A Strategy for Effective Alert Analysis at a Cyber Security Operations Center

2018 ◽  
pp. 206-226 ◽  
Author(s):  
Rajesh Ganesan ◽  
Ankit Shah
Keyword(s):  
Cyber Security ◽  
Security Operations ◽  
Operations Center

scholarly journals Vulnerability Selection for Remediation: An Empirical Analysis

2019 ◽  
pp. 154851291987412 ◽  
Author(s):  
Ankit Shah ◽  
Katheryn A. Farris ◽  
Rajesh Ganesan ◽  
Sushil Jajodia
Keyword(s):  
Cyber Security ◽  
Selection Process ◽  
Network Systems ◽  
Individual Attribute ◽  
Multiple Attribute ◽  
Selection For ◽  
Security Operations ◽  
Scan Data ◽  
Operations Center ◽  
Attribute Value

Vulnerabilities are security flaws in software and network systems that criminal hackers can exploit to gain an asymmetric advantage. Cyber-Security Operations Centers must routinely triage and patch vulnerabilities in their system(s) to minimize external exposure to attackers. The personnel resources required to address vulnerability remediation tasks are limited and constrained, thus motivating the need for optimization approaches to improve the efficiency of the vulnerability selection process. This paper investigates two different approaches to vulnerability selection for mitigation through (a) Individual Attribute Value Optimization and (b) Multiple Attribute Value Optimization. The former approach presents a methodology that optimizes the selection of vulnerabilities for mitigation with respect to an individual attribute, while the latter approach considers multiple attributes in the vulnerability selection decision-making. Real scan data from a Cyber-Security Operations Center are used to compare the results between the two mathematical approaches. Furthermore, comparisons are made with the results obtained from (a) the actual (baseline) Cyber-Security Operations Center performance, and (b) a vulnerability prioritization algorithm called VULCON that appeared in recent literature.

Threat Hunting as Cyber Security Baseline in the Next-Generation Security Operations Center

2021 ◽  
Author(s):  
Tsviatko Bikov ◽  
Dimitar Radev ◽  
Teodor Iliev ◽  
Dragan Stankovski
Keyword(s):  
Cyber Security ◽  
Next Generation ◽  
Security Operations ◽  
Operations Center

What is a Security Operations Center?

2017 ◽  
pp. 3-10
Author(s):  
Gregory Jarpey ◽  
R. Scott McCoy
Keyword(s):  
Security Operations ◽  
Operations Center

Challenges and performance metrics for security operations center analysts: a systematic review

2019 ◽  
Vol 4 (3) ◽  
pp. 125-152 ◽  
Author(s):  
Enoch Agyepong ◽  
Yulia Cherdantseva ◽  
Philipp Reinecke ◽  
Pete Burnap
Keyword(s):  
Systematic Review ◽  
Performance Metrics ◽  
Security Operations ◽  
And Performance ◽  
Operations Center

scholarly journals The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

2019 ◽  
Vol 3 (1) ◽  
pp. 6 ◽  
Author(s):  
Konstantinos Demertzis ◽  
Nikos Tziritas ◽  
Panayiotis Kikiras ◽  
Salvador Llopis Sanchez ◽  
Lazaros Iliadis
Keyword(s):  
Data Analysis ◽  
Network Flow ◽  
Streaming Data ◽  
Cognitive Computing ◽  
Security Strategy ◽  
K Nearest Neighbors ◽  
Processing Technologies ◽  
Lambda Architecture ◽  
Security Operations ◽  
Operations Center

A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization’s security posture on an ongoing basis. The SOC staff works closely with incident response teams, security analysts, network engineers and organization managers using sophisticated data processing technologies such as security analytics, threat intelligence, and asset criticality to ensure security issues are detected, analyzed and finally addressed quickly. Those techniques are part of a reactive security strategy because they rely on the human factor, experience and the judgment of security experts, using supplementary technology to evaluate the risk impact and minimize the attack surface. This study suggests an active security strategy that adopts a vigorous method including ingenuity, data analysis, processing and decision-making support to face various cyber hazards. Specifically, the paper introduces a novel intelligence driven cognitive computing SOC that is based exclusively on progressive fully automatic procedures. The proposed λ-Architecture Network Flow Forensics Framework (λ-ΝF3) is an efficient cybersecurity defense framework against adversarial attacks. It implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming data, using two accurate novel computational intelligence algorithms. Specifically, it uses an Extreme Learning Machine neural network with Gaussian Radial Basis Function kernel (ELM/GRBFk) for the batch data analysis and a Self-Adjusting Memory k-Nearest Neighbors classifier (SAM/k-NN) to examine patterns from real-time streams. It is a forensics tool for big data that can enhance the automate defense strategies of SOCs to effectively respond to the threats their environments face.

Sign in / Sign up

Export Citation Format

Share Document