Threats in the Internet are numerous. They have to be dealt with at many levels - ranking from firewalls or intrusion detection systems (IDS) to measures with a broader or even global focus. Early Warning Systems (EWS) are such broadly focused measures. EWS usually consist of distributed sensors networks and some central analysis or assessment facilities. The sensors collect raw data, e.g. statistics about connections (NetFlows), malware samples, or IDS events. By means of the centralized analysis facilities the "big picture" of what is happening can be obtained. EWS is valuable to numerous roles and entities. Be it larger organizations, governments, or Computer Emergency Response Teams (CERT). All greatly benefit from EWS and the resulting (global) network situational awareness when having to judge the security of their own networks. The usefulness of EWS for Critical Information Infrastructure Protection (CIIP) follows directly from this. Only when many actors deliver pieces can the puzzle be put together.
Thus, the need for collaboration has been - more or less - accepted. However, large scale, collaborative detection efforts have been difficult. EWS started addressing this a couple of years ago, already. And while certain technical requirements (privacy, data protection, ...) have been met, EWS still require a lot of research efforts and improvements in order to keep up with the perpetuous arms race between attackers and defenders.
Sub-communities within this community
- 11 2010