CLEARER project

The CLEARER project aims at the automated administration of it-compliance and handling of it-security incidents. These processes are currently rarely tackled in smaller companies and generally mostly covered in the form of Network Access Control (NAC) or Security Information and Event Management (SIEM) systems.

A NAC-system is used to ensure, that only devices complying to company rules (policies) in configuration and behavior are allowed to enter the corporate network. The only focus is put on the device and the user is not taken into account. There is no dedicated consideration of it-security and it-compliance, respectively.

Figure: Generic architecture
Figure: Generic architecture

SIEM-systems on the other hand comprise monitoring and analyzation tools, targeting it-security explicitly. For this purpose, different events (alerts) of multiple sources (firewall or database logs, intrusion detection systems (IDS)) are gathered centrally. Thereby, a combined evaluation of the information enables the detection of coherences and relationships within the data. The administrator thereby gets comprehensive understanding of the security situation of his network, including summarized and prioritized security incidents. The same mechanisms, which are employed to detect breaches in security, are often used to enforce the it-compliance policies of the company. The analysis of log information can be used to detect security incidents as well as misbehavior from a compliance point of view (e.g. the access on resources without respective privileges or the use of unauthorized software products). Compliance and security matters are both analyzed in a timely matter to be able to react properly and prevent further repercussions.

Maintainability and usability are the main requirements of such systems in order to be successfully employed in smaller and medium enterprises. However, the current situation is that specialized personnel is required to install, operate and maintain the software, especially since the rules need to be adjusted according to changes within the network or the policies. Due to lack of manpower and financial resources, current SIEM solutions are rarely used in smaller environments. Some scattered solution like an IDS or a NAC system are more likely to be employed without a view on the bigger picture and the possibility to draw conclusions based on combined information.

Nevertheless, small- and medium companies are in deep need of such advanced systems, since espionage, blackmail or data loss are equally as threatening for smaller companies and the number of attack increases steadily, not least because they are known for their weaker security standards.

The goal of the CLEARER project is to close this gap and develop a system to continuously monitor the network and automatically evaluate and adapt security and compliance policies, thereby minimizing the need for manual interaction and configuration efforts.