How do information security workers use host data? A summary of interviews with security analysts

12/07/2018
by   Robert A. Bridges, et al.
0

Modern security operations centers (SOCs) employ a variety of tools for intrusion detection, prevention, and widespread log aggregation and analysis. While research efforts are quickly proposing novel algorithms and technologies for cyber security, access to actual security personnel, their data, and their problems are necessarily limited by security concerns and time constraints. To help bridge the gap between researchers and security centers, this paper reports results of semi-structured interviews of 13 professionals from five different SOCs including at least one large academic, research, and government organization. The interviews focused on the current practices and future desires of SOC operators about host-based data collection capabilities, what is learned from the data, what tools are used, and how tools are evaluated. Questions and the responses are organized and reported by topic. Then broader themes are discussed. Forest-level takeaways from the interviews center on problems stemming from size of data, correlation of heterogeneous but related data sources, signal-to-noise ratio of data, and analysts' time.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/16/2018

A Survey of Intrusion Detection Systems Leveraging Host Data

This survey focuses on intrusion detection systems (IDS) that leverage h...
research
12/29/2017

A Deep Belief Network Based Machine Learning System for Risky Host Detection

To assure cyber security of an enterprise, typically SIEM (Security Info...
research
04/17/2022

Performance Measurement of Security Academic Information System using Maturity Level

This study aims to information security in academic information systems ...
research
12/16/2020

An Assessment of the Usability of Machine Learning Based Tools for the Security Operations Center

Gartner, a large research and advisory company, anticipates that by 2024...
research
02/27/2023

AI-Driven Container Security Approaches for 5G and Beyond: A Survey

The rising use of microservices based software deployment on the cloud l...
research
08/12/2022

Testing SOAR Tools in Use

Modern security operation centers (SOCs) rely on operators and a tapestr...
research
03/06/2023

Planning Distributed Security Operations Centers in Multi-Cloud Landscapes: A Case Study

We present a case study on the strategic planning of a security operatio...

Please sign up or login with your details

Forgot password? Click here to reset