SOCCRATES at 35th Annual FIRST Conference

Martin Eian (mnemonic) and Frank Fransen (TNO) presented SOCCRATES at the 35th Annual FIRST Conference, June 4-9, 2023 in Montréal, Canada.  

In the session, Martin and Frank first introduced the SOCCRATES project and next discussed the three main innovations:

• A machine-readable model of the ICT infrastructure
• Automated security reasoning (Attack Simulation & Real-time Business Impact Assessment)
• Automated generation, assessment and execution of response actions

The presentation was concluded with lessons learned.

ETIS webinar on the SOCCRATES project with live demonstration

The SOCCRATES project ended in October 2022. In the following months, the results of the project have been presented and demonstrations of the SOCCRATES Platform have been given.  On December 14th 2022, ETIS organised a webinar. This webinar has been recorded and is now available on vimeo.

Agenda:

• Brief introduction of SOCCRATES project and partners involved [1:08]
• SOCCRATES vision and walkthrough of platform capabilities [7:50]
• Live demonstration of SOCCRATES platform [36:50]
• Reflection on lessons learned and next steps [1:02:40]

November 18th 2021, SOCCRATES presented at FIRST TC Norway

Adversary Emulation Planner Based On MITRE ATT&CK | Siri Bromander, mnemonic

The MITRE Adversary Tactics, Techniques and Common Knowledge  (ATT&CK) knowledge base is a very useful resource for information  security professionals. ATT&CK has become the de facto industry  standard for tactical threat intelligence.

ATT&CK contains adversary tactics and techniques, as well as  relationships linking techniques to adversary groups and software.  However, ATT&CK does not describe any relationships or dependencies  between techniques. This makes generating adversary emulation  plans hard, since sequencing of techniques must be done manually, i.e.  assigning techniques to different stages of an intrusion.

Our first step towards automating the generation of adversary emulation  plans is semantic modelling of dependencies between ATT&CK  techniques and development of tool support to generate attack stages  based on techniques in ATT&CK.

This presentation covers how and why we selected our modelling approach,  the tools that we developed, and use cases with examples highlighting  how the tools are useful.

Siri Bromander leads  the Research and Development team at mnemonic.  She holds a PhD from the  University of Oslo and a MsC in telematics/information security from  NTNU. She has worked in mnemonic since 2008  and has more than 14 years of work experience in IT security and  information security research roles, including serving as Security  Manager at mnemonic for five years.

https://www.coldincidentresponse.no/schedule/first-tc-oslo-2021/

SOCCRATES at ONE conference 2021

Martin Eian (mnemonic) has given a presentation at the ONE conference 2021 on ‘SOCCRATES Project – Automating Threat Intelligence and Adversary Emulation’. A video of the presentation can be viewed here. 

Paper at IEEE CSR 2021 conference (Best Paper Award)

A. Gylling, M. Ekstedt, Z. Afzal, and P. Eliasson, “Mapping cyber threat intelligence to probabilistic attack graphs”, 2021 IEEE International Conference on Cyber Security and Resilience, July 2021. (Best research paper award). A summary of the paper can be found here.

The paper is based on the Master Thesis of Andreas Gylling, and can be found here.

SOCCRATES at Webinar SOC developments and pilots in CEF and H2020 projects, July 19th 2021

This Monday a webinar is organized by the EU about SOC developments and pilots in CEF and H2020 projects. The webinar aims at supporting knowledge exchange on recent and future SOC (SOC-relevant ICT solutions) developments between beneficiaries, European Commission, ENISA and HaDEA. It helps finding synergies and maximizing the impact of projects by bringing together policy and projects with a specific focus on developing and establishing European SOCs included as a priority in the EU’s Cybersecurity Strategy for the Digital Decade. 

Reinder Wolthuis (TNO) is invited to present SOCCRATES

SOCCRATES at 33rd Annual FIRST Conference

SOCCRATES provided two presentation at the (virtual) 33rd Annual FIRST Conference: “Crossing Uncertain Times,” on June 7-9, 2021.

* Martin Eian (mnemonic) provided a presentation on: ‘Adversary Emulation – Generating MITRE ATT&CK Technique Sequences’. The video is available on youtube.

* Erik Ringdahl (foreseeti) and Frank Fransen (TNO) provided a presentation on: ‘Attack Defense Graph Analysis for Supporting SOC and CSIRT Operations’. The video is available on youtube and slides are available below.

SOCCRATES general presentation

This general presentation on the SOCCRATES project provides a summary on the SOCCRATES project: its partners, goals, concepts and approach.