Publication details
WARDEN: realtime sharing of detected threats between CSIRT teams
| Authors | |
|---|---|
| Year of publication | 2013 |
| Type | R&D Presentation |
| Citation | |
| Description | The Warden project is a sharing platform for detected security events, whose characteristics can be watched and used by members of the network for evading possible security threats. There exists large body of automatically detected security events, be it honeypot machines or IDS systems at campuses, golden mine of netflow data or dictionary attacks from log data of production machines. Manual distribution of this events is laborious and generates further work which the team is usually not able to cover, causing distortion, losses and unneeded delays. In our CESNET2 national research and educational network, we attempted to solve these dilemmas by designing the Warden – open early warning system, which enables security teams to proactively and efficiently share and use information relating to detected network and service anomalies that had been generated by various systems. |