges posed by new and multifaceted threat actors to enhance traditional detection mechanisms; 
2. Advancing the generation, management, and secure dissemination of Cyber Threat Intelligence (CTI) within CYBERGUARD by creating and implementing advanced tools and platforms to foster efficient CTI sharing and collaboration, ensuring data security and privacy; 
3. Systematizing the assimilation, organization, and scrutiny of diverse and voluminous data sets, aiding comprehensive analyses of cybersecurity incidents to improve threat detection, investigation, and response activities; 
4. The implementation of automated security orchestration and incident management, employing Business Process Modelling Notation to encapsulate and streamline business continuity and incident response procedures, minimizing operational disruptions;
5. Introducing the AI Remediation Guidance system, an advanced Artificial Intelligence Agent crafted to aid in understanding and rectifying vulnerabilities found during security assessments;
6. The refinement of penetration testing methodologies to enhance testing efficiency, reduce associated costs, and broaden test coverage, ensuring more frequent and comprehensive security evaluations.

CyberGuard is committed to enhancing the cybersecurity infrastructure across various organizations, aiming to proactively predict, detect, and mitigate cyber threats and vulnerabilities. By integrating a range of advanced technologies and methodologies, CyberGuard seeks to advance the security posture of organizations significantly.