Cases & Voices
- Luiz Alberto Rasseli Junior
Get to know Yari, the automated security alert management system for the ICT community in Ecuador
Following a previous article on the management of cybersecurity incidents for the academic community in Ecuador and Chile, it is interesting to also talk about Yari, the system that to some extent enabled and promoted this work and collaboration.
Yari is a noun in the Kichwa language that means "sense", because it is what it does: it detects and identifies possible security problems in the networks of these countries and allows proactively alerting them, avoiding future breaches or attacks.
The system was developed entirely in open and free software, and is a project created in 2013 by the CSIRT of CEDIA, as a tool to automate the management of security alerts, focusing its activity on the collection, processing, storage and notification of details. to its member institutions. It started with a single source: Shadowserver, but at the moment it processes 25 different types of sources, which adds up to 138 different categories of security events, thanks to the simplicity of the system to add new sources and categories, making it more accessible.
The main beneficiaries are the members of CEDIA, but nothing prevents any institution or company, whether public or private, from adopting it and even adapting it to their requirements and needs.
In Ecuador, the entire National Research and Education Network is being actively protected by the services of the system, with a total of 61 member institutions, including practically all the country's universities, including higher / technical institutes, colleges and even some research organizations .
All of them add up to a beneficiary population of around 450,000 people who directly or indirectly receive active security services, and better yet, at no cost because all the services provided by the CSIRT are already part of the service plans of our member institutions.
The nearly 2 million alerts processed at the moment guarantee the fulfillment of the objectives of the CSIRT: improve network traffic and reduce security events through this system, which also allows users to have updated and historical statistics on events security, being at the same time a common point of contact, not only academically, but also nationally and regionally, with very strong global ties.
But alerting is only the beginning. The tool also makes it possible to advise the technical teams of the members in the mitigation of reported problems, emphasizing those with the greatest impact. This helps create a culture and awareness of cybersecurity. Taking into account the results obtained, it is possible to see that the community benefited by Yari has gone from avoiding the problem and applying the “ostrich technique” to actively seeking help, because it understands that the CSIRT of CEDIA is committed to offering a system that provide a solution.
Most of the feeds that the system works with are open and free, very few require a paid subscription with minimal costs compared to the benefits and savings of managing data through the platform. Benefits that include, as already mentioned, statistics on multiple aspects related to managed events.
Despite Yari's many features and functionality, the journey is not complete and there is always room for improvement. Some of the new features and functionality that are about to come to light will open a broader spectrum of implementation options for interested institutions or companies. Some of the institutions that already use Yari include:
- EcuCERT, the Ecuadorian National CERT, is currently deploying Yari,
- UTA, the Technical University of Ambato was the first (in addition to CEDIA) to implement it in 2017,
- REUNA Chile, as mentioned in the previous article, implemented it in 2019 as part of a collaboration agreement with CEDIA
- CUDI, the Mexican NREN plans to adopt it along the same lines as REUNA.
Yari is also being deployed in MoRENet, Mozambique's NREN - despite the Spanish-Portuguese language barrier - and also in the same line of inter-institutional collaboration.
Additionally, these agreements are at the core of the work of the CEDIA CSIRT, fostering the establishment and growth of reliable networks within the community.