The 2-days-workshop of the project ESUKOM in September had the goal to bring together the different prototypes in one common demonstrator. Therefore defined use cases have been tested before the workshop starts and were evaluated between these both days. Additionally the documentation has been extended for the deliverables. The final workshop was very successful and delivered very efficient results. So, the project can also finalize its work with success: all project goals have been reached.
In the first session the last results of the correlation engine were presented by the University of Applied Sciences in Hanover. This component is able to roll-out policies and recognize attacks. For the efficient recognition firstly it is necessary to produce training data. This has been done by 12 devices within three weeks. By the correlation engine a requirement catalogue has been defined for general policies. This system is not only a further intrusion detection system, it is more an extension of such a system, because it can analyze IDS data. So it is possible to discovery special attacks, which are invisible by typical security components like firewalls, IDS, or anti-virus-systems.
Special interest of the workshop was to test the IF-MAP client-prototypes of DECOIT, NCP, and macmon with the IF-MAP server of the University of Applied Sciences Hanover. Therefore different use cases of a generic scenario have been defined. This has worked out with success. After that workshop the DECOIT GmbH will further work on a live demonstrator, which will be prepared for virtual environments. That makes it possible to test own use cases after the ESUKOM project’s lifecycle.
The project will close its work on September 2012. It was a really successful project, why the partner are thinking about to extend the current cooperation. Also the IF-MAP specification of the Trusted Computing Group (TCG) has been made a big step forward. Big network vendors like Juniper and Enterasys Networks are interested in to implement this protocol in their network components or have done it. Also Cisco Systems has signed a membership to the TCG. That can be also an indicator that the IF-MAP protocol will have a great future. In every case the ESUKOM members has the experience and the first IF-MAP components developed to address such a market from the beginning.