Supported by the Digital Europe Programme (DIGITAL), SAFE (Security AI for Enhanced SOC) is a 3-year project. It has been designed to enhance cybersecurity for National Security Operations Centers aiming at to optimize CTI creation and analysis by developing enabling technologies for Security Operations Centers.
With threat actors proliferating at an unprecedented pace across verticals, threat intelligence sharing, and situational awareness are paramount for swift detection and decision-making. The scope of this evolution is to automate the initial steps in malware or forensic analysis as much as possible.
This will empower the generation and distribution of original threat intelligence while engaging novel technologies such as AI in different areas.
To enhance functional efficiency, SAFE aims to harness AI in various cybersecurity domains such as incident response in the SAFE Battle Control Center or threat intelligence enrichment in the SAFE Distribution Threat Intelligence Platform modules.
The SAFE Analysis Environment will detonate malware, submit samples of potentially malicious files for analysis, and feed output back into the other component(s). The proposed components will also make use of network-based response and data acquisition software to enhance the level of visibility into potential incidents on the supported assets.
SAFE, which is coordinated from Eviden Romania, will leverage the efforts underwent in CYDERCO project (DIGITALECCC-2022-CYBER-03-SOC).
The HPC Software Security team primarily contributes to the project by leading WP3 and WP4. These efforts focus on developing a module for misbehavior detection in communication and network protocols, based on anomaly detection, as well as the risk-based vulnerability and attack simulation manager.
Both contributions are aligned with the team's assets L-ADS and PentestAI, respectively.
