2 research outputs found
VSOC - A Virtual Security Operating Center
Security in virtualised environments is becoming
increasingly important for institutions, not only for a firm’s
own on-site servers and network but also for data and sites
that are hosted in the cloud. Today, security is either handled
globally by the cloud provider, or each customer needs to
invest in its own security infrastructure. This paper proposes a
Virtual Security Operation Center (VSOC) that allows to collect,
analyse and visualize security related data from multiple sources.
For instance, a user can forward log data from its firewalls,
applications and routers in order to check for anomalies and
other suspicious activities. The security analytics provided by the
VSOC are comparable to those of commercial security incident
and event management (SIEM) solutions, but are deployed as
a cloud-based solution with the additional benefit of using big
data processing tools to handle large volumes of data. This allows
us to detect more complex attacks that cannot be detected with
todays signature-based (i.e. rules) SIEM solutions
Harnessing Human Potential for Security Analytics
Humans are often considered the weakest link in cybersecurity. As a result, their potential has been continuously neglected. However, in recent years there is a contrasting development recognizing that humans can benefit the area of security analytics, especially in the case of security incidents that leave no technical traces. Therefore, the demand becomes apparent to see humans not only as a problem but also as part of the solution. In line with this shift in the perception of humans, the present dissertation pursues the research vision to evolve from a human-as-a-problem to a human-as-a-solution view in cybersecurity. A step in this direction is taken by exploring the research question of how humans can be integrated into security analytics to contribute to the improvement of the overall security posture. In addition to laying foundations in the field of security analytics, this question is approached from two directions. On the one hand, an approach in the context of the human-as-a-security-sensor paradigm is developed which harnesses the potential of security novices to detect security incidents while maintaining high data quality of human-provided information. On the other hand, contributions are made to better leverage the potential of security experts within a SOC. Besides elaborating the current state in research, a tool for determining the target state of a SOC in the form of a maturity model is developed. Based on this, the integration of security experts was improved by the innovative application of digital twins within SOCs. Accordingly, a framework is created that improves manual security analyses by simulating attacks within a digital twin. Furthermore, a cyber range was created, which offers a realistic training environment for security experts based on this digital twin