GUARD: Innovative cybersecurity framework for digital service chains successfully developed and validated

The GUARD project has substantially achieved all of its objectives by delivering a framework for the implementation of cybersecurity processes over complex and heterogeneous digital service chains. The expected technical impacts have also been concretely materialized and the business impact of the framework has been investigated and determined in the format of a business plan. The project has successfully undertaken all necessary actions to lay the foundations for concrete opportunities in the medium and long term, and standalone tools, technologies and innovations have been integrated with success in the GUARD community edition.

For the last 36 months the 14 partners involved in the GUARD project have worked together to design, develop and validate the proposed framework that aimed to guarantee the reliability and trust for digital service chains and improve the management of service chains deployed in various environments centrally via an easy-to-use user interface. The GUARD project has introduced several innovations in terms of both processes and technologies, which are not currently claimed by any other player in the cyber-security detection and analytics market segment.

A framework for detection of cyber-attacks and data sovereignty over complex digital business value chains.

GUARD was able to extend the Elastic Stack, a search engine and visualisation technology that provides full-text search functionality, to implement a Security Information and Event Management (SIEM) architecture over heterogeneous domains and providers. This allows the framework to orchestrate security capabilities implemented by resource providers into coherent detection and reaction services.

An interface to public security functions exposed by digital objects

The project successfully developed an interface to public security functions exposed by digital objects, the Smart Data Model. This model was developed to be suitable for the cyber-physical environment and it provides context information, namely the description of execution environment in terms of hardware, software and virtualization. This allows the comparison with vulnerability databases, hence effectively supporting risk assessment calculations. Finally, it also automates the collection of information for the description of Cyber-Threat Intelligence (CTI).

A programming model that enables automatic configuration of Security Analytics Pipelines (SAP)

GUARD defines a programming model that abstracts the logical structure of the data handling pipeline, namely the different processing and delivery stages that transform raw data into security alerts. This innovation is part of the GUARD extensions to the Elastic Stack, and simplifies most of the manual configuration typically required by a SIEM system. Ultimately, this gives the end user the possibility to centrally manage all deployed services directly from the user interface, in which the user can not only manage one or many services, add service configurations, setup security policies and also manage the status of the pipelines and the services (start, stop, restart) in the various environments they are deployed on.

A data sovereignty framework that regulates access to personal data in public dataspaces

The developed framework in the project makes use of basic concepts and components from the International Data Spaces (IDS) architecture to manage access to personal data in a GDPR-compliant manner. The implementation specifically targets the eHealth domain because generalization is not trivial. The medical dataspace is represented by clinical data of patients available in different hospitals or departments, which could be shared between internal or external entities.

Project impacts

During the 36 months of the project, the consortium was able to reach the following key achievements:

  • Development of a cybersecurity framework for complex business chains, composed by public services that exchange data and commands through open APIs
  • Integration of complementary technologies (monitoring, detection, visualization) in an open and modular architecture
  • Collection of security context (vendors, certificates, configurations) from every service in the business chain, thus detecting misconfigurations and configurations not compliant with user’s policies
  • Monitoring of services involved in a business chain, supported by machine learning algorithms that correlate events and security logs from all these services, trying to infer how attacks are originated and propagated
  • Development of a set of complementary technologies to monitor and inspect network traffic, known as GUARD agents
  • Implementation of a user interface component that visually depicts the topology of the business chain in the web interface
  • Development of protocols and tools to automatically retrieve and publish threats to and from common repositories and relevant bodies
  • Test and validate the cybersecurity framework with the support of two use cases in the smart mobility and ehealth sector.


Cybersecurity, cybersecurity framework, security, security framework, service chains, detection, traceability