Cyber Threat Laboratory
With the growth of the Internet and billions of connected devices, opportunities are greater than ever for sophisticated and targeted attacks. Gaining an understanding of how attackers operate is crucial in the prevention of further compromise and exploitation. The Cyber Threat Laboratory is an environment built in partnership with Lancaster University which grants unparalleled insight into the emerging threat landscape as it unfolds.
Fujitsu Enterprise & Cyber Security and Security Lancaster have partnered to create a flexible research facility that enables threat analysis and identification of sophisticated attacks to be tested.
The Cyber Threat Laboratory hosted at Lancaster University is designed to provide a collaborative platform that allows analysis of threats and behaviour to take place, in a safe and controlled environment.
The laboratory provides centralised infrastructure enabling multiple projects and experiments operating simultaneously inside the lab to benefit from mature industry-standard tools. Comparable to any research with unknown volatile outcomes, experiments into cyber threats and malware also needs to be handled in a controlled environment with appropriate safeguards and equipment. Lancaster University with industry input from Fujitsu is now able to offer this to its users through the Cyber Threat Laboratory.
The Lab
The laboratory consists of multiple inter-connected components which provide a framework for projects to analyse vast amounts of malicious data garnered by myriad sources. This data proves fruitful in understanding the manner in which attackers operate and will ultimately be used in the prevention of such attacks. The method in which the data is retrieved and how this is dissected is dependent upon each experiment’s procedure. This allows a wide range of possible techniques which benefit from a shared infrastructure that promotes collaboration.
Various experiments have been conducted in the Cyber Threat Laboratory and many more have been offered as part of academic research such as undergraduate, postgraduate and doctoral thesis proposals. Not only does this foster interest in the security field for young students, but it also benefits the laboratory as a whole by contributing additional data to consider.
Accordion
-
Experimentation:
Each experiment has access to a shared infrastructure which hosts a range of valuable services.
In an attempt to promote collaboration and further analysis of results, each experiment has access to a shared infrastructure which hosts a range of valuable services. The technologies used to assess certain attack scenarios differ depending upon circumstance, however, facilitating the transfer and visualisation of logs via embedded protocols enables each experiment to rapidly analyse rich data sets in a secure environment.
-
Architecture:
The laboratory is divided into two primary logical zones.
The laboratory is divided into two primary logical zones, a green zone that allows management and entry into the environment and a red zone which hosts the machines and devices where analysis of threats takes place. The laboratory provides controlled experiments of varying risk levels to take place through a number of segmented networks. These networks employ differing access to local and internet services.
-
Benefits:
Designed with flexibility and security in mind.
Designed with flexibility and security in mind, the Cyber Threat Lab incorporates best practices to encapsulate various experiments within their corresponding network space, whilst allowing access to shared infrastructure components.
● Central placement and overview of all cyber research
● Centralised, mature monitoring
● Considered and tested safeguards
● Real world traffic -
Network considerations:
University IP space can often be subject to specialised attacks.
University IP space can often be subject to specialised attacks that provide researchers with a broad range of data. Traffic from most business networks will consist of similar predictable flows, such as connections to online CRM systems, online storage and some personal employee traffic. University networks contain a very broad spread of activity, from large amounts of research traffic from CERN to shops and residential activity. Academic networks have been at the centre of a number of large attacks over the last five years that have forced Higher Education providers and supporting parties to undertake significant investment into their infrastructure.
Future Work
The Cyber Threat Laboratory aims to act as the facilitator for a range of cyber threat intelligence frameworks that can adjust over particular stakeholder scenarios. The Laboratory conducts innovative experiments to gather novel data relating to emerging threat actors. This data is intrinsic in the creation of countermeasures which provide a safeguard against sophisticated attacks that would otherwise wreak havoc among enterprise systems. This perpetual back and forth battle between malware authors and defense architects means that efforts in prevention have to be constant and rigorous, considering all available data.
Our Team
Loading People
Publications & Projects
View Publications
View Projects
KTP in Threat Intelligence Analytical Software
12/08/2019 → 11/08/2021
Research
SL: KTP: Xyone Ltd
12/08/2019 → 04/03/2021
Research
Pozibot: Quantum-secured remote monitoring and data logging technology that enables a dynamic insured warranty for battery packs
01/03/2019 → 31/05/2021
Research
Large-Scale Cloud Resource Allocation
01/02/2019 → 31/01/2020
Consultancy
Contact Us
If you would like to collaborate or find out more about the Cyber Threat Lab or have a general enquirey, please use the form below.
By post
Cyber Threat Lab (Dr Angelos Marnerides)
InfoLab21
Lancaster University
Lancaster
United Kingdom
LA1 4WA