4th International Workshop on Next Generation Security Operations Centers (NG-SOC 2022)

We are proud to announce the 4th International Workshop on Next Generation Security Operations Centers (NG-SOC 2022) to be held in conjunction with the 17th International Conference on Availability, Reliability and Security (ARES 2022 – http://www.ares-conference.eu) on August 23, 2022.


This year, the workshop is jointly organized by three projects that are funded by the European Commission: SOCCRATES, SAPPAN, and CyberSEAS.



Organizations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by the introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of this workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. Through cooperation among European projects, the workshop intends to provide a more comprehensive overview of the promising research-based solutions that enable timely response to emerging threats and support different aspects of the security analysis and recovery process.




SOCCRATES will develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The SOCCRATES Platform consists of an orchestrating function and a set of innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, and automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions and enable the execution of defensive actions at machine-speed. The SOCCRATES Platform aims to enable organisations to improve the resilience of their infrastructures and increase productivity and efficiency at the SOC. The outcomes of the project will contribute to a more secure cyberspace and strengthen competitiveness in the EU digital single market.

More information: https://www.soccrates.eu/


SAPPAN project aims to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions. The SAPPAN project will develop a collaborative, federated, and scalable attack detection to support response activities and allow for timely responses to newly emerging threats supporting different privacy-levels. We plan to identify a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence, which implements a combination of encryption and anonymization to achieve GDPR compliance. Novel visualization techniques will be developed to assist security and IT personnel and provide an enhanced content of context of the response and recovery and improved visual presentation of the process.

More information: https://sappan-project.eu/


CyberSEAS (Cyber Securing Energy dAta Services) project aims to improve the resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions and extended involvement models of stakeholders and consumers in complex attack scenarios, characterised by the presence of legacy systems and the increasing connectivity of data feeds. The project has three strategic objectives: 1) countering the cyber risks related to highest impact attacks against EPES; 2) protecting consumers against personal data breaches and attacks; and 3) increasing the security of the Energy Common Data Space. CyberSEAS will deliver an extendable ecosystem of many customisable security solutions providing effective support for key activities, and in particular: risk assessment; interaction with end devices; secure development and deployment; real-time security monitoring; skills improvement and awareness; certification, governance and cooperation.

More information: https://cyberseas.eu/


For more information about the event, please check: https://www.ares-conference.eu/workshops-eu-symposium/ng-soc-2022/

Final SAPPAN event

 SAPPAN is a Horizon 2020 project funded by the European Commission to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, visualisation, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in incident management. We are also very happy to introduce our keynote speaker Mikko Hyppönen (https://mikko.com/), who will give a talk on “STATE OF THE NET”, followed by presentations about selected key results of SAPPAN. 

The event will take place virtually (Zoom) on Monday 4.04.2022, 14:00 – 16:30 (CEST). We are looking forward to your participation.

Event Agenda






Fraunhofer FIT


Keynote: State of the NET

Mikko Hyppönen (F-Secure) 

14:35- 15:00

Sharing New Type of Threat Intelligence and SAPPAN Standardisation

Martin Zadnik (CESNET) 


SAPPAN Innovations in DGA Detection

Arthur Drichel (RWTH University),

 Hugo Hromic (HPE Ireland)


Coffee Break

15:35 – 16:00

Response Recommendation and Automation

David Karpuk (F-Secure),

Martin Laštovička (Masaryk University), Mischa Obrecht (Dreamlab

16:00 – 16:25

Opportunities for Visualisation Support in CyberSecurity

Robert Rapp, Franziska Becker (University of Stuttgart)

16:25- 16:30

Wrap Up

Meeting Details


Topic: Final SAPPAN event
Time: Apr 4, 2022 02:00 PM Prague Bratislava

Join Zoom Meeting

Meeting ID: 981 7699 6869
One tap mobile
+420228882388,,98176996869# Czech Republic
+420239018272,,98176996869# Czech Republic

Dial by your location
        +420 2 2888 2388 Czech Republic
        +420 2 3901 8272 Czech Republic
        +420 5 3889 0161 Czech Republic
Meeting ID: 981 7699 6869
Find your local number:

Kenote speaker:

Mikko Hypponen is a global security expert. He has worked at F-Secure since 1991.
Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge.
He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list.
Mr. Hypponen sits in the advisory boards of t2 and Social Safeguard.

Technical speakers:

Franziska studied cognitive science and computer science at the
University of Osnabrück before joining the visualization institute (VIS) at the
University of Stuttgart as a PhD. Her main research topics include
visualization for explainable artificial intelligence as well as sensemaking
and decision making with visualization.

Arthur Drichel received the B.Sc. and M.Sc. degrees in Computer
Science from RWTH Aachen University.
He is a researcher at the Research Group IT-Security at RWTH Aachen University.
His research interests lie primarily in the areas of intrusion detection
systems, machine learning, and privacy enhancing technologies.

Martin Laštovička obtained his Ph.D. in Informatics at the Faculty of Informatics, Masaryk University, Czech Republic, and currently works as the head of the cybersecurity operations group in CSIRT-MU. His research topic lies in network traffic analysis and practical applications of machine learning to build Cyber Situational Awareness through the identification of network entities and their relationships. His focus is to apply research outputs to real-world data and enhance operations of the CSIRT-MU team.
Robert Rapp is a PhD Student at the Visualisation and Interactive Systems Institute (VIS) at the University of Stuttgart.  
After graduating with a degree in business informatics, he started his research in visual cyber analytics. As part of the Horizon 2020 project EU: SAPPAN his current work focuses on visual analysis of endpoint sensor data and analytical provenance in web interfaces.
Martin Zadnik is a deputy leader at the department of tools for network security  and administration at CESNET a.l.e. He has been a project leader in many national and contributor to many European projects related to network security, cyber threat intelligence, and network monitoring at high speeds. He cooperates with both public and commercial sectors in research and innovation of network cybersecurity concepts and their implementation into open-source tools or products.
Dr. David Karpuk is Senior Data Scientist at F-Secure, focusing on applications of machine learning and artificial intelligence to the construction of algorithms for cyberattack detection and response systems. He received his Ph.D. in Mathematics from the University of Maryland, College Park in 2012, and was previously a Postdoctoral Researcher at Aalto University in the Algebra, Number Theory, and Applications research group in the Department of Mathematics and Systems Analysis. After his postdoctoral work, he subsequently served as Assistant Professor in the Department of Mathematics at Universidad de los Andes, Colombia.  David was previously the recipient of an Academy of Finland Postdoctoral Researcher grant, as well as a Postdoctoral Researcher grant from the Magnus Ehrnrooth Foundation.

Additional materials:

You can download a flyer to this event here.
Futhermore, here you can download the calendar event with the invitation link.

Slush 2021

SAPPAN was presented with Project BLACKFIN at ECSO organised “Cyber Investor Days”, Slush 2021 🙂

Read more here.

Agenda of the NG-SOC 2021 workshop

NG-SOC workshop 2021 is jointly organized by SAPPAN and Soccrates H2020 EU projects. The workshop will be held on August 17 in conjunction with the 16th International Conference on Availability, Reliability and Security. The detailed program is available here: https://www.ares-conference.eu/conference-2021/detailed-program/

Also, you can download the NG-SOC 2021 workshop Agenda here: NG-SOC-2021_Agenda

To attend the workshop, registration for the ARES conference is required: https://www.ares-conference.eu/registration-all-digital-conference/

Cyberwatching webinar: shaping the future of cybersecurity

Cyberwatching.eu project hosted a webinar with talks from different EU projects. The webinar title was shaping the future of cybersecurity – priorities, challenges and funding opportunities for a more resilient Europe. The event was held online on 13 July 2021 from 10:00 to 17:00 CEST. Avikarsha Mandal presented SAPPAN in a roundtable on the cluster topic Threat Intelligence. 

The recorded video of the event is available here: https://www.youtube.com/watch?v=LGpDVtdEeEE

Click here to find out more about the event.  

SAPPAN at 63rd TF-CSIRT Meeting

SAPPAN has joined the TF-CSIRT community again at the 63rd TF-CSIRT online meeting. Having presented the project ideas and concepts almost two years ago when the project started, we could now show the SAPPAN’s host profiling and host profile visual analysis results.

We received several feedbacks that confirmed that our research aims in the right direction. We promoted the website to stay in contact with the community and provide a teaser for our next planned talk on Incident response automation at the next TF-CSIRT meeting.

TF-CSIRT is a task force that promotes collaboration and coordination between CSIRTs in Europe and neighbouring regions, whilst liaising with relevant organisations at the global level and in other regions. These facts make the TF-CSIRT’s community potential target users of the SAPPAN platform.