Increase information position by scanning and anticipating

PANGA

Increase information position by scanning and anticipating

With Proactive Analysis Towards Advanced Attacks (PANGA), we investigate possible wider implications of an incident to better understand the scope of threats to the education and research sector. SURFcert actively and proactively collects and analyses large quantities of cyber threat information and places it in conext. In this way, we can quickly intercept irregularities and warn of threats at an early stage.

Investigate incidents more thoroughly

SURFcert started with PANGA in 2019. One day a month, the SURFcert team investigates an incident or threat. The team then investigates whether there are implications for the entire target group, rather than just one related institution.

OSINT

Using public sources of information

Open Source Intelligence (OSINT) uses public sources of information to detect vulnerabilities within the SURF network and that of affiliated institutions. Examples include Shodan and Censys, both search engines for vulnerabilities on the Internet. We are developing an even better user interface, because displaying, organising, and searching information is still fairly technical at the moment, and our initial focus will be on use by SURFcert itself. In addition to developing the interface, we are also keeping a close eye on the market.

In the future, we may extend interface users to CSIRT teams of institutions.

Linking vulnerabilities in a more targeted way

We link the information from these public sources to the information on e.g. IP-ranges of the connected institutions. In this way we can link vulnerabilities to specific settings in a more targeted way. In 2018 and 2019, we expanded this with active scanning based on grid flow information from the SURF network. Netflow makes it possible to collect IP network traffic entering or leaving an interface.