DiSIEM · Project

Smarter Threat Detection Add-Ons That Work With Your Existing Security Systems

digitalPilotedTRL 7

Imagine your company has a security alarm system that watches over your entire IT network — but it only catches threats it already knows about. DiSIEM built a set of plug-in upgrades that make these alarm systems much sharper: they spot unusual behavior that doesn't match known attack patterns, they scan the open internet for early warnings about new vulnerabilities targeting your infrastructure, and they give your security team better dashboards to see what's actually going on. The best part? These upgrades bolt onto the security system you already have, so you don't need to rip anything out and start over.

By the numbers

Large-scale production environments used for validation

Consortium partners

Countries in consortium (DE, ES, PT, UK)

Industry partners in the consortium

Total project deliverables produced

The business problem

What needed solving

Most companies running Security Information and Event Management (SIEM) systems face two painful realities: their SIEM only catches known threat patterns while sophisticated attacks slip through, and upgrading means expensive, risky platform migrations. Meanwhile, security teams drown in alerts without clear dashboards or decision-support tools to separate real threats from noise.

The solution

What was built

The project delivered a fully operating, integrated visualization system for security monitoring, early-stage prototypes that evolved into production-validated tools, anomaly detectors using diverse sensors, open-source intelligence collectors scanning internet sources for threat data, security metrics and decision-support models, and secure multi-cloud archival for raw event data — all designed as plug-in extensions to existing SIEM platforms, validated across 3 large-scale production environments.

Audience

Who needs this

CISOs and SOC managers at large enterprises tired of false negatives in their current SIEMManaged Security Service Providers (MSSPs) looking for differentiated detection capabilitiesBanks and financial institutions under regulatory pressure to improve cyber threat visibilityCritical infrastructure operators (energy, telecom, transport) needing better anomaly detectionCybersecurity vendors wanting to add open-source intelligence and visualization modules to their product line

Business applications

Who can put this to work

Financial Services

enterprise

Target: Banks and insurance companies with large IT infrastructures

If you are a bank or insurer dealing with increasingly sophisticated cyber threats that slip past your current SIEM — this project developed SIEM-independent detection modules and open-source intelligence collectors that were validated in 3 large-scale production environments. They plug into your existing security monitoring to catch anomalies your current system misses, without requiring a full platform replacement.

Managed Security Services

mid-size

Target: MSSPs and SOC-as-a-Service providers managing multiple client environments

If you are a managed security provider struggling to differentiate your offering or reduce false positives across diverse client SIEM setups — this project built visualization tools and anomaly detectors designed to work across different SIEM platforms. With 10 consortium partners across 4 countries contributing, the tools were designed for real-world interoperability from day one.

Critical Infrastructure & Utilities

enterprise

Target: Energy utilities, telecom operators, and transport companies with OT/IT convergence challenges

If you are a utility or telecom operator facing regulatory pressure to improve threat visibility across sprawling infrastructure — this project created enhanced security metrics, decision-support dashboards, and secure cloud-based long-term event archival. These extensions were tested in production environments and built to integrate with your current SIEM investment rather than replace it.

Frequently asked

Quick answers

How much would it cost to adopt these SIEM enhancements?

The project did not publish specific licensing or pricing information. Since these were developed as SIEM-independent extensions, costs would likely involve integration and customization for your specific SIEM platform. Contact the consortium partners to discuss commercial terms.

Can these tools work at enterprise scale in production?

Yes. The project explicitly validated all enhancements through deployment in 3 large-scale production environments. The deliverables include a fully operating, integrated visualization system, not just a lab demo.

Who owns the intellectual property and can I license it?

IP is shared among the 10 consortium partners across 4 countries (DE, ES, PT, UK). The consortium includes 4 industry partners, so there is commercial interest in making these tools available. You would need to contact the coordinator or relevant industry partners for licensing terms.

Does this work with my existing SIEM platform or do I need to switch?

The project was specifically designed to be SIEM-independent. All enhancements were built as extensions to currently available systems, meaning they should integrate with your existing SIEM investment without requiring a platform change.

Is this still maintained or was it abandoned after the project ended?

The project closed in August 2019. Based on available project data, ongoing maintenance depends on individual consortium partners. The 4 industry partners may have continued development commercially. Check the project website for current status.

What regulatory compliance does this help with?

While no specific regulations are named, the enhanced threat detection, security metrics, and secure long-term event archival directly support compliance with requirements like NIS2, GDPR breach detection, and sector-specific cybersecurity mandates that require demonstrable monitoring capabilities.

How quickly can this be deployed?

Based on available project data, the modular design as SIEM-independent extensions suggests faster deployment than a full platform migration. The early-stage prototypes served as proof-of-concept before full integration, indicating a phased adoption path is possible.

Consortium

Who built it

The DiSIEM consortium brings together 10 partners from 4 countries (Germany, Spain, Portugal, UK), with a balanced mix of 4 industry players, 3 universities, and 3 research organizations. The 40% industry ratio signals genuine commercial intent — these aren't just academics publishing papers. With 1 SME in the mix and major EU cybersecurity markets represented, the consortium had both the technical depth to build working tools and the industry connections to validate them in 3 real production environments. The coordinator is a Portuguese research association (FCIENCIAS.ID), tied to the University of Lisbon, which is well-established in European cybersecurity research.

FCIENCIAS.ID - ASSOCIACAO PARA A INVESTIGACAO E DESENVOLVIMENTO DE CIENCIASCoordinator · PT
AMADEUS IT GROUP SAparticipant · ES
EDP - ENERGIAS DE PORTUGAL SAparticipant · PT
ATOS SPAIN SAparticipant · ES
CITY ST GEORGES UNIVERSITY OF LONDONparticipant · UK
FACULDADE DE CIENCIAS DA UNIVERSIDADE DE LISBOAthirdparty · PT
FUNDACAO DA FACULDADE DE CIENCIAS DA UNIVERSIDADE DE LISBOA FPparticipant · PT

How to reach the team

FCIENCIAS.ID - Associação para a Investigação e Desenvolvimento de Ciências, based in Portugal. Reach out through the project website or university channels.

Order a report on this consortium See FCIENCIAS.ID - ASSOCIACAO PARA A INVESTIGACAO E DESENVOLVIMENTO DE CIENCIAS profile →

Next steps

Talk to the team behind this work.

Want to know if DiSIEM's SIEM enhancement modules fit your security stack? SciTransfer can connect you directly with the right consortium partner for your use case — whether you need the anomaly detection, the visualization layer, or the open-source intelligence collector.

Order a report on this topic More in Digital & ICT