What is VARIoT about?
VARIoT is a EU project funded by INEA’s CEF Telecom programme.
The main goal of the project is to create a service which will provide actionable information regarding Internet of Things, which can be used to ensure cybersecurity of IoT devices and the whole Internet, and which can be processed in a manual (by analysts) or in an automatic way (by various security systems, such as Intrusion Detection/Prevention Systems – IDS/IPS, Security Event and Incidents Management systems – SIEM, various types of firewalls, Vulnerability Management systems, Vulnerability Scanners, Inventory Management systems, Governance Risk and Compliance systems – GRC, information sharing platforms, etc). Providing such open data will cause an increase of cybersecurity level of all entities which will be able to process such information and also, in an indirect way, of all users of global network.
Specifically, the scope of the project is as follows:
- Creating vulnerabilities and exploits database dedicated to the Internet of Things, which will be constantly updated by harvesting various sources of information, including public Internet;
- Improving IoT-related data collection through large-scale systematic mapping of IoT devices on the Internet;
- Creating a database of aggregated, correlated and enhanced information of various types regarding to the Internet of Things including vulnerabilities, exploits, IoC – Indicators of Compromise, events, incidents, malware samples, etc.;
- Creating mechanisms of active monitoring and harvesting of information of IoT devices (such as existence, services provided etc.) and information about new types of threats; such mechanisms will be built on the basis of honeypots network, advanced scanning techniques and sinkholing;
- Creating interfaces to share the data, including real-time publication on EU Open Data Portal and integration with MISP platform (Open Source Threat Intelligence Platform).
You can get more information at the Dissemination area.