Monitoring and Improving Managed Security Services inside a Security Operation Center
Keywords:Managed Security Services, Network Security Monitoring, Security Operation Center, Performance Metrics, Service Level Agreement, SLA, SOC, MSS, NSM, Security analysts
Monitoring and improving the performance of Security Operation Centers (SOC) are becoming crucial due to the emerging need of beneﬁting from Managed Security Services (MSS) rather than hiring in-house security experts. In this paper, by observing workﬂows of a real-world SOC, a system consisting of three diﬀerent modules is designed for monitoring analysts’ activities, analysis performance measurement, and performing simulation scenarios. The system empowers managers to evaluate the SOC’s performance, which helps them to conform to Service Level Agreement (SLA) and see the need for improvement. Moreover, the designed system is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the eﬀectiveness of the diﬀerent modules of the designed system in improving the SOC performance.
How to Cite
Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
Natural Sciences and Engineering Research Council of Canada
Grant numbers N01035