The main objective of SAPPAN is to develop a cyber threat intelligence system that decreases the effort required by a security analyst today to come up with a suitable response to and a way to recover from an attack. We aim to reach this goal with the help of scalable, distributed, privacy-preserving and usable cyber threat intelligence, which allows for massive data acquisition from multiple sources, advanced analytics on shared information and intelligence sharing. In particular, the objectives of SAPPAN are:
SAPPAN improves on scalability regarding volume and speed of data processing via scalable distributed architecture for Big Data processing
SAPPAN will enable advanced threat detection with increased precision
Privacy-preserving cyber threat intelligence sharing to support federated detection and response
SAPPAN will develop a standard for modelling incident response and recovery information
SAPPAN will enable timely local response and recovery processes based on global knowledge
SAPPAN will enable privacy-preserving outsourcing of cyber threat handling for small and midsize companies
SAPPAN will increase the interpretability of threat intelligence by advanced visualisation technique