4th project meeting took place at NCP engineering in Nürnberg
The fourth project meeting was dedicated to defining the architecture of the third work package (AP3)
The fourth project meeting of the research project SIMU was held in Nürnberg at NCP engineering, project partner and VPN specialist. This time discussions were focused on the conception of SIEM architecture based on IF-MAP as well as on current assignments within the third work package. The project is still on schedule and was already presented at conferences and exhibitions. As a result inquiries arose indicating that the topic SIEM is up-to-date and that many companies already deal with its implementation.
The main focus during this project meeting was the third work package (AP3) “SIMU architecture”. All project partners presented their status of activities separately. DECOIT GmbH is currently engaged in the update of its existing IF-MAP Clients as well as in the development of new IF-MAP Clients in the areas of LDAP, RADIUS and WMI. These clients will be prepared to function as SIEM collectors. At the same time DECOIT works on the conception of SIEM-GUI, which shall illustrate and process all results consistently. The University of Applied Sciences and Arts Hannover also works on its existing IF-MAP Clients as well as on new implementations in the areas of syslog und nmap. The visualization of network connections will be enabled by VisITMeta and needs to be integrated into the SIEM-GUI later on. Furthermore, the University works on the detection engine, which will contain the intelligence for analysis later. Fraunhofer SIT advanced the generic “lighthouse” scenario and dealt with the conception of CBOR proxys as well as with the enhancement of the IO-Toolset. This toolset based on ontologies is increasingly in demand. Producers macmon and NCP engineering worked on their own product strategies.
The project status and development was presented by DECOIT GmbH. Currently, no delay is noted -the project makes good progress, also because of previously existing knowledge of all partners. Publications and conference participation were followed by several positive responses. This month even the Federal Office for Information Security (BSI) will catch up on the project’s progress at DECOIT GmbH. Furthermore, DECOIT GmbH is currently testing the SIEM solution of a German producer in order to compare it to SIMU project findings. The SIMU project was invited to the D.A.CH Security in order to report the newest SIEM results. Further conference and exhibition participation is planned. Project partners macmon secure and NCP will take part in the it-sa (IT -Security Expo and Congress) in October.
At the end of the project meeting all partners discussed the prospective mutual test platform. It will be located at Fraunhofer SIT and will be based on the virtualization solution KVM. Until now every partner only possesses its own test platform for own developments. But in order to be able to consistently merge all developments, a new common platform will be established building on irondemo of the University Hannover. This demonstrator base will enable consistent testing of developed components and modules in the future. Additionally, it can be used for automatic demonstration of prototypes later on.