PANDORA - Cyber Defence Platform for Real-time Threat Hunting, Incident Response and Information Sharing

European Comission
Start: 01 October 2020
End: 01 October 2022
Funding: European
Status: Ongoing
Division: Communication Technologies
Department: Smart Energy Efficient Communication Technologies (SMARTECH)
Code: EDIDP-CSAMN-2019

The PANDORA project aims at contributing to EU cyber defence capacity building, by designing and implementing an open technical solution for real-time threat hunting and incident response, focusing on end point protection, as well as information sharing. The PANDORA system will be able to promptly detect and classify known and unknown threats, enforce policies on-the-fly to counter these threats, and also exchange threat intelligence information with third parties, at both national and international level.

In specific, the technical solutions developed in PANDORA will:

  • Collect information (metrics, traffic, indicators of compromise etc.) from endpoints and network elements.
  • Detect and classify security incidents, both known (based on signatures and IoCs) and unknown (based on inferred anomalies and suspicious behaviours), also leveraging Machine Learning techniques.
  • Suggest mitigation actions and policies – and enforce them automatically upon confirmation.
  • Import and export incident information and threat intelligence to/from national and international information sharing platforms.
  • Expose interfaces, both graphical and programmatic, with role-based access control, to support Security Operations and allow in-depth investigations in case of an incident.

The technical solution developed in PANDORA will be integrated and assessed in a pre-operational environment against two relevant use cases: warship security and military sensor network security.
PANDORA will be fully aligned with the scope and objectives of the PESCO project entitled “Cyber Threats and Incident Response Information Sharing Platform (CTISP)”.

  • Centro de Investigação, Desenvolvimento e Inovação da Academia Militar – CINAMIL (nonprofit RTD department of Portuguese Army from MINISTERIO DA DEFESA NACIONAL)
  • Cyber Services Plc
  • Honvédelmi Minisztérium Elektronikai Logisztikai és Vagyonkezelő Zrt.
  • AIT Austrian Institute of Technology GmbH
  • GMVIS Skysoft S.A.
  • Naval Group S.A
  • Kai Ypiresion Ilektronikou Exoplismou
  • Thales Hellas Anonymi Etaireia Paragogis Emporias
  • Space Hellas, S.A
  • Ubitech
  • Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
  • INESC TEC (Portugal)