Deep dive session: SOCCRATES, experiences of designing, implementing and evaluating an intelligent security automation platform for SOC/CSIRTS

SOCCRATES provides a deep dive session on the SOCCRATES platform at the ONE Conference 2022. 
 

Within the H2020 EU project SOCCRATES a security decision support platform has been developed for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs). This, so called ‘SOCCRATES Platform’ is targeted at organisation’s inhouse SOC and at Managed Security Service Providers (MSSP) that provide SOC services.

The goal of this platform is to significantly improve the SOC’s and CSIRT’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The platform contains innovative solutions to automated infrastructure modelling, improve attack detection, Cyber Threat Intelligence utilization, AI and machine learning based threat trend prediction and automation using Attack Defence Graphs (ADG) and business impact modelling. The ultimate goal is to increase the speed and effectiveness of (human) analysis and decision making on the best course of action, enabling the execution of defensive actions at machine-speed.

In this session, we will present our experiences of designing, implementing and evaluating this security automation platform for SOC/CSIRTS. First the vision, use cases, KPIs and the components of the SOCCRATES platform will be introduced. Next we will present the experiences of designing and implementing of the SOCCRATES Platform, and elaborate on the results of the evaluation at three pilots sites. Finally, we will conclude with lessons learned and next steps.

In this deep dive session, a detailed overview of the SOCCRATES platform will be presented accompanied by a step-by-step demonstration of how the SOCCRATES Platform provides situational and option awareness for SOC analysists and CSIRT teams during ongoing attacks. In addition, a detailed demonstration will be given on how the platform assesses the discovery of new vulnerable assets in an ICT infrastructure and how it can prepare recommendations to mitigate business risk.