SECEF | Overview

Introduction

The constant growth of cybercrime requires that nations get organized to unite their defence and protection. In the area of cyber-detection federation requires standardisation in two domains :

  • Interpretability between security tools and security management solutions in order to share, consolidate and correlate security information (alerts)
  • Communications between different Security Centers Teams (SOC, CSIRT, CERT)  to share information on incidents

Both recognized standards at IETF in those field are:

  • IDMEF (Intrusion Detection Message Exchange Format) - RFC 4765
  • IODEF (Incident Object Description Exchange Format) - RFC 5070

These two standards are relatively new and insufficiently deployed on a market still dominated by proprietary formats preventing interoperability.

The goal of the SECEF project is to encourage interoperability by promoting and improving those standards.

First step project results (2015-2017)

The SECEF project started in 2015 with a two years phase giving first promising results :

  • Specification of detailed comparison between IDMEF and proprietary alternatives, showing IDMEF superiority but also few lacks
  • Publication of an academic article on this comparison (Complete (FR), Summary (EN))
  • A draft version of IDMEF v2 specification (format only, not transport)
  • An open-source implementation of the new IDMEFv2 library
  • Inclusion of IDMEF and IODEF in the RGIv2 in France (Administration Interoperability Guide)
  • Creation of the IDMEF Partner Program : community of editors and academics around IDMEF format

This first step has shown the importance of working on security standard format. In 2018, French Government, on the advice of French National Security Agency, has decided to finance a second step of the project with more ambitious goals : creation of a IETF Work Group to define and standardize a new version of the IDMEF format and transport.

Second step major goals (2019-2022) :

  • Creation of an international IDMEF Community ( users, operators, editors, academics, etc.) : IDMEF Alliance
  • Creation and management of an IDMEF v2 IETF Workgroup
  • Specification of IDMEF v2 format and transport
  • Development of two different implementations of the new IDMEF v2 specification
  • International promotion , tutorials, videos, etc.

Please join the SECEF mailing list (low traffic) to keep informed of our progress.

 

The SECEF Team

January 2019