Enhancing Collaboration Between Security Analysts in Security Operations Centers

  • Damien CrémilleuxEmail author
  • Christophe Bidan
  • Frédéic Majorczyk
  • Nicolas Prigent
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


Security Operations Centers (SOCs) collect data related to the information systems they protect and process it to detect suspicious activities. In this paper we explain how a SOC is organized, we highlight the current limitations of SOCs and their consequences regarding the performance of the detection service. We propose a new collaboration process to enhance the cooperation between security analysts in order to quickly process security events and define a better workflow that enables them to efficiently exchange feedback. Finally, we design a prototype corresponding to this new model.


Security and privacy Intrusion detection systems Network security Collaboration Security Operations Center 


  1. 1.
    Zimmerman, C.: Ten Strategies of a World-Class Cybersecurity Operations Center. The MITRE Corporation, McLean (2014)Google Scholar
  2. 2.
    Sundaramurthy, S., et al.: A human capital model for mitigating security analyst burnout. In: SOUPS 2015. USENIX Association, July 2015Google Scholar
  3. 3.
    Prestataires de détection des incidents de sécurité. Référentiel d’exigences. ANSSI (2017)Google Scholar
  4. 4.
    Crémilleux, D., et al.: VEGAS: visualizing, exploring and grouping alerts. In: NOMS, pp. 1097–1100. IEEE (2016)Google Scholar
  5. 5.
    Rajivan, P., Cooke, N.: Impact of team collaboration on cybersecurity situational awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness. LNCS, vol. 10030, pp. 203–226. Springer, Cham (2017). Scholar
  6. 6.
    Chen, S., et al.: OCEANS: online collaborative explorative analysis on network security. In: VizSec 2014 (2014)Google Scholar
  7. 7.
    Stoffel, F., Fischer, F., Keim, D.A.: Finding anomalies in time-series using visual correlation for interactive root cause analysis. In: VizSec 2013 (2013)Google Scholar
  8. 8.
    Phan, D., et al.: visual analysis of network flow data with timelines and event plots. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007. Mathematics and Visualization. Springer, Heidelberg (2008). Scholar
  9. 9.
    Fischer, F., Keim, D.A.: NStreamAware: real-time visual analytics for data streams to enhance situational awareness. In: VizSec 2014 (2014)Google Scholar
  10. 10.
    Franklin, L., et al.: Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design. In: VizSec 2017 (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Damien Crémilleux
    • 1
    Email author
  • Christophe Bidan
    • 1
  • Frédéic Majorczyk
    • 1
    • 2
  • Nicolas Prigent
    • 3
  1. 1.CentraleSupélecRennesFrance
  2. 2.DGA-MIBruzFrance
  3. 3.LSTISaint-MaloFrance

Personalised recommendations