Text Size

  • Increase
  • Decrease
  • Normal

Current Size: 100%

Technical Projects

Threat Monitoring System (TMS) : Q-CERT is developing a fully automated security-related data collection and analysis platform that will allow us to have better visibility of the current threat status in Qatar.

Data collected from distributed sensors, such as SPAMTRAPS, and HONEYPOTS, or row public and private feeds will be collected, analyzed and reported, combined with open sources information gathering techniques, this will allow us to have greater visibility, network, and threat situation awareness.

Q-CERT is expanding the current setup to include more technologies, data sources and enhanced intelligence. The intelligence behind our threat monitoring system will allow it to be an early warning system for cyber threats related to the country.

Threat Intelligence Center (Q-TIC) : Q-CERT is working on building a Threat Intelligence Center collect and analyze security-related events, alerts, and threats on the government network.

This project is part of the Government Network project that is connecting all government agencies in Qatar. The main purpose of this Q-TIC is to get benefit from the output of Threat Monitoring System (TMS) as source of input for monitoring, analyzing and detecting cyber threats and attacks.

The Q-TIC will also be able to handle a large volume of security related logs from different components such as Firewalls, IDS/IPS, Routers, Proxies, etc… Correlation of security events on the Government Network will also allow us to have better information on threats facing the government networks in addition to complying with local regulations.

Malware Analysis LAB (Q-LAB) : Q-CERT has been building a special malware analysis lab that can analyze malicious software gathered by other projects such as the Qatar HoneyNet project. Additionally, the lab helps when investigating cyber crimes as it allows you to discover the digital ‘footsteps’ of a criminal. And of course, building a premier laboratory allows a thriving learning environment to be established to help the nation be more aware, involved and gain unique skills in this field.

Botnet Eradication (Q-Safe) : This project aims to reduce the risk of sensitive government, corporate, or individual information being stolen by hackers and sold onto others. This is achieved by reducing the number of systems that may participate in attacks or send SPAM mail, by proactively identifying compromised systems and preventing future incidents and data leakage.

Additionally this has the benefit of improving the speed and productivity of computers as malware tends to use valuable computing resources.

This Project consists of three correlated phases:
          > Detection: - Botnet detection typically done by gathering information from different recourses like :
  • Sinkhole and HoneyNet.
  • ISP Complaints.
  • DNS Log of the ISP Provider.
  • Net Flow.
  • Third-party Feeding.
          > Notification: Notifying infected IPs about their issue by using different means of notification (Telephone
              call, Email Notification, Short Message Service (SMS Text),.. etc ).
          > Remediation:  Things like follow can be a help in remediation of Botnet activity.
          > Provide Awareness Resources like formative website about information Security.
          > Blocking of IP addresses which are defined as a bot.