PALANTIR builds on risk assessment, virtualisation, closed-loop control, machine learning and remote attestation to create highly dynamic and flexible cybersecurity services that run on a completely secure and attested network environment, in the form of Security-as-a-Service (SecaaS). PALANTIR will experiment with three delivery modes, namely, the Cloud SecaaS (following the hosted MSS model), Lightweight SecaaS (following the vCPE-based MSS model) and Managed Edge SecaaS (following the MEC model). PALANTIR is built around the following main features:
A Risk-based analysis framework that allows the quantification of security/privacy threats based on security/privacy impact assessment and its correlation with attack surface analysis. The overall risk will be tracked and managed in a dynamic scenario where threat intelligence is updated, and where devices in the network might be inherently untrusted (e.g. smartphones, routers, IoT etc.).
Cybersecurity services are dynamically deployed as Virtual Network Functions (VNFs) upon request, thus creating Security-as-a-Service. The VNF approach allows perimeter defences (like firewalls, intrusion detection etc.) to be deployed in seconds in PALANTIR. Attacks with known signatures can then be detected at the network level and remediated, by the combination of flexible forwarding with Software Defined Networking (SDN), and adaptable functionality with Network Function Virtualisation (NFV). Following this approach, all devices and systems on a SecaaS-protected network, will enjoy a level of protection regardless of the existence of installed security software on separate devices and regardless of the users’ technical savvy.
When a threat goes undetected by normal perimeter defences, a Threat Intelligence Framework provides additional protection by machine learning; The ML picks up traffic anomalies indicating unknown threats in the network, such as traffic that does not adhere to specified protocols (e.g. illicit cryptocurrency mining in a corporate network), etc. statistically anomalous traffic that can indicate 0-day threats and attacks, and so on. A Remediation and Recommendation Module creates intelligible suggestion to address these security threats.
A Trust & Attestation Framework that periodically attests the infrastructure’s components for signs of compromise. It includes not only physical (computing hardware, switches, routers etc.) and virtual (containerised apps, virtual network functions, the SecaaS themselves etc.) systems, but also conceptual artifacts (network topologies etc.). It provides integrity checks and sends a notification in case of a breach or fault. It will provide a high level of assurance and ensure that there are no threats (e.g. backdoors, etc.) that bypassed both the SecaaS and the Threat Intelligence protections and remain hidden and undetected.
The Security Service Orchestration framework deals with the instantiation, configuration and management of the security services. Management and Orchestration (MANO) and is a key component of every service-oriented architecture. PALANTIR builds on ETSI-supported and production-ready MANO solutions and adds key features such as security orchestration (used to provide topologies for security services and configure their functionalities with new security rules on-the-fly), monitoring (for optimal resource allocation and billing) and performance optimization (to ensure critical services are never resource-starved).
A Service Catalogue includes signed, trusted packages for the SecaaS services, their security/privacy specifications, their billing information and other metadata (e.g. deployment templates) that are used upon instantiation by the MANO framework. The Accounting Dashboard provides account management per user role (e.g. for the service developers, PALANTIR providers and users). Cybersecurity alerts, status of running services etc. are tracked in the Security Dashboard. All front-end components will be accessible through a single PALANTIR portal. The monitoring framework will aggregate the required security and billing metrics, while open-source tools will be used to manage the data and their visualisations.