Overview
CAPTOR is a set of tools whose main objective is to characterize, identify and detect Advanced Persistent Threats (APT’s) as well as minimize their impact in the target organization. CAPTOR should be able to operate in complex environments, like Urban Critical Infrastructures, where IT, industrial, energy and network infrastructures must be protected from security threats.
The most important innovation of CAPTOR is the application of a set of techniques and methodologies known as anomaly detection, which will be later explained and an approach more akin to classic intelligence as opposed to the malware-detection-centered approach used by the vast majority of proposed commercial solutions.
S2’ s objective is to position CAPTOR as a leading European toolset to protect Critical Infrastructures in general and Urban Soft Targets and Critical Infrastructures in particular.
Advances in the integration of ICT technologies in urban areas and their infrastructures have brought undeniable advantages to the cities economic management, inhabitability and have helped to reduce their environmental impact.
Unfortunately, together with these advantages, many cyber security vulnerabilities have been introduced in infrastructures where these threats have never before been taken into account. The threat posed by cyber terrorists and cyber criminals continually grows and organizations are increasing their awareness of the possibility of an incident.
An APT is a planned multimodal attack targeted at a specific organization or infrastructure. It comprises the use of several types of malware (under the control of a command centre) combined with techniques like social engineering; the use of insiders; or access through third parties. An APT’s objective is to gain access to critical physical or virtual assets and exfiltrate information in order to obtain economic advantage or sabotage infrastructures. APTs are the most important kind of cyber-attack a critical infrastructure can suffer today.