ENISA Report: Proactive Detection of Network Security Incidents

Friday, December 09, 2011

ENISA: Fighting cyber threats; Plugging the gaps. New report on proactive detection of cyber security incidents to make “digital fire-brigades” more effective

The European Network and Information Security Agency (ENISA) released a report which identifies 16 shortcomings in detection of network security incidents.

The report reveals that not all available tools are used widely enough by the ‘’digital fire-brigades’’, the Computer Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency issues 35 recommendations to data providers, data consumers, and at EU/national levels to mitigate the shortcomings.

The study has identified that the CERTs are currently not fully utilizing all possible external sources at their disposal. Similarly, many CERTs neither collect, nor share incident data about other constituencies with other CERTs.

This is concerning, as information exchange is key to effectively combating malware and malicious activities, which is extremely important in fighting cross-border cyber threats.


The 16 shortcomings in detection of incidents are examined in depth. Top technical gaps include insufficient data quality (false positives in provided data, poor timeliness of delivery), lack of standard formats, tools, resources and skills.

The most important legal problem involves privacy regulations and personal data protection laws that hinder information exchange.

“National/government CERT managers should use the report to overcome identified shortcomings, by using more external sources of incident information, and additional internal tools to collect information to plug the gaps”
says the Agency Executive Director, Professor Udo Helmbrecht.

35 recommendations to mitigate the shortcomings

For data providers, the key recommendations focus on how to better reach CERTs, better data format, distribution, as well as data quality improvement. For data consumers, they include additional activities by a CERT to verify the quality of data feeds, and specific deployments of new technologies recommended.

Finally, at the EU or national level balancing of the privacy protection and security needs is necessary, as well as facilitating the adoption of common formats, integration of statistical incident data, and research into data leakage reporting.

Publication date: Dec 07, 2011

Source:  http://www.enisa.europa.eu/media/press-releases/fighting-cyber-threats-plugging-the-gaps.-new-report-on-proactive-detection-of-cyber-security-incidents-to-make-201cdigital-fire-brigades201d-more-effective

Download the full ENISA report here:

Information Security
malware Incident Response Data Loss Prevention report Network Security ENISA CERT Mitigation
Post Rating I Like this!