NG-SOC 2020

International Workshop on Next Generation Security Operations Centers (NG-SOC 2020)

to be held in conjunction with the 15th International Conference on Availability, Reliability and Security
(ARES 2020 – http://www.ares-conference.eu)

August 25 – August 28, 2020

Organisations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of this workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. The workshop will draw on expertise from two EU-funded H2020 projects: SAPPAN and SOCCRATES. Selected members of the projects’ consortia will present their project activities. The workshop will include a panel session to foster discussion on the major operational challenges that enterprises and SOC operators face and provide insights into promising research-based solutions. It is also intended that the workshop promotes cooperation among H2020 European research projects which aim to enhance resilience of modern ICT infrastructures through solutions that enable timely response to emerging threats and support security analysis and recovery process.

Description of the project

The workshop is jointly organized by two H2020 projects that are funded by the European Commission:

SOCCRATES will develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The SOCCRATES Platform consists of an orchestrating function and a set of innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, and automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions, and enable the execution of defensive actions at machine-speed. The SOCCRATES Platform aims to enable organisations to improve the resilience of their infrastructures and increase productivity and efficiency at the SOC. The outcomes of the project will contribute to a more secure cyberspace and strengthen competitiveness in the EU digital single market.

SAPPAN project aims to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions. The SAPPAN project will develop a collaborative, federated, and scalable attack detection to support response activities and allow for timely responses to newly emerging threats supporting different privacy-levels. We plan to identify a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence, which implements a combination of encryption and anonymization to achieve GDPR compliance. Novel visualization techniques will be developed to assist security and IT personnel and provide an enhanced content of context of the response and recovery, and improved visual presentation of the process.

Topics of interest include, but are not limited to:

Security Operation Center (SOC)
Anomaly Detection
Network Intrusion Detection Systems
Domain Generation Algorithms
Cyber Threat Intelligence Utilization

Privacy-aware Threat Intelligence Sharing
Business Impact Modelling
Attack Analysis with Attack Defence Graphs (ADGs)
Visual Presentation to Support Response and Recovery Actions

Important Dates
ARES EU Symposium August 25, 2020
All-Digital Conference August 25 – August 28, 2020
Workshop CHairs

Irina Chiscop, TNO, The Hague, the Netherlands
Tomas Jirsik,Institute of Computer Science, Masaryk University, Brno, Czech Republic
Avikarsha Mandal, Fraunhofer Institute of Applied Information Technology FIT, Aachen, Germany
Ewa Piatkowska, AIT Austrian Institute of Technology, Vienna, Austria