Floragasse 7 – 5th floor, 1040 Vienna

Applied Research

At SBA Research, Applied Research is driven by a simple observation: many of today’s most pressing cybersecurity and digitalization challenges cannot be solved by off the shelf products or standardised service models alone. Organizations are confronted with rapidly evolving technologies, increasing regulatory demands, complex software ecosystems, and security threats that often outpace established best practices. As a result, they must respond quickly while simultaneously building sustainable technological foundations and long-term expertise.

Our mission is to transform cutting-edge research into practical capabilities that address these challenges directly. By combining novel analytical toolsets, the latest scientific insights, and targeted knowledge transfer, we help organizations understand complex systems, make informed decisions, and establish resilient technical capabilities that endure beyond individual projects.

As Austria’s largest research center dedicated exclusively to information security, SBA Research brings together internationally recognized research expertise, methodological rigor, and extensive practical experience. This unique combination enables us to provide solutions that are not only scientifically sound, but also directly applicable to the operational realities of industry, government, and the public sector.

  • Custom Solutions: Design and implementation of tailored software and infrastructure solutions, ranging from specialized analysis tools and expert systems to Security Operation Center platforms, software management frameworks, and digital sovereignty solutions.
  • Technology Guidance: Practical support for the adoption, integration, optimization, and strategic use of modern software, artificial intelligence, and security infrastructures. Building on our own toolsets and extensive operational experience, we help organizations establish sustainable and resilient technical capabilities.
  • Services: Expert support and customized solutions delivered to address specific organizational needs and challenges.
  • Workshops: Interactive sessions designed to explore specific topics, develop practical skills, and foster collaborative problem-solving.
  • Trainings: Structured learning programs that build knowledge, competencies, and hands-on expertise in targeted areas.

I-SEE (Integrated Software Ecosystem Evaluation)

I-SEE (Integrated Software Ecosystem Evaluation) is a data-driven analysis framework for software projects. It identifies which parts of a system are particularly maintenance-intensive, error-prone, or dependent on specific individuals, libraries, or supply chains. To achieve this, I-SEE analyzes not only the current state of the codebase but also the entire development history of a project.

Software is not a static product. It is an ecosystem that evolves over years, consisting of proprietary code, external dependencies, and the expertise of the people who develop it. Over time, complexity increases, knowledge is lost, dependencies become outdated, and AI-generated code increasingly finds its way into systems. Maintaining visibility across this ecosystem becomes progressively more challenging. Read more …

I-SEE (Integrated Software Ecosystem Evaluation) Training

Complex software systems behave less like machines and more like living ecosystems. They grow, age, and accumulate technical debt when technical, organizational, and social complexity increases without coordination. Volatile teams, aging dependencies, and the rapidly growing use of AI tools accelerate these effects. Traditional engineering approaches often reach their limits in dealing with these challenges. Read more …

Open-Source-Based Security Operations Center (SOC) Implementation

Sovereignty instead of dependency: We implement powerful open-source SOCs that are NIS2-compliant and provide full control over your security data on your on-premises infrastructure. Read more …

Security Operations Center (SOC) Expert Advice

Cyberattacks are becoming faster, more sophisticated, and more costly. A well-planned and professionally managed Security Operations Center is your best line of defense. We help you select the right technologies, establish the most efficient processes, and strengthen your team to handle any emergency. Read more …

Wazuh Course – From Basic Configuration to Advanced Threat Hunting

Master the open-source security platform Wazuh: Learn how to set up a professional on-premises SOC, conduct threat hunting, and ensure your digital sovereignty in accordance with NIS 2. Read more …

Security Operations Center (SOC) – Basic Course

Build your own SOC: Theory and practice combined, on-premises, independent of expensive vendor solutions, and in compliance with the requirements of the NIS2 Directive. Read more …

Assessment of the Digital Sovereignty of Software Systems

Digital sovereignty is not a single metric, but the result of numerous technical, organizational, and strategic factors. We help you make these different perspectives transparent and derive well-informed actions for managing and evolving your software landscape. Read more …

CRA Readiness Workshop for Industrial Products

The Cyber Resilience Act introduces binding cybersecurity requirements that demand concrete changes to how products are developed, operated, and maintained. Implementing these changes effectively and cost-efficiently is a significant challenge for many organizations.

The CRA Readiness Workshop by SBA Research offers manufacturers a structured, expert-led pathway to CRA compliance. Drawing on expertise in penetration testing, security research, and regulatory analysis, the workshop is developed interactively with development and product management teams to ensure results that are both rigorous and immediately applicable.

For organizations seeking a structured entry point into CRA compliance, SBA Research offers a dedicated workshop. The CRA Readiness Workshop, led by SBA Research experts in penetration testing, research, and regulatory analysis, guides manufacturers through a structured preparation process, developed interactively with developers and product management teams. Read more …

Work with us

Looking for a research partner? Whether you want to explore a specific security challenge, develop a joint project, or find out how our expertise can add value to your organization. We work with partners across industry, government, and the public sector, from the first conversation to full collaboration.