- Deployment of Artificial Intelligence and Advanced Key Technologies as enablers for SOCs
- Tools for creation, analysis and processing of CTI that allow for faster and more scalable SOC operations
- Original European CTI feeds or services
This topic addresses enabling technologies (such as AI) for SOCs, including National SOCs which provide a central operational capacity and support other SOCs at national level and play a central role as a hub within a context of SOCs, and also Cross-border SOC platforms where such technologies can strengthen capacities to analyse, detect and prevent cyber threats and incidents, and to support the production of high-quality intelligence on cyber threats.
These enabling technologies should allow more effective creation and analysis of Cyber Threat Intelligence (CTI), as well as faster and scalable processing of CTI and identification of patterns that allow for rapid detection and decision making.
Actions in this topic should develop and deploy systems and tools for cybersecurity based on enabling technologies (such as AI), addressing aspects such as threat detection, vulnerability detection, threat mitigation, incident recovery through self-healing, data analysis and data sharing. Activities should include at least one of the following:
- Continuous detection of patterns and identification of anomalies that indicate potential threats, recognising new attack vectors and enabling advanced detection in an evolving threat landscape.
- Creation of CTI based on novel threat detection capabilities.
- Enhancing speed of incident response through real-time monitoring of networks to identify security incidents and generating alerts or triggering automated responses.
- Mitigating malware threats by analysing code behaviour, network traffic, and file characteristics, reducing the window of opportunity for attackers to exploit malware.
- Identification and management of vulnerabilities.
- Recovery from incidents through self-healing capacities.
- Reducing the chances of attacks and pre-emptively identifying weaknesses through automated vulnerability scanning and penetration testing.
- Protecting sensitive data through the analysis of access patterns and detection of abnormal behaviour.
- Enabling organisations to leverage and share CTI and other actionable information for analysis and insights without compromising data security and privacy, through anonymisation and de-identification. Tool and service providers are welcome to apply to this topic, also when in a consortium with National SOCs. Links with stakeholders in the area of High-Performance Computing should be made where appropriate, as well as activities to foster networking with such stakeholders.
Tool and service providers are welcome to apply to this topic, also when in a consortium with National SOCs. Links with stakeholders in the area of High-Performance Computing should be made where appropriate. In well justified cases, access requests to the EuroHPC high performance computing infrastructure could be granted.
Deadline date: 26 March 2024 17:00:00 Brussels time
For more information, please visit the European Commisssion website.