CybTAP collects, correlates and analyses many different types of data related to ICT systems in order to raise the awareness on Cyber Threats pending on the organization and so to allow to Cyber defenders to react with the most appropriate countermeasures.

CybTAP is defined as an architecture of components that could be deployed in a mixed way on Customer and/or MSSP premises.

Different type of real-time correlation processes allow a quick reaction to incidents.

Continuously updated status of Customer Assets and Users allows a better and quicker analysis and response to the Threats.

In fact, the knowledge of the Context is the key of understanding the real value of the Threats and the most appropriate Countermeasures to apply.

Many different types of data are collected and analyzed in order to have the best complete view on the domain.

Logs, network packets, netflow, services, ports,… contribute to build the complete picture of the Security posture of the organization.

All the Dashboards and Widgets are freely configurable by the Users and could present different layout to different Users, so to maximize usability and operability.

The Security Alerts, related to status of Customers Networks and Systems, and System Alerts, related to the status of CybTAP itself, are continuously automatically updated and available through a specific choice from main menu.

In this way, the human Operators are always updated and informed of any specific risky situation.

At any time, for Events/Alerts and Assets (Hosts/Users), there are always up-to-date context information available that help the Operators to analyze the situation from a larger perspective.

Furthermore, the visualization of many kind of context information deliver a bigger CyOp (Cyber Operational) picture.

Finally, the capability of integrating information about what’s happening in the “surroundings” allows a better deeper understanding of scenarios that are often more complex of what appearing at a first look.

In CybTAP, the Filters are the basis for any type of data-related operation: Queries, Charts, Reports, Correlation Rules,…

Through the Filters, the User is able to define the precise piece of information that CybTAP must extract from the huge sets of data that are collected and analyzed.

For this reason, a particularly intuitive widget was developed to allow an easy definition and management of Filters

Besides the general purpose charts (Bars, Stacked Bars, Lines, Pie) that visualize the distribution on time of Events and Alerts, some more specialized charts are defined for a better visualization of specific relationships.

One example is the Security Matrix where are shown the Security Alerts that link different Hosts in terms of Source and Target of a specific Alert.

This chart allows the Analyst to better comprehend the relationship in time between Alerts and related Host, showing at a glance which particular Host is more active than others, as Source and/or as Target.