The EU Agency for Cybersecurity publishes a new report and accompanying repository on measures and information sources to proactively detect network security incidents in the EU.
As of April 2020, more than 500 European incidents response teams are listed in the ENISA CSIRTs by Country - Interactive Map. These teams work on a daily basis to improve the prevention, detection and analysis of cyber threats and incidents.
As envisioned by the NIS Directive and in the Cybersecurity Act ENISA is given the responsibility to assist the CSIRTs Network and the Member States in improving the prevention, detection and capability to respond to cyber threats and incidents by providing them with knowledge and expertise. It is within this context that ENISA launched this project in order to improve the proactive detection of network security incidents in the EU, by:
- Providing an inventory of available measures and information sources;
- Identifying good practices;
- Recommending possible areas for development.
In this respect, proactive detection of incidents is defined as the process of discovery of malicious activity in a team's constituency through internal monitoring tools or external services that publish information about detected incidents, before the affected constituents become aware of the problem.
ENISA published the first version of a study entitled “Proactive detection of network security incidents” in 2011. The current work builds and expands on this. It aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents. Such tools are used already or could possibly be used by incident response teams in Europe nowadays.
This study identifies the evolution of proactive detection in EU over time, between 2011 and 2019. It also explores new areas that could help improving operational cooperation and information exchange. The goal is to help both new teams that are starting to use new tools and sources, and more advanced teams to assess their level and identify what they could still improve.
Moreover, this work can be used together with the recently released ENISA training on Orchestration of CSIRT Tools or to conduct more focused peer reviews using ENISA maturity methodology.
The results of the project are divided in three reports and in a living repository hosted on GitHub. The objective is to offer a point of reference for new or well-established teams who need to identify or reassess appropriate measures for proactive detection of incidents.
- Survey among incident response teams in Europe;
- Comparison with the 2011 survey.
2- Report - Measures and information sources
- Inventory of available methods, tools, activities and information sources;
- Evaluation of identified measures and information sources.
3- Report - Good practices gap analysis recommendations
- Analysis of the data gathered;
- Recommendations.
- Information sources;
- Measures and tools.
Proactive detection of incidents:
Further information:
ENISA - CSIRT Services section
ENISA - CSIRTs and communities section
ENISA - CSIRTs in Europe section
Brochure - Bolstering Incident Response in Europe
For more questions you can contact CSIRT-Relations (at) enisa.europa.eu
For press questions and interviews press (at) enisa.europa.eu