SAPPAN: A European approach to enable privacy-preserving federation for cybersecurity incident detection and handling

SAPPAN has a strong focus on improving cybersecurity for international public institutions and multinational companies in Europe. Improved threat detection techniques, response, and recovery will help these institutions and companies grow stronger and compete more effectively in the European market and beyond. The development of privacy-preserving cyber threat intelligence sharing (information related to detection, response, and reaction procedures) will support the monitoring of security trends EU-wide and on a global scale.

SAPPAN innovations can support European policies, law enforcement, and might lead to the point where engagement with SAPPAN-type capabilities is an EU requirement.

The goal of SAPPAN is to enable privacy-preserving federation for intrusion detection in the EU across national borders and institutional boundaries, by sharing of data and knowledge about all steps of the response cycle (detection, response and recovery) and supporting human operators with visualization (of threats) and automation (of responses).

                  SAPPAN project

SAPPAN innovates towards the development of a cyber threat intelligence system that decreases the effort required by human operators to come up with suitable responses to recover from different cyber-attacks.

SAPPAN will enable organizations to share their knowledge about actions to respond to and recover from attacks more quickly than would be possible if an organization tried to maintain its ICT infrastructure on its own. The goal of SAPPAN is to develop a platform for privacy-preserving data sharing, attack detection, and automation for response and recovery utilizing advanced data analysis, machine learning, privacy-enhancing technologies, and visualization techniques.

How can the SAPPAN project make a difference to potential end-users?

End-users such as human analysts in the Security Operation Centres (SOC) can adopt SAPPAN solutions with reduced false alerts, advanced visualization and automated support for response actions to mitigate cyberattacks.

Furthermore, different small-medium enterprises (SMEs) and organizations can use the SAPPAN platform to share data, ML models, threat intelligence for better detection of attacks and respective response. By enabling the sharing of knowledge about incidents, response and recovery actions, as well as the sharing of trained machine learning models for network intrusion and anomaly detection, SAPPAN can allow CSIRTs within the EU to work together and develop an operative network across the EU.

Click here to learn more about the SAPPAN project.