Coordinator – EHT

Participants – IMT, CEA, FHG, NRD, CSI, NIC, TLB, VIC, VMU

The aim of WP8 is to deploy and run the SAFE4SOC prototype developed in WP4, WP5 and WP6 in real conditions, as close as possible to the live working environments used in the production of SOCs. To be realistic, the validation will be planned, organised and conducted taking into account constraints and requirements of involved SOCs in terms of technologies (tools used such as SIEM, SOAR, etc.), processes (alerts triages, normal and emergency conditions, etc.) as well as policies and regulations (e.g. service level agreements with SOC customers, compliance with standards such as ISO27001,ISO27005, etc.). The validation will test the effectiveness and the efficiency of the solution on live data while adhering to safety and integrity of the data inside each SOC. The analysis of the validation results will identify strengths, weaknesses, opportunities of improvements and threats that will allow the consortium to improve the proposed standard and the prototype implementation, as well as to be used as valuable input for the refinement of the SAFE4SOC exploitation plan and activities.

The following tasks are set:

• Task 8.1 Pilot Plan and Preparation will prepare the ground for the validation of the SAFE4SOC prototype in the operational environments, i.e., in the SOC of the involved partners. Based on the work done on WP2, pilot participants will firstly define a set of relevant validation scenarios and then will further analyse the constraints and pre-requisites for the installation and usage of SAFE4SOC prototype and will formalize them in a specific “Sharing agreement”. Technological constraints (i.e., related to tools used by the SOC) as well as operational (i.e., SOC processes) and regulatory ones (i.e., legal aspects and customer agreements) will be considered to properly balance the impact on SOC operations with the need to extensively validate the SAFE4SOC prototype. On this basis, the validation plan, as well as the criteria for the analyses of validation results, will be elaborated as part of D8.1. Also, important, the pilot infrastructures will be prepared for the execution of validations in T8.2.

• Task 8.2 Pilot Execution will conduct an extensive validation activity of the SAFE4SOC prototype in each of the pilot site, according to the plan and agreements defined in T8.1. The validation will aim at assessing efficiency, effectiveness, security and usability of SAFE4SOC functionalities in a context similar to the production one. The pilot validation will use a continuous validation approach, which follow the releases of prototype across the second half of project activities. This will ensure the proper involvement of cybersecurity analysts and other SOC profiles throughout the whole validation activities, which will be also useful to showcase SAFE4SOC functionalities to the involved stakeholders.

• Task 8.3 Analysis of Results will collect and analyse feedback and results from people and systems involved in T8.2 by performing a user-oriented evaluation and end-to-end demonstrators. According to the analysis criteria defined in T8.1, the task will assess strengths and weaknesses of the prototype, as well as to identify the opportunities of improvements and further work that could improve the chances for standard adoption and the usage of prototypes developed in other SOCs. The sharing agreements will be also analysed to derive adVICOMes about how to write them and which points are important.

Deliverables:

• • 1 Pilot Plan and Specifications – M21
  • 2 Pilot report and Analysis of Results – M32