Skip to main content
To KTH's start page To KTH's start page

SOCCRATES

SOCCRATES aims to develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs) of individual organisations and offered by Managed Security Service Providers (MSSP). They will significantly improve their capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks by using this platform. The platform contains innovative solutions to automated infrastructure modelling, improve attack detection, Cyber Threat Intelligence utilization, AI and machine learning based threat trend prediction, and automation using Attack Defence Graphs (ADG) and business impact modelling to aid human analysis and decision making on the best course of action, enabling the execution of defensive actions at machine-speed.

The integrated Security Decision Support platform (‘the SOCCRATES platform’) will consist of a modular set of components with standardized interfaces and a central orchestration function. The components have been carefully selected to collaboratively enable security automation and decision support in five use cases

SOCCRATES will verify and test the concepts and effectiveness of the developed solutions and SOCCRATES platform as a whole in real-life environments in two pilots. These pilots represent different application scenarios (organisation internal SOC with a large complicated on-prem infrastructure and a MSSP with different customers and a variety of infrastructure in different levels of complexity) in which a huge amount of data and information is collected and exchanged. The pilots will be evaluated with predefined criteria. Results will be fed back into the project to further enhance the solutions based on the lessons learned.

In the pilots, specific focus will be put on the advantages of automation in SOC/CSIRT operations. We will verify if automation will reduce the time that SOC/CSIRT staff spends on average on security events so that qualified staff can dedicate more time to complex tasks such as threat hunting.

Read more here .