Community News Security

Security Operation Centres for R&E: status, plans and collaboration opportunities.

Security Operation Centre model
SOC model - courtesy of https://soc-cmm.com/

Just before the end of 2022 over 40 participants joined an online workshop organised by GÉANT to share experiences, plans and collaboration opportunities in the context of Security Operations Centres (SOC). This timely event follows our first SOC workshop from 2019 and reflects the growing levels of interest on this relevant topic within the R&E community.

In the last two to three years several NRENs have been designing and establishing SOCs in their countries, whilst others are actively making plans to do so. The growing interest comes mostly in response to the evolving threat landscape and the need of NRENs and their connected institutions for more specialised security services in addition to traditional CSIRT activities.

Roderick Mooi, Senior Information Security Officer from GÉANT, commented: “The workshop featured a balanced mix of presentations introducing a variety of approaches from diverse environments. It offered an excellent, well-attended platform for sharing experiences, challenges (with means of overcoming them), and lessons learnt, taking into account each organisation’s individual circumstances, but also common R&E scenarios.”

Informative presentations from SURF, AARnet, SWITCH, HEAnet, DFN and STFC set the scene and, apart from outlining their various SOC journeys, these included relevant regulatory developments, engaging with stakeholders, managing their expectations, as well as decision-making processes. Different sourcing models (with their pros and cons), reasoning behind choices made, plans for service growth, and funding considerations, were also presented. Some lively discussion followed including SOC tooling and resourcing (particularly with regards to staffing) as well as how we can work together as a community to ensure a safe and secure R&E ecosystem for everyone.

Roderick closed: “Participants agreed that it would be beneficial to follow up on this topic in the coming months and that a community platform to share security information and threat intelligence for R&E would be a win-win solution for all. So watch this space for more information and new developments!”

Skip to content