SECEF | Introduction

The constant growth of cybercrime requires that nations are organizing to unite their defense and protection.

In the area of cyber-detection federation requires standardizing in two fields:

 

  • Communications between the various tools and security solutions in order to consolidate and correlate information simply, we will call this communication “intra” Security Centers.
  • Communications between different Security Centers Teams  to share information on incidents, we will call this communications “inter” Security Centers (between CSIRT).

 

Both recognized standards at IETF in this field are:

 

  • IDMEF (Intrusion Detection Message Exchange Format) – RFC 4765
  • IODEF (Incident Object Description Exchange Format) – RFC 5070

 

These two standards are still relatively new and insufficiently deployed on a market still dominated by proprietary formats.

 

The objective of the SECEF (Security Exchange Format) project is to work on these formats:

 

  • Promote their adoption
  • Facilitate their use within tools and security solutions
  • Propose evolution based on the initial feedback