02.04.2024

SOC in alert over network-related alerts

Security

In the fight against cyber threats, setting-up a training infrastructure for SOC operators and network-related alerts, based on real-data, is on the agenda of the European NGSOTI project, to which Restena will contribute its expertise and dataset until the end of 2026.

Kind of organisation guardian angels when facing cyber threats, Security Operation Centers (SOC) operators play a strategic role. Just like the technical and IT elements, the human elements of a SOC must be at the cutting edge of knowledge and recommendations when discussing cybersecurity.

Professional training is still the best asset to meet such a high requirement level. Even if many tools are already available on the market, the European NGSOTI - Next Generation Security Operator Training Infrastructure project that started in January 2024; co-funded by the European Union’s Digital Europe programme (DIGITAL) and supported by the European Cybersecurity Competence Centre; intends to go even further.

A training platform based on real-data

Alongside the Computer Incident Response Center Luxembourg (CIRCL) of the Luxembourg House of Cybersecurity, NGSOTI project coordinator, and the other members of the consortium of partners (University of Luxembourg and Tenzir GmbH), Restena is embarking for three years in setting up an open-source training platform dedicated to training future SOC operators regarding network-related alerts and based on real data. Incident response, log management and analysis, security operations centre management, cyber threat intelligence, and communication and documents are the focus of the future platform.

Real data on which the platform will be based are from the national research and education network (RESTENA network) backscatter traffic jointly collected over the past 10 years by Restena and CIRCL. Thanks to attack indicators and information about incorrect technical configurations they contain, its data make a valuable contribution to getting a concrete overview of cyber-attacks

Considering extending the edu.lu service

Beyond the training platform, NGSOTI will allow Restena to extend the scope of its URL shortener service – now available at 'edu.lu’ – offered since January 2023 to securely redirect long URLs to short URLs while respecting its privacy and that of its visitors. Additional security measures will be integrated, mainly the checking of URLs to ensure URLs shortened via 'edu.lu' are not being used for cyber-attacks.

In parallel, a new ‘rech.lu' shortener will be developed to better serve the research community, for whom safety criteria differ from those of 'edu.lu' designed above all for the needs of education.

A further step towards equipping the research and education

Although the scope of NGSOTI extends beyond the research and education sectors, the project will help Restena go one step further in its commitment to equip research and education towards cyber threats. First, NGSOTI enables it to step up its involvement in training future IT professionals, especially with Lycée Guillaume Kroll BTS cybersecurity students. Second, it is added to the portfolio of large-scale European projects in which Restena is involved.

With its flagship project since September 2023, LuCySe4RE - Enhancing Cybersecurity Services for the Luxembourgish Research and Education community project, Restena intends to improve protection against the cybersecurity risks faced by the Luxembourg research and education community, such as a security event management platform with dedicated tools, lifelong learning training and events.