PoS - Proceedings of Science
Volume 327 - International Symposium on Grids and Clouds 2018 in conjunction with Frontiers in Computational Drug Discovery (ISGC 2018 & FCDD) - Networking, Security, Infrastructure & Operations
Harnessing the Power of Threat Intelligence in Grids and Clouds: WLCG SOC Working Group
D. Crooks*, L. Vâlsan, K. Mohammad, M. Carabas, S. McKee, J. Trinder and  On behalf of the WLCG SOC Working Group
Full text: pdf
Published on: December 12, 2018
Abstract
The modern security landscape affecting Grid and Cloud sites is evolving to include possible threats from a range of avenues, including social engineering as well as more direct approaches. An effective strategy to defend against these risks must include cooperation between security teams in different contexts. It is essential that sites have the ability to share threat intelligence data with confidence, as well as being able to act on this data in a timely and effective manner.

As reported at ISGC 2017, the Worldwide LHC Computing Grid (WLCG) Security Operations Centres Working Group (WG) has been working with sites across the WLCG to develop a model for a Security Operations Centre reference design. This work includes not only the technical aspect of developing a security stack appropriate for sites of different sizes and topologies, but also the more social aspect of sharing data between groups of different kinds. In particular, since many Grid and Cloud sites operate as part of larger University or other Facility networks, collaboration between Grid and Campus / Facility security teams is an important aspect of maintaining overall security.

We discuss recent work on sharing threat intelligence, particularly involving the WLCG MISP instance hosted at CERN. In addition, we examine strategies for the use of this intelligence, as well as considering recent progress in the deployment and integration of the Bro Intrusion Detection System (IDS) at contributing sites.

An important part of this work is a report on the first WLCG SOC WG Workshop / Hackathon, a Workshop planned at time of writing for December 2017. This Workshop provides an opportunity to assist participating sites in the deployment of these security tools as well as giving attendees the opportunity to share experiences and consider site policies as a result. This Workshop is hoped to play a substantial role in shaping the future goals of the working group, as well as shaping future workshops.
DOI: https://doi.org/10.22323/1.327.0012
How to cite

Metadata are provided both in "article" format (very similar to INSPIRE) as this helps creating very compact bibliographies which can be beneficial to authors and readers, and in "proceeding" format which is more detailed and complete.

Open Access
Creative Commons LicenseCopyright owned by the author(s) under the term of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.