2 research outputs found
Testing SOAR Tools in Use
Modern security operation centers (SOCs) rely on operators and a tapestry of
logging and alerting tools with large scale collection and query abilities. SOC
investigations are tedious as they rely on manual efforts to query diverse data
sources, overlay related logs, and correlate the data into information and then
document results in a ticketing system. Security orchestration, automation, and
response (SOAR) tools are a new technology that promise to collect, filter, and
display needed data; automate common tasks that require SOC analysts' time;
facilitate SOC collaboration; and, improve both efficiency and consistency of
SOCs. SOAR tools have never been tested in practice to evaluate their effect
and understand them in use. In this paper, we design and administer the first
hands-on user study of SOAR tools, involving 24 participants and 6 commercial
SOAR tools. Our contributions include the experimental design, itemizing six
characteristics of SOAR tools and a methodology for testing them. We describe
configuration of the test environment in a cyber range, including network,
user, and threat emulation; a full SOC tool suite; and creation of artifacts
allowing multiple representative investigation scenarios to permit testing. We
present the first research results on SOAR tools. We found that SOAR
configuration is critical, as it involves creative design for data display and
automation. We found that SOAR tools increased efficiency and reduced context
switching during investigations, although ticket accuracy and completeness
(indicating investigation quality) decreased with SOAR use. Our findings
indicated that user preferences are slightly negatively correlated with their
performance with the tool; overautomation was a concern of senior analysts, and
SOAR tools that balanced automation with assisting a user to make decisions
were preferred
Characterization of Nitrifying, Denitrifying, and Overall Bacterial Communities in Permeable Marine Sediments of the Northeastern Gulf of Mexico â–¿ â€
Sandy or permeable sediment deposits cover the majority of the shallow ocean seafloor, and yet the associated bacterial communities remain poorly described. The objective of this study was to expand the characterization of bacterial community diversity in permeable sediment impacted by advective pore water exchange and to assess effects of spatial, temporal, hydrodynamic, and geochemical gradients. Terminal restriction fragment length polymorphism (TRFLP) was used to analyze nearly 100 sediment samples collected from two northeastern Gulf of Mexico subtidal sites that primarily differed in their hydrodynamic conditions. Communities were described across multiple taxonomic levels using universal bacterial small subunit (SSU) rRNA targets (RNA- and DNA-based) and functional markers for nitrification (amoA) and denitrification (nosZ). Clonal analysis of SSU rRNA targets identified several taxa not previously detected in sandy sediments (i.e., Acidobacteria, Actinobacteria, Chloroflexi, Cyanobacteria, and Firmicutes). Sequence diversity was high among the overall bacterial and denitrifying communities, with members of the Alphaproteobacteria predominant in both. Diversity of bacterial nitrifiers (amoA) remained comparatively low and did not covary with the other gene targets. TRFLP fingerprinting revealed changes in sequence diversity from the family to species level across sediment depth and study site. The high diversity of facultative denitrifiers was consistent with the high permeability, deeper oxygen penetration, and high rates of aerobic respiration determined in these sediments. The high relative abundance of Gammaproteobacteria in RNA clone libraries suggests that this group may be poised to respond to short-term periodic pulses of growth substrates, and this observation warrants further investigation