Monitoring and Improving Managed Security Services inside a Security Operation Center

Khalili, Mina and Zhang, Mengyuan and Borbor, Daniel and Wang, Lingyu and Scarabeo, Nicandro and Zamor, Michel-Ange (2019) Monitoring and Improving Managed Security Services inside a Security Operation Center. EAI Endorsed Transactions on Security and Safety, 5 (18). e1. ISSN 2032-9393

[thumbnail of eai.8-4-2019.157413.pdf]
Available under License Creative Commons Attribution No Derivatives.

Download (2MB) | Preview


Monitoring and improving the performance of Security Operation Centers (SOC) are becoming crucial due to the emerging need of benefiting from Managed Security Services (MSS) rather than hiring in-house security experts. In this paper, by observing workflows of a real-world SOC, a system consisting of three different modules is designed for monitoring analysts’ activities, analysis performance measurement, and performing simulation scenarios. The system empowers managers to evaluate the SOC’s performance, which helps them to conform to Service Level Agreement (SLA) and see the need for improvement. Moreover, the designed system is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the effectiveness of the different modules of the designed system in improving the SOC performance.

Item Type: Article
Uncontrolled Keywords: Managed Security Services, Network Security Monitoring, Security Operation Center, Performance Metrics, Service Level Agreement, SLA, SOC, MSS, NSM, Security analysts
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 13:59
Last Modified: 26 Mar 2021 13:59

Actions (login required)

View Item
View Item