Advancing CSIRTMalta’s cybersecurity situational awareness & threat intelligence

Details

Aim

National cybersecurity team in Malta CSIRTMalta aimed for better cybersecurity situational awareness as well as to have a more advanced shared threat intelligence among CSIRTMalta and its constituencies. It was co-financed by the Connecting Europe Facility of the EU.

Activities

To enhance the resilience and capacity of national CSIRTMalta, NRD Cyber Security experts have deployed a centralised cybersecurity monitoring and threat hunting platform Natrix. The solution has been created by NRD Cyber Security R&D team to enable coordinated centralised threat monitoring. Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliance. It is set-up for central management, incident handling, and threat hunting.

Also, to improve service provision to CSIRTMalta constituencies, parts of CyberSet, a CSIRT/SOC services automation toolkit, have been deployed. These are:

• Threat intelligence processing platform
• Ticketing system
• Sandbox platform
• Threat intelligence dashboard
• Constituent information system
• Honeypot platform

Outcomes

Due to improved technical capabilities, CSIRTMalta is able to react faster and more efficiently to cyber threats. By consolidating and correlating threat-related events in a single timeline, complex detection tasks become simpler and more successful. Also, as CSIRTMalta grows the size of its team and enhances the services it provides, it increases the role of the team in Malta’s cybersecurity ecosystem.