Blog Posts

April 18, 2024

Enhancing Modern Cyber Defenses: The Evolution of Security Operations Centers through Cutting-edge Technologies and Optimized Processes
Author: DSA
In today's digital landscape, Security Operations Centers (SOCs) are vital in defending against cyber threats, using emerging technologies like AI/ML, SOAR, TIPs, UEBA, and XDR. Alongside technological advancements, refining processes such as proactive threat hunting and continuous training are essential. Despite automation, human expertise remains crucial in SOCs. Challenges include data privacy, integration complexity, and evolving threats, emphasizing the need for ongoing adaptation and collaboration for effective cybersecurity.

Read the full post

January 17, 2024

How NIS and NIS2 will enhance JCOP operations
Author: DSA
The "NIS" and "NIS2" refer to the "Network and Information Systems" directives in the European Union (EU), aimed at strengthening the cybersecurity across EU states. Both directives can assist Security Operations Centers (SOCs) in enhancing cybersecurity operations by establishing basic security standards, encouraging information sharing, imposing stricter enforcement and penalties, and extending focus to supply chain security...

Read the full post

November 14, 2023

The Evolution and Importance of the Security Operation Center (SOC) in Modern Cybersecurity Frameworks
Author: DSA
How to turn the unexpected into expected, with Cyber Threat Intelligence-enhanced SOCs 🌐💻. A must have checklist ✅ for cyber threat prevention, to keep your assets safeguarded🛡️.

Read the full post

November 10, 2023

Insights into JCOP's Security Assurance platform
Author: SANL
The Security Assurance platform (SAP) is an integral component of JCOP's cybersecurity infrastructure, facilitating CTI and situational awareness by conducting CTI Assessments, penetration testing approaches, vulnerability analysis, dynamic runtime testing, and real-time monitoring. It operates based on predefined models and assesses temporal event patterns and rules to ensure the correctness and effectiveness of security controls, thereby enhancing the overall cybersecurity posture of the organization.

Read the full post

September 7, 2023

Cyber Threat Intelligence - A necessity, not a luxury
Author: NCSA
Cyber threat intelligence (CTI) refers to collecting, analyzing, and disseminating information about emerging or current cyber threats. It involves gathering and analyzing data from various sources to identify potential threats and vulnerabilities and then using that information to develop strategies for preventing, detecting, and responding to cyber-attacks.
The National Cyber Security Authority of Greece deep dives on the importance of cyber threat intelligence.

Read the full post

September 6, 2023

JCOP's 6th Plenary Meeting
Author: TUC
The JCOP's coordinator, Technical University of Crete, summarizes our 6th plenary meeting organized in the premises of the University of Oslo in Oslo, Norway.

Read the full post

September 5, 2023

Reviewing BPMN as Modeling Notation for CACAO Security Playbooks
Author: UiO
As cyber systems become increasingly complex and cybersecurity threats become more prominent, defenders must prepare, coordinate, automate, document, and share their response methodologies to the extent possible. The CACAO standard was developed to satisfy the above requirements by providing a common machine-readable framework and schema to document cybersecurity operations processes, including defensive tradecraft and tactics, techniques, and procedures. Although this approach is compelling, a remaining limitation is that CACAO provides no native modeling notation for graphically representing playbooks, which is crucial for simplifying their creation, modification, and understanding. In contrast, the industry is familiar with BPMN, a standards-based modeling notation for business processes that has also found its place in representing cybersecurity processes. This research examines BPMN and CACAO and explores the feasibility of using the BPMN modeling notation to graphically represent CACAO security playbooks. The results indicate that mapping CACAO and BPMN is attainable at an abstract level; however, conversion from one encoding to another introduces a degree of complexity due to the multiple ways CACAO constructs can be represented in BPMN and the extensions required in BPMN to fully support CACAO.

Read the full post

June 15, 2023

JCOP Coordination, Action Management and Technical Contributions from Technical University of Crete
Author: TUC
The Technical University of Crete (TUC) leads the JCOP project, aiming to enhance EU Member State authorities' cyber capabilities. The project develops a platform for Cyber Threat Intelligence, Incident Response, and Cybersecurity Operations Training, promoting cross-border cooperation and coordinated incident response. TUC manages the project, defines the platform's architecture, and contributes technical tools like HoneyChart and GNORT for proactive defense and threat detection. The JCOP project aligns with EU cybersecurity recommendations, emphasizing the potential for cross-border collaboration.

Read the full post

June 6, 2023

Utilizing an Enhanced STIX Representation of MITRE ATT&CK as Cyber Threat Intelligence Source for Group Filtering and Technique Prioritization
Author: UiO
In this blog post, we describe how we have extended version 9 of MITRE ATT&CK Groups, as represented in STIX 2.1, to make available and queryable additional types of contextual information. Such information includes adversaries' motivations, the countries they have originated from, and the sectors and countries they have targeted. Furthermore, we demonstrate how to use the new types of contextual information introduced in the enhanced STIX 2.1 representation of the Groups knowledge base to filter adversaries of interest.

Read the full post

October 2, 2022

How the European project JCOP adds actual value to Cybersecurity Authorities
Author: NCSA
The Hellenic National Cyber Security Authority (NCSA) is the national competent authority for cybersecurity in Greece, according to the EU Network and Information Security Directive (NIS Directive - 2016/1148) and National Law 4577/2018.
JCOP will help the National Cybersecurity Authorities to achieve their mission and goals, enriching capabilities and improving the effectiveness and efficiency of their daily cybersecurity operations, including cooperation at the EU level...

Read the full post

September 2, 2022

The need for joint cybersecurity operations across Members States & the JCOP project
Author: SANL
Since digital technologies become more pervasive in everyday lives and economies, cybersecurity incidents are getting frequent and diversified. Data breaches exposed 4.1 billion records in the first half of 2019, while the recently-released ENISA Threat Landscape for 2020 reports an increase in sophisticated and targeted ransomware exploits in the public sector, health care organisations and other industries, as well as the increased prevalence of hybrid threats, combing both the cyber and physical domains.
In this regard, ENISA's policy conclusions and recommendations highlight the importance of using Cyber Threat Intelligence (CTI) as the main tool for cybersecurity preparedness and driving strategic and political decisions that will effectively tackle threats that threaten the well-being of the European Union. It is also emphasized that cooperation and coordination of EU-wide CTI activities are essential for informing and driving emergency decisions needed in crisis management...

Read the full post