Abstract

AbstractSecurity practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer network activity. This work requires both automated tools that detect and prevent attacks, and data presentation tools that can present pertinent network security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification in which data are represented as sound, is said to have potential as an approach that could work alongside existing visual data presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this article, therefore, is to address this gap by exploring attitudes to using sonification in SOCs and by identifying the data presentation approaches currently used. We report on the results of a study consisting of an online survey (N = 20) and interviews (N = 21) with security practitioners working in a range of different SOCs. Our contributions are (i) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (ii) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (iii) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting and (iv) evidence of the visual data presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC.

Highlights

  • The threats to the cybersecurity of today’s organizations are numerous, vastly varied and constantly evolving

  • Research approach Having identified existing approaches to data presentation used in Security Operations Centres (SOCs), we aimed to explore the potential for sonification to be used

  • Our results showed that a number of aspects of the monitoring performance of security practitioners were improved when they used sonification alongside a Security Information and Event Management (SIEM) tool compared to when they used a security incident and event management (SIEM) alone, in an experimental setting

Read more

Summary

Introduction

The threats to the cybersecurity of today’s organizations are numerous, vastly varied and constantly evolving. Security Operations Centres (SOCs) run within and on behalf of organizations and are responsible for the security of networks and critical infrastructure. In SOCs, security practitioners work, often under high pressure [1], interacting with a range of security tools to detect and prevent malicious activity. There is a requirement for monitoring tools for use in SOCs that are effective and meet the needs of security practitioners. The objective of an SOC is primarily to mitigate cybersecurity threats towards the organizations for which they are responsible [13]. Internal SOCs are responsible for the organizations they are placed within, while multitenanted SOCs monitor network security on behalf of multiple client organizations. The resulting pressure and demanding nature of SOC work have been highlighted in HCI research [1, 15]

Objectives
Methods
Findings
Discussion
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Sonification in Security Operations Centres: What do Security Practitioners Think?
Louise Axon ... Bushra Alahmadi
-
Louise Axon, et. al.Louise Axon ... Bushra Alahmadi
01 Jan 2018
Sonification to Support the Monitoring Tasks of Security Operations Centres
Louise Axon ... Michael Goldsmith
IEEE Transactions on Dependable and Secure Computing | VOL. 18
Louise Axon, et. al.Louise Axon ... Michael Goldsmith
01 Jan 2019
WLCG Security Operations Centres Working Group
David Crooks ... Liviu Vâlsan
-
David Crooks, et. al.David Crooks ... Liviu Vâlsan
06 Dec 2017
SAIBERSOC : A Methodology and Tool for Experimenting with Security Operation Centers
Martin Rosso ... Michele Campobasso
Digital Threats: Research and Practice | VOL. 3
Martin Rosso, et. al.Martin Rosso ... Michele Campobasso
08 Feb 2022
View more papers

More From: Journal of Cybersecurity

Paper Title
Journal
Date
Author
The cybersecurity of fairy tales
Luca Viganò
Journal of Cybersecurity | VOL. 10
Luca ViganòLuca Viganò
02 Jan 2024
A systematic literature review on advanced persistent threat behaviors and its detection strategy
Nur Ilzam Che Mat ... Miss Laiha Mat Kiah
Journal of Cybersecurity | VOL. 10
Nur Ilzam Che Mat, et. al.Nur Ilzam Che Mat ... Miss Laiha Mat Kiah
02 Jan 2024
The barriers to sustainable risk transfer in the cyber-insurance market
Henry R K Skeoch ... Christos Ioannidis
Journal of Cybersecurity | VOL. 10
Henry R K Skeoch, et. al.Henry R K Skeoch ... Christos Ioannidis
02 Jan 2024
Cybersecurity when working from home during COVID-19: considering the human factors
Monica T Whitty ... Marthie Grobler
Journal of Cybersecurity | VOL. 10
Monica T Whitty, et. al.Monica T Whitty ... Marthie Grobler
02 Jan 2024
View more papers