Blog Posts

July 30, 2024

Real-world Applications of Visualization in Situational Awareness I
Author: TUBS
This blog post delves into the Forensic Visualization Toolkit (FVT), a powerful tool designed to enhance digital forensics investigations, analyze digital evidence, and provide advanced visualizations to improve cybersecurity situational awareness. Developed by Jihane Najar, Marinos Tsantekidis, Aris Sotiropoulos, and Vassilis Prevelakis, FVT is positioned as an essential asset for cybersecurity professionals, offering intuitive and interactive tools that significantly amplify their capabilities to identify, analyze, and respond to threats.

Read the full post

July 23, 2024

Enhancing Cybersecurity Training and Awareness using the SPHYNX Cyber Range Platform
Author: SANL
πŸš€ Elevate Your Cybersecurity Skills with SPHYNX Cyber Range! πŸš€ πŸ›‘οΈ Incident Response Training: Master forensic analysis and automate response tasks with hands-on experience. πŸ” GDPR Training: Learn GDPR basics and international data transfers. Sphynx Technology Solutions

Read the full post

July 18, 2024

Towards Incident Response Orchestration and Automation for the Advanced Metering Infrastructure
Author: UiO
πŸ”“πŸŒŸ Unlock the future of smart grid security with cutting-edge automated incident response strategies for Advanced Metering Infrastructure (AMI).πŸ’‘πŸ”Œ Learn how the groundbreaking research by Alexios Lekidis, Vasileios Mavroeidis, and Konstantinos Fysarakis, is revolutionizing cyber resilience in the energy sector.βš‘πŸ—Ό #SmartGrid #CyberSecurity #Innovation

Read the full post

June 26, 2024

Real-world Applications of Visualization in Situational Awareness III
Author: TUBS
🌟 Discover how emerging trends like augmented reality and artificial intelligence are reshaping the landscape of visualization for situational awareness. πŸš€ Explore Part 3 of our series to see how these advancements are setting the stage for a future of enhanced understanding and proactive decision-making.

Read the full post

June 26, 2024

Real-world Applications of Visualization in Situational Awareness II
Author: TUBS
πŸš€ Discover how visualization transforms data into actionable insights, enhancing situational awareness across business, crisis management, defense, and healthcare. πŸŒπŸ“Š Read Part 2 of our series to see real-world applications in action!

Read the full post

June 25, 2024

The Art and Science of Visualisation for Enhanced Situational Awareness
Author: TUBS
Unlock the power of visualization to enhance situational awareness and make informed decisions in dynamic environments. πŸŒπŸ“Š Dive into our latest blog post to explore cutting-edge techniques like interactive dashboards, geospatial mapping, and network visualization, transforming complex data into actionable insights. πŸš€πŸ”

Read the full post

June 24, 2024

From SOC to Cyber Hub: Transforming the Heart of Cybersecurity
Author: NCSA
πŸš€ Discover how traditional Security Operations Centers (SOCs) are evolving into advanced Cyber Hubs to tackle modern cyber threats with cutting-edge technologies and proactive strategies. 🌐 This blog post explores the transformative Joint Cybersecurity Operations Platform (JCOP) and its pivotal role in enhancing cybersecurity across the EU.

Read the full post

April 18, 2024

Enhancing Modern Cyber Defenses: The Evolution of Security Operations Centers through Cutting-edge Technologies and Optimized Processes
Author: DSA
In today's digital landscape, Security Operations Centers (SOCs) are vital in defending against cyber threats, using emerging technologies like AI/ML, SOAR, TIPs, UEBA, and XDR. Alongside technological advancements, refining processes such as proactive threat hunting and continuous training are essential. Despite automation, human expertise remains crucial in SOCs. Challenges include data privacy, integration complexity, and evolving threats, emphasizing the need for ongoing adaptation and collaboration for effective cybersecurity.

Read the full post

April 4, 2024

Privacy Preserving Password Cracking: The 3PC Protocol
Author: Norbert Tihanyi, Tamas Bisztray (UiO), Bertalan Borsos, Sebastien Raveau
Pentesters and organizations eager to evaluate password security πŸ›‘οΈ can now leverage cloud services without compromising the privacy and security of passwords or their hashes πŸš«πŸ’». Say hello to the 3PC protocol 🌐✨! This post unveils the core concepts of the 3PC protocol 🌟. Find the detailed study in the IEEE Transactions on Information Forensics and Security: πŸ“„πŸ”

Read the full post

January 24, 2024

Unveiling Shadows: Strategies for SOCs to Identify Threat Actors
Author: DSA
πŸ”πŸ›‘οΈ Discover how SOCs unmask hidden cyber adversaries, from lone hackers to nation-states. Dive into our insights on strategic defense and effective risk management. #CybersecurityUnveiled #SOCStrategies πŸ’»πŸš¨

Read the full post

January 17, 2024

How NIS and NIS2 will enhance JCOP operations
Author: DSA
The "NIS" and "NIS2" refer to the "Network and Information Systems" directives in the European Union (EU), aimed at strengthening the cybersecurity across EU states. Both directives can assist Security Operations Centers (SOCs) in enhancing cybersecurity operations by establishing basic security standards, encouraging information sharing, imposing stricter enforcement and penalties, and extending focus to supply chain security...

Read the full post

January 16, 2024

The Release of OASIS CACAO v2.0 Specification
Author: Bret Jordan, Vasileios Mavroeidis (UiO), Luca Morgese, and Allan Thomson
πŸ›‘οΈ Facing an onslaught of cyber threats? Level up your defense πŸš€ Introducing 🌟 CACAO Version 2.0 🌟 - your cybersecurity game-changer. With fully automatable security playbooks, orchestrate your response like a maestro and keep cyber threats at bay. 🎼πŸ–₯️ πŸ”’ Embrace the New Standard for Security Playbooks. CACAO's standardized framework is here to revolutionize how your security team collaborates, responds, and prevails! πŸ€– Automate, Orchestrate, Dominate! With CACAO, transform your IT/Security team into a powerhouse of efficiency. From intrusion detection to incident response, design and execute playbooks that adapt to your unique organizational needs. πŸ”— Click to explore how CACAO can fortify your cyber defenses. Stay ahead, stay secure! πŸ›‘οΈπŸ’»

Read the full post

November 14, 2023

The Evolution and Importance of the Security Operation Center (SOC) in Modern Cybersecurity Frameworks
Author: DSA
How to turn the unexpected into expected, with Cyber Threat Intelligence-enhanced SOCs πŸŒπŸ’». A must have checklist βœ… for cyber threat prevention, to keep your assets safeguardedπŸ›‘οΈ.

Read the full post

November 10, 2023

Insights into JCOP's Security Assurance platform
Author: SANL
The Security Assurance platform (SAP) is an integral component of JCOP's cybersecurity infrastructure, facilitating CTI and situational awareness by conducting CTI Assessments, penetration testing approaches, vulnerability analysis, dynamic runtime testing, and real-time monitoring. It operates based on predefined models and assesses temporal event patterns and rules to ensure the correctness and effectiveness of security controls, thereby enhancing the overall cybersecurity posture of the organization.

Read the full post

September 7, 2023

Cyber Threat Intelligence - A necessity, not a luxury
Author: NCSA
Cyber threat intelligence (CTI) refers to collecting, analyzing, and disseminating information about emerging or current cyber threats. It involves gathering and analyzing data from various sources to identify potential threats and vulnerabilities and then using that information to develop strategies for preventing, detecting, and responding to cyber-attacks.
The National Cyber Security Authority of Greece deep dives on the importance of cyber threat intelligence.

Read the full post

September 6, 2023

JCOP's 6th Plenary Meeting
Author: TUC
The JCOP's coordinator, Technical University of Crete, summarizes our 6th plenary meeting organized in the premises of the University of Oslo in Oslo, Norway.

Read the full post

September 5, 2023

Reviewing BPMN as Modeling Notation for CACAO Security Playbooks
Author: UiO
As cyber systems become increasingly complex and cybersecurity threats become more prominent, defenders must prepare, coordinate, automate, document, and share their response methodologies to the extent possible. The CACAO standard was developed to satisfy the above requirements by providing a common machine-readable framework and schema to document cybersecurity operations processes, including defensive tradecraft and tactics, techniques, and procedures. Although this approach is compelling, a remaining limitation is that CACAO provides no native modeling notation for graphically representing playbooks, which is crucial for simplifying their creation, modification, and understanding. In contrast, the industry is familiar with BPMN, a standards-based modeling notation for business processes that has also found its place in representing cybersecurity processes. This research examines BPMN and CACAO and explores the feasibility of using the BPMN modeling notation to graphically represent CACAO security playbooks. The results indicate that mapping CACAO and BPMN is attainable at an abstract level; however, conversion from one encoding to another introduces a degree of complexity due to the multiple ways CACAO constructs can be represented in BPMN and the extensions required in BPMN to fully support CACAO.

Read the full post

June 15, 2023

JCOP Coordination, Action Management and Technical Contributions from Technical University of Crete
Author: TUC
The Technical University of Crete (TUC) leads the JCOP project, aiming to enhance EU Member State authorities' cyber capabilities. The project develops a platform for Cyber Threat Intelligence, Incident Response, and Cybersecurity Operations Training, promoting cross-border cooperation and coordinated incident response. TUC manages the project, defines the platform's architecture, and contributes technical tools like HoneyChart and GNORT for proactive defense and threat detection. The JCOP project aligns with EU cybersecurity recommendations, emphasizing the potential for cross-border collaboration.

Read the full post

June 6, 2023

Utilizing an Enhanced STIX Representation of MITRE ATT&CK as Cyber Threat Intelligence Source for Group Filtering and Technique Prioritization
Author: UiO
In this blog post, we describe how we have extended version 9 of MITRE ATT&CK Groups, as represented in STIX 2.1, to make available and queryable additional types of contextual information. Such information includes adversaries' motivations, the countries they have originated from, and the sectors and countries they have targeted. Furthermore, we demonstrate how to use the new types of contextual information introduced in the enhanced STIX 2.1 representation of the Groups knowledge base to filter adversaries of interest.

Read the full post

October 2, 2022

How the European project JCOP adds actual value to Cybersecurity Authorities
Author: NCSA
The Hellenic National Cyber Security Authority (NCSA) is the national competent authority for cybersecurity in Greece, according to the EU Network and Information Security Directive (NIS Directive - 2016/1148) and National Law 4577/2018.
JCOP will help the National Cybersecurity Authorities to achieve their mission and goals, enriching capabilities and improving the effectiveness and efficiency of their daily cybersecurity operations, including cooperation at the EU level...

Read the full post

September 2, 2022

The need for joint cybersecurity operations across Members States & the JCOP project
Author: SANL
Since digital technologies become more pervasive in everyday lives and economies, cybersecurity incidents are getting frequent and diversified. Data breaches exposed 4.1 billion records in the first half of 2019, while the recently-released ENISA Threat Landscape for 2020 reports an increase in sophisticated and targeted ransomware exploits in the public sector, health care organisations and other industries, as well as the increased prevalence of hybrid threats, combing both the cyber and physical domains.
In this regard, ENISA's policy conclusions and recommendations highlight the importance of using Cyber Threat Intelligence (CTI) as the main tool for cybersecurity preparedness and driving strategic and political decisions that will effectively tackle threats that threaten the well-being of the European Union. It is also emphasized that cooperation and coordination of EU-wide CTI activities are essential for informing and driving emergency decisions needed in crisis management...

Read the full post