Cyber threat heat map9/22/2023 ![]() ![]() Such an Alliance could benefit from a dedicated European fund to support European CTI service providers and constitute the backbone of CTI sharing in Europe, combining information from public and private actors to better predict upcoming attacks, creating the needed link for best exploitation of data coming from the newly created SOCs network. ![]() The creation of a trust-based European Cybersecurity Threat Intelligence Alliance could provide EU-wide information gathering, processing, and sharing.Investments in in specialised education and training are urgently needed to face a rapidly evolving threat landscape. This is especially important as SOC providers face severe shortages in skilled and well-trained manpower responsible for processing intensively growing volumes of security alerts. The human element is fundamental to the overall success of both SOCs and CTI and as such should be significantly strengthened. While innovative technologies are important for SOCs, highly skilled people are still essential.Also, data science-based solutions and technologies have a potential to increase the effectiveness of the threat analysis. For instance, AI can be used to analyse data coming from various sources (including from member SOCs), identify the most popular attack tactics and enable the creation of a real-time heat map that serves as an EU-wide Threat Model. Utilisation of innovative technologies, including, but not limited to, Artificial Intelligence (AI) or Machine Learning (ML) that will strengthen SOCs capabilities and contribute to improved benefits for all stakeholders involved.Significant investments are needed in both domains as well as the creation of mechanisms to promote cooperation between them. While the former concentrates mainly on detection, the latter offers prediction capabilities, and their close alignment is crucial to effectively combat cyber threats. SOCs and CTI serve as equally important elements of strong cybersecurity.This is why mechanisms for secure information exchange and broader cooperation within the ecosystem must be promoted. Effective SOC solutions should not only help to protect internal organisations’ resources but also ensure resilience of the entire supply chain. When developing SOC capabilities, it is recommended to take a holistic approach.New initiatives on SOCs and CTI should leverage on existing solutions and bridge the information gap between the private and public sector by federating existing SOCs and CTI platforms. Strong participation of the private sector and sectoral-driven cooperation should be seen as a cornerstone of the robust SOC and CTI ecosystem.In the current geopolitical situation, SOCs are urgently needed to detect attacks against European networks.This paper highlights crucial elements that contribute to the achievement of the above-mentioned goals. This call also gives a chance to overcome the existing market fragmentation and accelerate cooperation between European stakeholdersfrom the private and public sectors to prevent, detect and respond to cyber threats. ECSO Members consider the upcoming call of the Digital Europe Programme on Security Operation Centre capacity building and Cyber Threat Intelligence as a great opportunity to strengthen European Digital Sovereignty and Strategic Autonomy and boost the further development of European competencies in this area. ECSO recommendations for European cyber security operation centres and threat intelligenceĮCSO’s new position paper of the ECSO Task Force focuses on the European cyber security operation centres and threat intelligence (ECSOCTI). ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |