We can proudly announce the start of our new research project “CLEARER: Erfüllung von Compliance‐Anforderungen durch automatisierte Bearbeitung von IT-Sicherheitsvorfällen”. CLEARER started on May 1st and will be completed in April 2018.
The goal of CLEARER is the development of a SIEM system with an automatic integration of compliance requirements into it. It will utilize novel network security approaches and distributive computing to meet the specific requirements of small and medium enterprises (SMEs) like ease of integration, small administrative effort and cost effectiveness.
CLEARER will benefit from the experiences that we and our partners DECOIT GmbH, IT-Security@Work GmbH and macmon secure GmbH have gathered during our previously security research projects. The IF-MAP based software developed during the SIMU project will be extended and enhanced to create more sophisticated tools that allow for better automation and address the limited possibilities of SMEs in security expert knowledge and resources.
A new subsite for the current research project IQM4HD (Intelligent Quality Monitoring for Heterogeneous Data) was added to our website.
14 Apr 2016
Some impressions from Cebit 2016
Here are some impressions of the Trust@HsH Cebit booth in Hall 6, Booth A18.
22 Mar 2016
Meet the Trust@HsH team on CeBIT 2016
During this year’s CeBIT (March 14th to 18th), the Trust@HsH research group will present their work on the Evaluation of Security-Relevant Network (Meta)Data as one of 17 exhibitors of the joint stand of the state Lower Saxony, titled Innovationsland Niedersachsen (innovation state Lower Saxony).
At the both, universities and research organizations show their research results as well as companies and founder show their development.
We will showcase our latest work in visualization of network security (see VisITMeta project) and Security Information and Event Management (see SIMU project
Together with a few slides about our work, we would be pleased to show you a high level demonstration of our open source IF-MAP tools.
The Trust@HsH team will be happy to welcome you in Hall 6, at booth A18!
11 Mar 2016
Poster on "Visualization of Network Security Policies" presented at this years VizSec Symposium in Chicago
The poster describes our approach of how to combine sensor data, policy data and evaluation data in one data model (IF-MAP) and how a GUI (built on VisITMeta) can emphasize their relationships among themselves to allow a user to analyse when and why an evaluation was triggered and which sensor data was evaluated by which policy element.
The implementation of these features within irondetect and VisITMeta will be released during the next months.
Here are some further impressions from Chicago.
The VizSec symposium was held in conjunction with IEEE VIS and will return in 2016 in the city of Baltimore.
04 Nov 2015
Trust@HsH presents paper on SIMU research project at IDAACS 2015
The conference tackeled many different topics in the area of data acquisition, representation and processing. Furthermore the use of these data and processes in various domains has been shown, one of them being the area of IT-security.
Within the paper, some results regarding the architecture and the evaluation workflow of the SIMU project were presented. More precisely it was shown how to integrate information from (open-source) off-the-shelf products using the IF-MAP protocol, how analysis on the data can be performerd automatically and how resulting incidents can be presented and managed in a user-friendly manner to support the resolution process.
The next IDAACS conference will take place in 2017 in Bukarest.
25 Sep 2015
ifmapj & ifmapcli - Support for ICS Security specification added
We added support for the metadata and extended identifiers specified in TNC IF-MAP Metadata for ICS Security to both our Java-library ifmapj and our command line tool-set ifmapcli.
ifmapj comes with new classes that allow to create the metadata and identifier objects needed to work with ICS specified entities, just like the already existing classes and methods that help using TNC IF-MAP Metadata for Network Security entities.
As an example of what’s possible with the new release of ifmapj, we also upgraded ifmapcli by CLI tools to publish ICS metadata and identifiers.
After months of internal development we are proud to release the new version 0.5.0 of our IF-MAP visualization software VisITMeta.
It features the following changes:
the dataservice now supports multiple subscriptions to a single MAP server. It also handles when the same information is gathered via two or more subscriptions at the same time
New connection handling:
the Visualization client now features a new representation of all connection-based settings (connections to VisITMeta dataservices, connections to MAP servers, and subscriptions), allowing managing them as well (add new, edit and delete existing, starting/stopping subscriptions, …).
Filter in REST API:
the REST API now supports filters in the style of IF-MAP filters like match-links or result-filter; they can be used when querying for a graph at a given timestamp
(most) errors - both on dataservice side as well as on GUI side - are now shown via basic dialogs
Minor fixes and enhancements:
selected nodes can now correctly be “unselected”, we added a new style for Identifier information, and much refactoring of the code
The new overview of connections to VisITMeta dataservices and IF-MAP servers, as well as the configured and active subscriptions can be seen in the screenshot.
Also a new compact representation of Identifier nodes is shown, that uses up to 2 lines of information.