Collaborative Fleet

Started in December 2020

The goal of the Collaborative Fleet project is to use deception technology to generate, share, and consume threat intelligence (TI) related to cyber-attacks carried out against Dutch Financial organizations.

https://pcsi.nl/uploads/projects/collaborative-fleet-1920px.jpg

The envisioned solution helps resolving key issues of the current cybersecurity domain leveraging on proactive and offensive security to be one step ahead of the attackers, while generating actionable TI that is not available in the market. This new TI is then shared across all PCSI core partners. 

Project results

Deception is a complex topic. During the Explore phase the project team looked at several different aspects of deception and tried to answer several questions: Which attackers are the most interesting ones based on missing TI information? How would those attackers commence an initial intrusion? How can one convince those attackers that an environment is realistic enough, such that they will reveal their TTPs and modus operandi? 

During the explore phase and the first part of the Proof-of-Concept phase the project conducted a thorough market scan aimed at finding a commercial supplier for the creation of a joint research deception platform. 

In the second part of the Proof-of-Concept phase we gained hands-on practical experience with deception technology through the research platform deployed by the vendor. In a number of iterative red-team exercises the project team will learnt and understood best ways to fine-tune the deception environment and how to make the environment realistic enough for an attacker to reveal their TTPs. 

In the pilot phase, real world data which cannot be obtained from existing TI feeds, were collected and further analyzed. 

In the exploit phase our innovative technical idea will be worked out into a real-world product, together with a complete business model canvas and a full-fledged business case.  

This project is part of the trend

21 Opportunity June 2025

Transition to predictive technologies

In the past, security defences were built around preventive measures. This was complemented with monitoring & response, to be able to detect attacks that circumvented preventive measures. But the gap between attackers' odds and defenders' strategy is still growing. That is why we also have to make use of predictive technologies (based on deep or reinforcement learning algorithms) to be able to better prepare for sophisticated attacks, and to support predictive or 'smart' decision making in cybersecurity or proactive risk management regarding cyberthreats.
Beeldmerk PCSI
PCSI is a collaboration of
    ABN-AMRO Achmea ASML Belastingdienst ING TNO