NG-SOC 2019

International Workshop on Next Generation Security Operations Centers (NG-SOC 2019)

to be held in conjunction with the 14 th International Conference on Availability, Reliability and Security
(ARES 2019 – )

August 26 – August 29, 2019, University of Kent, Canterbury, UK

Globally, organisations face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g., through the introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks, and to enable organisations to structurally stay ahead of the threat. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of this workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. The workshop will draw on expertise from a newly-awarded H2020 project, called SOCCRATES. Selected members of the SOCCRATES consortium will present their past and proposed project activities, along with experts from carefully-selected related initiatives. It is intended the workshop will foster discussion on this important topic and highlight the major operational challenges that enterprises and SOC operators face, and provide insights into promising research-based solutions.

Description of the project

The SOCCRATES project proposes to develop a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The platform aims to provide several innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions, and enable the execution of defensive actions at machine-speed.

Topics of interest include, but are not limited to:

Security platform for Security Operation Centres (SOCs)
Network-based Anomaly Detection
Monitoring Malicious Infrastructures to produce Threat Intelligence

Cyber Threat Intelligence Utilization
Business Impact Modelling
Attack Analysis with Attack Defence Graphs (ADGs)

Important Dates
ARES EU Symposium August 26, 2019
Conference August 26 – August 29, 2019
Workshop CHairs

Ewa Piatkowska, AIT Austrian Institute of Technology, Vienna, Austria
Paul Smith, AIT Austrian Institute of Technology, Vienna, Austria
Reinder Wolthuis, TNO, Groningen, Netherlands
Frank Fransen, TNO, Groningen, Netherlands