PANDORA - Cyber Defence Platform for Real-time Threat Hunting, Incident Response and Information Sharing

The PANDORA project aims at contributing to EU cyber defence capacity building, by designing and implementing an open technical solution for real-time threat hunting and incident response, focusing on end point protection, as well as information sharing. The PANDORA system will be able to promptly detect and classify known and unknown threats, enforce policies on-the-fly to counter these threats, and also exchange threat intelligence information with third parties, at both national and international level.

In specific, the technical solutions developed in PANDORA will:

• Collect information (metrics, traffic, indicators of compromise etc.) from endpoints and network elements.
• Detect and classify security incidents, both known (based on signatures and IoCs) and unknown (based on inferred anomalies and suspicious behaviours), also leveraging Machine Learning techniques.
• Suggest mitigation actions and policies – and enforce them automatically upon confirmation.
• Import and export incident information and threat intelligence to/from national and international information sharing platforms.
• Expose interfaces, both graphical and programmatic, with role-based access control, to support Security Operations and allow in-depth investigations in case of an incident.

The technical solution developed in PANDORA will be integrated and assessed in a pre-operational environment against two relevant use cases: warship security and military sensor network security.
PANDORA will be fully aligned with the scope and objectives of the PESCO project entitled “Cyber Threats and Incident Response Information Sharing Platform (CTISP)”.