ENISA published “Proactive detection – Measures and information sources” report

EU Agency for Cybersecurity ENISA has published a new report of the proactive detection of incidents, including measures and information sources.

The EU Agency for Cybersecurity ENISA has published a new report and accompanying repository on measures and information sources that could help security experts and operators of IT and critical infrastructure to proactively detect network security incidents in the EU.

The documents aims at evaluating methods, tools, activities and information sources for proactive detection of network security incidents.

The proactive detection process aims at discovering malicious activity conducted by threat actors through internal monitoring tools or external sources that shares information about detected incidents.

“The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident response teams in Europe nowadays.” reads the report. “The current report evaluates available methods, tools, activities and information sources for proactive detection of network incidents.”

The EU agency launched this project to improve the detection of network security incidents in the EU, by:

• Providing an inventory of available measures and information sources;
• Identifying good practices;
• Recommending possible areas for development.

This report identifies and analyzes how proactive detection in the EU is evolved between 2011 and 2019. Among the goals of the project there is the exploration of new areas that could help to improve operational cooperation and information sharing.

The deliverable of the project are three reports and in a living repository hosted on GitHub.

“The objective is to offer a point of reference for new or well-established teams who need to identify or reassess appropriate measures for proactive detection of incidents.” continues the post published by ENISA.

1- Report – Survey results

• Survey among incident response teams in Europe;
• Comparison with the 2011 survey.

2- Report – Measures and information sources

• Inventory of available methods, tools, activities and information sources;
• Evaluation of identified measures and information sources.

3- Report – Good practices gap analysis recommendations

• Analysis of the data gathered;
• Recommendations.

4- Online repository – GitHub

• Information sources;
• Measures and tools.

Enjoy the report!

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ENISA, cybersecurity)

[adrotate banner=”5″]

[adrotate banner=”13″]