'Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

1 Citaat (Scopus)
93 Downloads (Pure)

Samenvatting

Current threat analysis processes followed by tier-1 (T1) analysts in a Security Operation Center (SOC) rely mainly on tacit knowledge, and can differ greatly across analysts. The lack of structure and clear objectives to T1 analyses makes operative inefficiencies hard to spot, SOC performance hard to measure (and therefore improve), results in overall lower security for the monitored environment(s), and contributes to analyst burnout. In this work we collaborate with a commercial SOC to devise a 4-stage (network) threat analysis process to support the collection and analysis of relevant information for threat analysis. We conduct an experiment with ten T1 analysts employed in the SOC and show that analysts following the proposed process are 2.5 times more likely to produce an accurate assessment than analysts who do not. We evaluate qualitatively the effects of the process on analysts decisions, and discuss implications for practice and research.

Originele taal-2Engels
TitelProceedings of the 19th Symposium on Usable Privacy and Security, SOUPS 2023
Plaats van productieAnaheim
UitgeverijUsenix Association
Pagina's97-111
Aantal pagina's15
ISBN van elektronische versie978-1-939133-36-6
StatusGepubliceerd - 7 aug. 2023
Evenement19th Symposium on Usable Privacy and Security, SOUPS 2023 - Anaheim, Verenigde Staten van Amerika
Duur: 7 aug. 20238 aug. 2023
Congresnummer: 19

Congres

Congres19th Symposium on Usable Privacy and Security, SOUPS 2023
Verkorte titelSOUPS 2023
Land/RegioVerenigde Staten van Amerika
StadAnaheim
Periode7/08/238/08/23

Financiering

This work is supported by the SeReNity project, Grant No. cs.010, funded by Netherlands Organisation for Scientific Research (NWO) and by the INTERSECT project, Grant No. NWA.1162.18.301, funded by NWO. The authors also thank the Eindhoven security hub SOC for its collaboration in this work.

FinanciersFinanciernummer
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

    Vingerafdruk

    Duik in de onderzoeksthema's van ''Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center'. Samen vormen ze een unieke vingerafdruk.

    Citeer dit