Technical Framework

NG-SOC considers the paradigm of interconnecting heterogeneous digital systems, where traditional security controls are becoming increasingly inefficient due to the mosaic of involved data, the plethora of diverse business services and the strong interdependencies between software components residing on interconnected infrastructures—allowing threats and security incidents to propagate between assets of these networks. At the user level, hand-held devices and mobile applications further increase the system’s attack surface.

Thus, the key to unlocking the enormous potential of EU digital infrastructures—serving millions of citizens, enterprises and society—lies in their ability to remain cyber-secure. NG-SOC builds its concept on the actual cybersecurity needs of NIS2-Directive organisations. After carefully identifying the real-world challenges faced by its pilots, the project translated them into a set of desired toolkit attributes, including:

• Early-stage detection and classification of attackers’ TTPs
• Identification of attacks by novel multi-faceted actors (external and internal)
• Actionable, relevant and accurate CTI sharing between organisations and devices
• Automated threat/incident detection, investigation and response (TDIR)
• Automation and orchestration of incident-response strategies
• Continuous learning (capacity building) and systematic user-awareness raising

NG-SOC aims to provide a holistic solution exhibiting all these attributes, most notably addressing the entire cybersecurity cycle. To achieve this, the project will:

1. Identify capabilities, data formats and sharing methods for optimal CTI exchange
2. Analyse common threats and vulnerabilities within pilot systems
3. Orchestrate existing software into an interoperable, privacy-by-design toolkit that seamlessly integrates with any infrastructure—significantly enhancing SOC teams’ ability to monitor, predict, deter, detect and collaboratively analyse and respond to threats
4. Encourage continuous learning and maintain user awareness
5. Validate the solution on selected use cases to showcase NG-SOC’s prevention and detection effectiveness
6. Leverage NG-SOC’s achievements and lessons learned as the foundation for training content—targeting not only cybersecurity experts, but also business owners, customers and collaborators—through dedicated sessions, cyber-range exercises and realistic scenarios

Simultaneously, the project will develop secure communication links to immediately report incidents and cyber-attacks to relevant CERT/CSIRT networks, ensuring rapid, coordinated response across Europe.