What is it?
ETHOS is designed for real-time information exchange to develop early warning and anomaly detection mechanisms across a wide range of operational technology (OT) and industrial control systems (ICS). It isn’t intended to exchange data on malware signatures.
In fact, ETHOS is like collective intelligence for all connected clients. By exchanging information about anomalies and suspicious behaviour, organizations can detect incidents that have never happened to them before but are potentially dangerous.
How is ETHOS useful?
ETHOS automates frequency analysis of new threats and activities and enables faster response to new tactics, techniques, and procedures as they emerge. Its benefits include reduced data refinement times to identify and classify new threats and preventing more serious attack methods through successful exploitation.
The server is designed specifically for OT environments. Any entity or security vendor can contribute to the project and host their own server, thus adding anonymous data for correlation and improvement of event response time.
In the future, any public or private organization will be able to host an ETHOS server using the open-source project. The host can allow selected participants and clients to connect and share information. To participate in the initiative and receive alerts, any organization must also have an ETHOS client with integration capabilities to send data.
This way, ETHOS can become a single source of information for many OT systems, helping to proactively stop future cyberattacks on critical infrastructure.