Gearing Towards the Next Level in Playbook-Driven Security Automation - Leveraging CACAO V2 скачать в хорошем качестве

Gearing Towards the Next Level in Playbook-Driven Security Automation - Leveraging CACAO V2

Luca Morgese Zangrandi (TNO, NL), Vasileios Mavroeidis (University of Oslo, NO) Luca Morgese received a MSc in Cybersecurity at the University of Twente, Netherlands, in 2021. He is currently employed as a Cybersecurity Scientist at the Netherlands Organization for Applied Research (TNO). His work at TNO involves design, development, and validation of cybersecurity automation technologies for security operations in several domains, among which Defense organizations, financial organizations, telecommunications, and the energy sector. He is technical committee member in OASIS standards for cybersecurity interoperability and information sharing: CACAO, CSAF, STIX, OpenC2. Vasileios Mavroeidis is a Professor of Cybersecurity at University of Oslo and a board member of the esteemed standards development organization OASIS Open. His research focuses on security automation and threat-informed and collaborative defense, including cyber threat intelligence representation, reasoning, and exchange. Vasileios has published numerous scientific papers contributing to the body of knowledge and has been involved in Norwegian and European research and innovation cybersecurity actions supporting critical infrastructure operators and authorities responsible for cybersecurity. He is a member of the ENISA ad hoc working groups on Cyber Threat Landscapes and Security Operations Centres, and he has assisted the agency as a rapporteur, performing desk research, analysis, and advisory tasks pertinent to standardization. Additionally, Vasileios participates in the EU's Stakeholder Cybersecurity Certification Group, which was established to advise on strategic cybersecurity certification issues. Other involvements include contributing to standardization works and co-chairing the FIRST Automation special interest group and the OASIS Open Threat Actor Context and CACAO standardization committees. In 2022, OASIS Open awarded Vasileios the distinguished contributor designation for his contributions to cybersecurity standardization and open-source projects. --- SOC and CSIRT teams are increasingly automating their workflows for security management, incident and threat response. To this end, many are embracing the concept of playbook-driven workflow orchestration: fully or partially automated sequences of tasks carried out in response to a triggering event. Current proprietary formats for such playbooks limit interoperability and the ability to collaborate and exchange defensive tradecraft across organizational boundaries. The OASIS Collaborative Automated Course of Action Operations (CACAO) standard overcomes this by providing a common framework and a machine-processable schema that caters for playbooks that are natively interoperable and can be shared and executed across technological and organizational boundaries. As a next step, TNO and University of Oslo developed open-source software tools that allow seamless creation and execution of CACAO security playbooks. This presentation will showcase these tools, demonstrate their use in a test environment and highlight practical learnings from adopting and promoting CACAO in national and pan-European projects.