SPEDIA
System for Prediction and Early Detection of Insider Attacks (SPEDIA) , financed by the National Cybersecurity Institute of Spain (INCIBE) through its program for promoting Strategic Cybersecurity Projects in Spain, framed within the Recovery,Transformation and Resilience Plan, through funds from the Next Generation EU program.
The main objective of SPEDIA is the development of an integrated cybersecurity framework equipped with technical capabilities to confront insider threats that include early detection, identification of anomalous behavior, the parameterization of threats and the Dynamic evaluation of cyber-situational risk.
Some of the main capabilities that will be included in the SPEDIA are the following:
- Detect possible cybersecurity incidents related to insider threats.
- Characterize groups of individuals and identify anomalous behavior of possible insiders in the organization, being able to measure the potential risk of suPering an internal attack.
- Parameterize threats in a standardized way in order to identify the actions that an insider-type attacker has carried out.
- Evaluate cyber situational risk dynamically in an interpretable framework.
- Suggest countermeasures associated with internal security incidents
The system is being developed as a solution to identify and prevent insider threats. Unlike other solutions already developed, SPEDIA is not limited to the analysis of network and device traffic; It also evaluates the behavior of internal users by applying AI models to analyze anomalous behavior patterns of individuals based on previous behaviors of the same, as well as other users with the same role within the organization.
SPEDIA system solution is based on SIEM capabilities for collecting events on end devices including modeling the target system into an ontology offering real-time alerts based on the suspicious behavior of these users. SPEDIA allows to visualize which users generate a risk to the organization’s critical assets and what countermeasures should be applied to protect them. Different taxonomies are considered in the project to represent the tactics, techniques, and procedures (TTPs) of the MITRE Enterprise being able to propose possible mitigations to reduce the damage and mitigate the risk.