By David Heed (SUNET) & Arne Øslebø (Uninett)
Earlier on this month we were delighted to host the very first Security Operation Centre (SOC) workshop at GÉANT headquarters in Amsterdam, half a year since the GÉANT Project Work Package 8 (GN4-3 WP8) organised a popular security day at TNC19.
We knew it would be a popular event, but our expectations were surpassed! Over 50 participants from more than 40 organisations joined the workshop in person and remotely: the Amsterdam boardroom was full.
We were touched and honoured to learn that we were the first group to use the boardroom since it was officially named after the late Karel Vietsch (Secretary General of TERENA, 1996-2014).
The programme focussed on SOC tools, but also included discussions around issues on how to set up a SOC for the first time and which services to offer.
After a short presentation of the GN4-3 WP8 by Alf Moens (SURFnet), Jisc kicked off the discussions by giving a detailed overview on how they created their SOC and the services they offer. This was followed by a round table discussion on a panoramic view of the status of security efforts within the different participating organisations. Each represented entity is either in the process of establishing a SOC or has plans to create one. It soon became clear that we are all faced with similar challenges such as low funding levels and the struggle to recruit qualified personnel.
Two invited speakers also joined the workshop: Christian Studer from CIRCL gave a presentation about MISP, the most commonly used tool for sharing indicators of compromise. Victor Julien, the lead developer of Suricata, presented new features of Suricata 5 and the main focus of Suricata 6.
The opportunity to collaborate, share experiences, challenges and views, which is at the core of all GÉANT community events, was welcomed by all participants. Some interesting suggestions for future activities comprised the organisation of a follow-up workshop in collaboration with participating NRENs and the WP8. The main objective is to focus on specific SOC tools and tool integrations as useful examples to share with the community.
We would like to encourage all participating organisations and the rest of the community to get in touch and let us know what you would like us to share and do next.
To continue our discussions prior to our next meeting you can join the SOC mailing list soc-tools@lists.geant.org by subscribing here.
Please note that some presentations and recordings from the workshop can be found on the event wiki page.
Thank you so much for participating so actively and look forward to seeing all of you – and more – next time!
Watch this space for news and information on the next event.