SECEF | Introduction
The constant growth of cybercrime requires that nations are organizing to unite their defense and protection.
In the area of cyber-detection federation requires standardizing in two fields:
- Communications between the various tools and security solutions in order to consolidate and correlate information simply, we will call this communication “intra” Security Centers.
- Communications between different Security Centers Teams to share information on incidents, we will call this communications “inter” Security Centers (between CSIRT).
Both recognized standards at IETF in this field are:
- IDMEF (Intrusion Detection Message Exchange Format) – RFC 4765
- IODEF (Incident Object Description Exchange Format) – RFC 5070
These two standards are still relatively new and insufficiently deployed on a market still dominated by proprietary formats.
The objective of the SECEF (Security Exchange Format) project is to work on these formats:
- Promote their adoption
- Facilitate their use within tools and security solutions
- Propose evolution based on the initial feedback