The FORTIKA pilots
A short yet comprehensive presentation of the pilots is given in White Paper:
“The FORTIKA pilots: FORTIKA in 5 European SMEs”
(Responsible partner: OBRELA, Contributing partners: CERTH-ITI, ENEO, MOTIVIAN)
During the period between June 2019 and May 2020, 5 SMEs established in 4 different EU countries (UK, Italy, Bulgaria and Ireland) and operating in diverse sectors, have adopted and tested FORTIKA solution. The vision of FORTIKA project was to develop a new technology at affordable costs, to minimize the exposure of small and medium sized businesses to cyber security risks and threats, while relieving them from complex and costly efforts of identifying, acquiring and using the appropriate cyber security solutions
The FORTIKA Solution consists of the FORTIKA hardware i.e. the FORTIKA Gateway (F-GW), installed locally at the premises of the enterprises and software bundles (software packages customized for the F-GW), which provide security services tailored to their needs. One of the most innovative features of FORTIKA is that, along with its new cybersecurity technologies, the project developed a marketplace to deploy its technological products as well as cybersecurity products for SMEs (small-medium sized enterprises), offered by other, reviewed third party developers and vendors.
In order to assess and demonstrate the added value that FORTIKA may contribute to the protection of SMEs, pilot implementation of the project has been accomplished thanks to the strong involvement of five companies participating in the project as end users (OBRELA Security Industries, NEMETSCHEK, MOTIVIAN, ALKE, WATTICS). The five pilots envisaged the adoption and usage of FORTIKA tools and cybersecurity services. The main goal of this experiment lasted for a year, was to protect against threats their business operations spanning across diverse domains, i.e. Mobile Marketing, Software Development, Electric Vehicle Manufacturing, Energy Management, and Cybersecurity.
The FORTIKA Gateway embedded/installed into the Alkè electric vehicle
Obrela Security Industries LTD provides Enterprise Cyber Security Services, Intelligence and Technology to enable, defend, and preserve Client’s proprietary information, corporate activities and their business interests. Obrela approaches cybersecurity As a Service, by collecting and analysinganalyzing structured and unstructured data generating valuable intelligence for new, emerging and advanced security threats. Obrela’s Threat Management Services consist of a suite of threat intelligence, threat Analytics, threat detection and threat prevention solutions that leverage shared and extensible core services and a highly scalable multi-tenant cloud infrastructure. Currently Obrela Security Industries runs many large-scale projects which include:
- Financial Institutions,
- Shipping Companies,
- Stock exchanges.
All the above projects are of high risk with respect to security issues, including data transmission, vulnerability, non-repudiation, etc. All the above customers are Tier 1 customers and all transactions that are offered in all above projects include also money transfers and exchanges, thus making quality of service a primary key issue for Obrela Security Industries. Obrela’s (acted also as the pilots’ coordinator) participation in the FORTIKA pilots is driven by its special interest on the exploitation of the final products of the project. The major innovation behind Obrela’s commercialization strategy, is how a new cutting-edge product like FORTIKA solution may well be incorporated in the offerings portfolio of a company that follows the security-as-a-service model
Nemetschek OOD is a software development company providing highly customized services in Development, Sales and Support of software areas to its domestic and international customers and partners. All the company’s projects are information security sensitive. Nemetschek OOD is ISO 27001 (Information Security management System) certified (since 2008). To help operation of its software development teams Nemetschek OOD employs well developed IT and telecommunications infrastructure, which is stretched between company HQ and branch office, serving 300 end users and encompassing more than 700 workstations and servers. The vast majority of Nemetschek’s important information processing systems are deployed on-premise but some of them are placed in the cloud. Nemetschek already receives cybersecurity services therefore in the pilots simulates the role of a potential customer, aiming to evaluate the FORTIKA capability to replace the majority of information security controls, technologies and solutions currently employed in Nemetschek. The company is interested mostly in the technical aspects of the “tools” that FORTIKA could provide to support its operations, affecting the info-security aspects of the joint activities with its customers and partners
Motivian was initially incorporated in 2001 under the name M Telecom with its main business - Computer programming and leadership in providing platforms and services enabling the delivery of mobile marketing, advertising and content as well as value added services for mobile operators, ad-agencies, media groups and brands. With a management buyout in 2012, Motivian absorbed all commercial-focused businesses and concentrated in providing Integrated Software Solutions in the SE European region, as well as in the Middle East. Since then, the company functions as a trusted software integrator serving customers in the financial services, telecom operator markets, retail and FMCG, and in the government sector. The market and sector in which Motivian operates has extremely dynamic development of technologies for providing mobile services. Focusing largely on research and technological development and the continuous study of the international market, MOTIVIAN is always looking for novel means of leveraging the company expertise in web and mobile technologies. Motivian is managing a mobile marketing campaigns system which sends, upon an order of its customer, SMS and MMS messages to subscribers of mobile operators, both inside and outside Bulgaria (within EU though). Each SMS marketing Campaign project is a bandwidth demanding, time-sensitive, thread-safe application. Considering the client-base of millions of end devices that the campaigns run against, along with the fact that the messages themselves contain personalized content, it can be easily concluded that cyber security is a very important aspect of the whole process. Through its involvement in FORTIKA pilots, Motivian aims to secure Motivian SMS Gateway platform and infrastructure, thus protecting its clients against malicious threats. What is expected from FORTIKA, is to provide plug and play protection, through a Straightforward GUI.
Alke' is a European manufacturer of professional zero emission vehicles used for transportation, logistics and other multifunctional or special operations. Alke' electric vehicles are sold today in more than 40 countries worldwide covering all continents. Alke owns an 11.000 m2 production plant designed to deliver up to 2.000 vehicles per year. Alke' headquarters is based in North of Italy but operations of Alke's vehicles fleets and commercialization of such products spread around all continents so interconnection with external sites is a daily need and cyber security for that is crucial. Alke' within its participation in the FORTIKA pilots, focuses on adoption of developed security platform to its IT infrastructure following two parallel paths:
- Protect the link between internal company’s servers (internal network) and external network in a better way
- Protect the connection of Alke' s recent models of electric vehicles with an Alkè cloud-based platform and indirectly to its inhouse servers. This link is important to provide remote support in terms of vehicle maintenance and status monitoring and for future generations of Alkè vehicles to provide remote control for specific vehicle activities. Each vehicle has an on-board computer and safety must be provided at communication and control level.
In the frame of pilot process two fully working test environments were built to replicate the given scenarios (company intranet protection; vehicle-to-cloud protection). The case of vehicle connectivity real vehicle link was tested on a dedicated test vehicle platform, as depicted in the following figure.
Wattics is a truly innovative online energy management platform that uses advanced software algorithms to uncover all valuable insights contained within monitored data, enabling automated discovery of energy saving opportunities and measurement & validation of savings. Wattics combines the expertise of a highly qualified developing team with the expertise of a team of electrical, electronics and energy engineers to deliver a cutting-edge platform to monitor and analyse energy usage of any sort. Energy managers and Utilities partnering with Wattics work with thousands of companies on a daily basis, identifying opportunities and implementing actions to reduce wastage and improve sustainability. Handling this amount of sensitive data puts Wattics into a position of responsibility towards the owners/providers of data, hence stressing the need of good-quality and reliable cybersecurity measures aimed to protect said information. The customer itself has become more and more aware of the risk of disclosing sensitive data with third party applications, so being able to guarantee a secure and reliable data handling is either a customer’s requirement or a big plus. Being a cloud-based software that collects and stores sensitive data, cybersecurity is a matter of major concern to Wattics and its partners. Innovation and trust are key factors in maintaining competitiveness within the energy management software market. In this context, Wattics aims to integrate a state-of-the-art security framework to complement its existing security mechanisms, to differentiate itself from the competition and set itself as the leader in secure business software for energy management. Wattics faces the risk of loss of existing (and potential) business with existing (and potential) customers and permanent loss of historical data. FORTIKA represents a great opportunity for SMEs facing the same challenges, as the modular design of the makes it possible to get a tailor solution without setting up an internal structure to develop and maintain it. Wattics’ expects FORTIKA to become the go-to-solution for SMEs due to its ease of use, affordable price and continuously updated database. It will hence have to be versatile, reliable and well supported, as we’d expect most part of the target audience not to have enough expertise to fix small issues by themselves, and the performances of data transactions should remain unaltered .
The pilot operation was completed into two sequential rounds, which allowed for gradual adoption of the FORTIKA tools by the end users and bi-directional exchange of feedback between them and the software developers. Prior to the initiation of each round, a set of preparatory activities has been organized by the FORTIKA consortium and the SME’s personnel in order to ensure smooth operation in all pilot sites and safeguard a seamless user experience. The preparation included the analysis of the diverse needs and the identification of targeted threats by each SME, while training activities and end user support were ongoing throughout the entire pilot’s lifecycle.
In the context of the first pilot round, the 5 SMEs fully deployed the only device required for pilot operation, at their premises, the FORTIKA Gateway (F-GW). To this end, FORTIKA pilot partners have been supplied with pre-configured F-GW hardware appliances, i.e. with latest OS/firmware installed and minimum software bundles (already deployed). Through appropriate guidance from FORTIKA technical partners, the gateways have been successfully installed in all pilot sites, ensuring that network traffic passes via the F-GW. In this first round, mainly personnel with technical background has been involved, e.g. System Administrators, IT / Technical support teams, etc. The first milestone was then achieved; all pilot SMEs had operational F-GWs in their corporate network.
The exact topology and position of the device in the corporate network of each SME was subject to the topology of their existing infrastructure. An indicative example of the actual installation performed at one of the pilot sites is provided in the following figure.
The F-GW installed in one of the pilots’ corporate network
In the continuation of the pilot process, more employees from the SMEs had the opportunity to interact with the FORTIKA tools. ; During the second pilot round, users were able to access the FORTIKA marketplace, following successful registration and authentication. Apart from the ; already involved technical personnel, less IT savvy professionals, such as managers, business administrators, secretaries, ; etc. visited ; the Marketplace Dashboard to download, deploy and run any of the available FORTIKA bundles in their installed gateways, following adequate training. ; Each pilot member opted for the installation of specific security bundles according to their organization’s needs for addressing particular security threats. Moreover, dedicated bundles dashboards were used to monitor the operation of running FORTIKA services and receive alerts on potential threats detected. ;
Monitoring the pilot status through the FORTIKA Marketplace
Finally, enhanced versions of all software modules were released on regular basis, while a major update of the F-GW was made during the interval between the first and the second pilot round.
In parallel with the pilot operation, performance of the tools was monitored and evaluated. For this purpose, the FORTIKA Consortium established and applied data collection methods, focusing both on the end user's perspective and on the technical performance. Concerning the first, a set of questionnaires were filled by the involved SME members to rate their overall FORTIKA experience and the usability of the bundles, they interacted with. With regard to the second, the FORTIKA technical partners provided a set of guidelines, which every pilot user had to follow in order to extract metrics, quantifying the performance of all FORTIKA modules in their premises. All data collected during the pilot period were synthesized and analyzed towards the extraction of useful insights, as well as for the overall assessment of the project.
The evaluation results showcase an overall positive experience and fruitful involvement of users with diverse backgrounds, providing efficient protection against common security threads. Finally, a few areas of improvements have been revealed towards FORTIKA commercialization, through the recommendations conveyed by the end users.
The recommendations of the end users from the five pilot SMEs converge on a need to provide a more unattended way for installing and deploying FORTIKA solution. As they declare, during the project and in particular in the final testing phase they had the opportunity to appreciate the flexibility of the FORTIKA platform. All pilot SMEs engaged staff members of their IT departments. Due to the existing expertise, the majority of the IT personnel involved in the pilots were acquainted with the setup and evaluation processes. However, the involvement of less IT savvy (or even more specifically less Cybersecurity savvy) employees, revealed that training is a strong prerequisite in order for the users to get a good understanding of the FORTIKA concept and the risks it is attempting to address, prior to its usage.
Apart of the training, as far as other points of potential improvement are concerned, the end users say that it is important to focus on the fact that this platform has as main target SMEs. In the vast majority of cases these companies are small, often they do not have people with high IT skills. Thus, the product must be highly user friendly to have a high potential for sales and appreciation. As they say: “the way forward is to have an installation and operational procedure like plug and play”.
The material prepared for the training of FORTIKA end users, is a collection of twelve (12) manuals and user guides explaining several aspects of FORTIKA solution. In addition, tutorial videos showing presentations of several aspects and elements of the FORTIKA technology are provided. The access to the entire corpus of the training material is free. The training material is available at the project’s website: https://fortika-project.eu/content/training-material .
For more details you may consult our White Paper:
“The FORTIKA pilots: FORTIKA in 5 European SMEs”
(Responsible partner: OBRELA, Contributing partners: CERTH-ITI, ENEO, MOTIVIAN)