Humans and automation: Augmenting security operation centers
J Tilbury, S Flowerday - Journal of Cybersecurity and Privacy, 2024 - mdpi.com
The continuous integration of automated tools into security operation centers (SOCs)
increases the volume of alerts for security analysts. This amplifies the risk of automation bias …
increases the volume of alerts for security analysts. This amplifies the risk of automation bias …
Security operations center: A systematic study and open challenges
Since the introduction of Security Operations Centers (SOCs) around 15 years ago, their
importance has grown significantly, especially over the last five years. This is mainly due to …
importance has grown significantly, especially over the last five years. This is mainly due to …
99% false positives: A qualitative study of {SOC} analysts' perspectives on security alarms
In this work, we focus on the prevalence of False Positive (FP) alarms produced by security
tools, and Security Operation Centers (SOCs) practitioners' perception of their quality. In an …
tools, and Security Operation Centers (SOCs) practitioners' perception of their quality. In an …
Integrated network and security operation center: A systematic analysis
D Shahjee, N Ware - IEEE Access, 2022 - ieeexplore.ieee.org
Traditionally, network and security operation center teams have worked in silos despite
commonalities. The network operating center (NOC) team is to provide operationality and …
commonalities. The network operating center (NOC) team is to provide operationality and …
Deepcase: Semi-supervised contextual analysis of security events
Security monitoring systems detect potentially malicious activities in IT infrastructures, by
either looking for known signatures or for anomalous behaviors. Security operators …
either looking for known signatures or for anomalous behaviors. Security operators …
A different cup of {TI}? the added value of commercial threat intelligence
X Bouwman, H Griffioen, J Egbers, C Doerr… - 29th USENIX security …, 2020 - usenix.org
Commercial threat intelligence is thought to provide unmatched coverage on attacker
behavior, but it is out of reach for many organizations due to its hefty price tag. This paper …
behavior, but it is out of reach for many organizations due to its hefty price tag. This paper …
Measuring and visualizing cyber threat intelligence quality
The very raison d'être of cyber threat intelligence (CTI) is to provide meaningful knowledge
about cyber security threats. The exchange and collaborative generation of CTI by the …
about cyber security threats. The exchange and collaborative generation of CTI by the …
Examining the efficacy of decoy-based and psychological cyber deception
KJ Ferguson-Walter, MM Major, CK Johnson… - 30th USENIX security …, 2021 - usenix.org
The threat of cyber attacks is a growing concern across the world, leading to an increasing
need for sophisticated cyber defense techniques. Attackers often rely on direct observation …
need for sophisticated cyber defense techniques. Attackers often rely on direct observation …
Point cloud analysis for ML-based malicious traffic detection: Reducing majorities of false positive alarms
As an emerging security paradigm, machine learning (ML) based malicious traffic detection
is an essential part of automatic defense against network attacks. Powered by dedicated …
is an essential part of automatic defense against network attacks. Powered by dedicated …
[HTML][HTML] A systematic method for measuring the performance of a cyber security operations centre analyst
E Agyepong, Y Cherdantseva, P Reinecke… - Computers & Security, 2023 - Elsevier
Analysts who work in a Security Operations Centre (SOC) play an essential role in
supporting businesses to protect their computer networks against cyber attacks. To manage …
supporting businesses to protect their computer networks against cyber attacks. To manage …