Monitoring and Improving Managed Security Services inside a Security Operation Center
DOI:
https://doi.org/10.4108/eai.8-4-2019.157413Keywords:
Managed Security Services, Network Security Monitoring, Security Operation Center, Performance Metrics, Service Level Agreement, SLA, SOC, MSS, NSM, Security analystsAbstract
Monitoring and improving the performance of Security Operation Centers (SOC) are becoming crucial due to the emerging need of benefiting from Managed Security Services (MSS) rather than hiring in-house security experts. In this paper, by observing workflows of a real-world SOC, a system consisting of three different modules is designed for monitoring analysts’ activities, analysis performance measurement, and performing simulation scenarios. The system empowers managers to evaluate the SOC’s performance, which helps them to conform to Service Level Agreement (SLA) and see the need for improvement. Moreover, the designed system is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the effectiveness of the different modules of the designed system in improving the SOC performance.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
Funding data
-
Natural Sciences and Engineering Research Council of Canada
Grant numbers N01035