Abstract
Security Operations Centers (SOCs) collect data related to the information systems they protect and process it to detect suspicious activities. In this paper we explain how a SOC is organized, we highlight the current limitations of SOCs and their consequences regarding the performance of the detection service. We propose a new collaboration process to enhance the cooperation between security analysts in order to quickly process security events and define a better workflow that enables them to efficiently exchange feedback. Finally, we design a prototype corresponding to this new model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A series of similar graphs with same scale and axes to compare them easily.
References
Zimmerman, C.: Ten Strategies of a World-Class Cybersecurity Operations Center. The MITRE Corporation, McLean (2014)
Sundaramurthy, S., et al.: A human capital model for mitigating security analyst burnout. In: SOUPS 2015. USENIX Association, July 2015
Prestataires de détection des incidents de sécurité. Référentiel d’exigences. ANSSI (2017)
Crémilleux, D., et al.: VEGAS: visualizing, exploring and grouping alerts. In: NOMS, pp. 1097–1100. IEEE (2016)
Rajivan, P., Cooke, N.: Impact of team collaboration on cybersecurity situational awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness. LNCS, vol. 10030, pp. 203–226. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61152-5_8
Chen, S., et al.: OCEANS: online collaborative explorative analysis on network security. In: VizSec 2014 (2014)
Stoffel, F., Fischer, F., Keim, D.A.: Finding anomalies in time-series using visual correlation for interactive root cause analysis. In: VizSec 2013 (2013)
Phan, D., et al.: visual analysis of network flow data with timelines and event plots. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007. Mathematics and Visualization. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78243-8_6
Fischer, F., Keim, D.A.: NStreamAware: real-time visual analytics for data streams to enhance situational awareness. In: VizSec 2014 (2014)
Franklin, L., et al.: Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design. In: VizSec 2017 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Crémilleux, D., Bidan, C., Majorczyk, F., Prigent, N. (2019). Enhancing Collaboration Between Security Analysts in Security Operations Centers. In: Zemmari, A., Mosbah, M., Cuppens-Boulahia, N., Cuppens, F. (eds) Risks and Security of Internet and Systems. CRiSIS 2018. Lecture Notes in Computer Science(), vol 11391. Springer, Cham. https://doi.org/10.1007/978-3-030-12143-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-12143-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12142-6
Online ISBN: 978-3-030-12143-3
eBook Packages: Computer ScienceComputer Science (R0)