CUREX Platform

The CUREX solution will analyse information coming from the monitoring infrastructure to compute cybersecurity and privacy risk scores associated to the data exchange in a Health domain. CUREX has five discrete technological areas:

(i) Asset and Vulnerability Discovery, whose goal is to discover the system’s assets and any information related to their associated vulnerabilities;
(ii) Threat Intelligence, aiming at detecting real time abnormal behaviours on users, and devices, as well as anomalies in the data in order to identify new and unknown threats;
(iii) Risk Management, aiming at producing risk scores and optimal safeguards towards a cyber strategy of the healthcare organisation;
(iv) Trust Enhancing, which will make use of decentralized platform based on blockchain technology to store and share private and sensitive data; and
(v) Application and Visualisation, to display the platform dashboard in a synthetized way.

Finally, there is the End-users area which comprises the survey-based risk assessment methodology that aggregates the healthcare personnel’s responses collected through a survey questionnaire to reveal (lower or higher) risks related to various aspects of Cyber Hygiene and provide suggestions for remediation.

 

CUREX Main Areas
Figure 1. CUREX Framework Stack

 

Each area includes one or more of the following tools:

The workflow of the information within the CUREX areas is as follows (see Figure 2):

  • During the Asset and Vulnerability Discovery process, we have the ADT scan the underlying IT infrastructure and produce a list with the assets, along with their characteristics (i.e., operating system, IP address, open ports). VDM then receives the list and performs the vulnerability analysis, reporting on the security vulnerabilities found per asset (Steps 1-2).
  • The list of vulnerabilities is later shared with the Threat Intelligence group of tools (namely, KEA and TIE), to implement the threat detection. More specifically, KEA analyses the vulnerability list using ML-based techniques focusing on misuse and anomaly detection, to identify new threat patterns against the hospital systems. KEA then returns its findings to VDM which produces an enhanced version of the vulnerability report, which it forwards to the TIE module. TIE correlates the reported results with logs obtained from different sensors in the network, to reveal suspicious events taking place (Steps 3-4).
  • The Cyber Risk Management module initiates the risk assessment process by feeding the enriched vulnerability results to the CAT and PAT tools (Steps 5-6). CAT, receiving also as input the list of suspicious events produced by TIE (Step 5), performs the cybersecurity risk assessment and generates risk scores. The same applies to PAT, which performs the privacy risk assessment, estimating the corresponding privacy risk score and assessing the level of GDPR compliance of the organisation. CAT proposes mitigation controls that are sent to OST for further analysis and optimisation based on their monetary values and efficiency (Step 7).
  • The risk scores by CAT and PAT, as well as a subset of the OST recommendations, are then sent to the Trust Enhancing module, to be published on the PrB (Step 8). All the results produced by the individual tools are displayed through the CVT (Application and Visualisation).
  • A new risk assessment procedure can be initiated by the end-users after the implementation of the mitigation controls proposed by OST, or due to changes in the underlying infrastructure (i.e., the addition of new assets) of the healthcare organisation (Step 9).

 


Figure 2. CUREX Tools Interactions

 

 

CUREX Architecture
Figure 3. CUREX Reference Architecture

 

Additional resources

Deliverables D2.1 Use Cases and Requirements (April 2019)
  D2.2 Overall Architecture Design (November 2019)
Asset page CUREX Platform on the Horizon Results Platform
logo_inverse

is loading the page...