Next Generation Security Operator Training Infrastructure (NGSOTI)

Challenges

An increasing number of Security Operation Centers (SOCs) are springing up all around the world. An asset for monitoring, analysing and protecting one organisation, its users and/or customers against cyber threats, SOC operators are, just like the technical and IT environment, strategic elements of its smooth operation.

To stay on top of their missions, people operating in a SOC must be trained, particularly on current and future attacks, and the warning signs accompanying them. Learning tools already existing are not proving sufficient to meet this growing challenge. An operational infrastructure, based on real data, and specifically dedicated to training future SOC operators is essential.

Ambition

With NGSOTI, the consortium of partners intends to set up an open-source training platform dedicated to training future SOC operators regarding network-related alerts. The platform will focus on, among other things, incident response, log management and analysis, security operations centre management, cyber threat intelligence, and communication and documents.

To set up the platform, the partners will not only draw on their experience, but also on a wide range of open-source tools developed and/or used as part of their respective missions.

Throughout the project, training and conferences on the issue will complete the platform, particularly for future SOC operators. In parallel, data produced through the project could be openly reused by interested researchers for future research projects.

Implication

traffic for analytical purpose. This set of data consists of several terabytes jointly collected for more than 10 years by the Computer Incident Response Center Luxembourg (CIRCL) – operated by the Luxembourg House of Cybersecurity (LHC) – and the Restena Foundation’s Computer Security Incident Response Team (CSIRT). It gives an overview of recent attack indicators, among other things.

As a second step, Restena will extend the scope of its edu.lu tool, developed within its ‘URL shortener’ service allowing to securely redirect long URLs to short URLs while respecting its privacy and that of its visitors. Additional security measures, mainly the checking of URLs to ensure they are not being used for cyber-attacks, will be integrated. Furthermore, a new ‘rech.lu’ shortener should be developed to better serve the research community, for whom safety criteria differ from those of edu.lu designed above all for the needs of education.

Lastly, Restena intends to step up its involvement in training the next generation of professionals. Already involved in several higher education courses at the Lycée Guillaume Kroll, Restena will make a greater commitment to the BTS cybersecurity students, thus training the cybersecurity specialists of tomorrow.