Situation Aware Security Operations Centre (SAWSOC)
Period: 2013 – 2016 Project Value: €5m
Various physical and logical security technologies exist, but their management and function exists in isolation from each other in a security monitoring context.
While some markets and technologies have merged - for example SEM and SIM have combined into SIEM) logical and physical access control technologies have converged into Identity Management (IM), and security operations environments have evolved considerably - more is needed to improve function and security situation awareness.
SAWSOC has developed an advanced SOC platform that will support accurate, timely and trustworthy detection and diagnosis of attacks. It correlates events from a diverse range of physical and logical security sources to achieve enhanced situational awareness.
The project was supported by three critical infrastructure end-users in the air traffic control, energy distribution and stadium management domains.
We performed a gap analysis technical assessment of performance features for existing logical security technologies (e.g. SIEM, network monitoring solutions) to support SAWSOC requirements development.
We also developed appropriate incident response procedures to support the SAWSOC platform, as well as appropriate forensics data acquisition that facilitates legally admissible evidence capture.
More information: http://www.sawsoc.eu/