CAREER: SaTC: Bridging the Gap Between Research and Practice: Automation and Metrics in Security Operation Centers

职业:SaTC:弥合研究与实践之间的差距:安全运营中心的自动化和指标

基本信息

项目摘要

Security Operation Centers (SOCs) are pivotal entities of modern enterprise networks in industry, academia, and the government sector. Organizations usually deploy SOCs to manage their network operations, defend against threats in the cyber space, and maintain regulatory compliance. Automation and metrics play key roles in the effectiveness of SOC environments. Unfortunately, security-driven automation in SOCs is often implemented in ad-hoc ways and is not accurately reflected in the metrics. Even though SOC environments are dealing with constantly changing threats, IT systems on their enterprise networks and SOC procedures are fairly static. Current SOC metrics tend to focus on straight-forward quantitative measurements (e.g., number of closed tickets) while the role of human analysts in the automation process is not accurately assessed. This project's novelties include the creation of a SOC framework that enables tailored security-focused automation for operational environments, assesses the role of humans in this process, and reflects the outcomes in the metrics. The project's broader significance and importance are focused on triggering a major change in the current attacker mode of operation and shift the SOC landscape from all defenses need to be successful, to all attacks need to be successful to maintain persistent access -- "turning the tables" on adversaries. Moreover, this project provides opportunities for curriculum enhancements via integrating research results in cybersecurity courses, affords an opportunity for students to participate in research on security operations, and thereby supports careers in cybersecurity research or professions.On the technical side, this project explores the integration of the feature-rich DevOps/DevSecOps approaches in dynamic operational environments to establish security baselines. In this context DevOps and DevSecOps are sets of practices that combine software development and IT operations in cybersecurity-related setups. On the human capital side, the research team adopts a sociotechnical approach to study organizational environments by analyzing people and technological artifacts as interacting components. In place of partial, social or technical approaches, the project integrates research and education outcomes so they feed into each other. The project includes an ethnographic SOC fieldwork component, designing multi-segment abstractions for enabling security baselines, an analysis component of the SOC analyst to infrastructure programmer transition, and an evaluation effort of the SOC framework components across different environments. Results are broadly disseminated via publications, presentations/tutorials, and online resources. Overall, the outcomes of this project will evolve the means available to SOCs to significantly increase the burden on attackers and lower their capabilities to compromise enterprise networks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
安全运营中心(SOC)是工业界、学术界和政府部门现代企业网络的关键实体。组织通常部署SOC来管理其网络运营,防御网络空间中的威胁,并保持法规遵从性。自动化和度量在SOC环境的有效性中起着关键作用。不幸的是,SOC中安全驱动的自动化通常以特定的方式实现,并且没有准确地反映在指标中。尽管SOC环境正在处理不断变化的威胁,但其企业网络上的IT系统和SOC程序相当静态。当前的SOC度量倾向于关注直接的定量测量(例如,关闭的票据数量),而人类分析师在自动化过程中的作用没有得到准确评估。该项目的创新之处包括创建一个SOC框架,为运营环境提供量身定制的以安全为中心的自动化,评估人类在此过程中的作用,并在指标中反映结果。该项目更广泛的意义和重要性集中在触发当前攻击者操作模式的重大变化,并将SOC格局从所有防御都需要成功转变为所有攻击都需要成功以保持持续访问-“扭转局面”对手。此外,该项目通过将研究成果整合到网络安全课程中,为课程改进提供了机会,为学生提供参与安全运营研究的机会,从而支持网络安全研究或专业的职业生涯。在技术方面,该项目探索了在动态运营环境中整合功能丰富的DevOps/DevSecOps方法,以建立安全基线。在这种情况下,DevOps和DevSecOps是一套实践,在网络安全相关的设置中结合了联合收割机软件开发和IT运营。在人力资本方面,研究小组采用社会技术的方法来研究组织环境,通过分析人和技术工件作为相互作用的组成部分。该项目取代了部分、社会或技术方法,将研究和教育成果结合起来,使它们相互补充。该项目包括一个人种学SOC实地考察组件,设计多段抽象,使安全基线,SOC分析师的分析组件基础设施程序员的过渡,并在不同的环境SOC框架组件的评估工作。成果通过出版物、演示/教程和在线资源广泛传播。总的来说,该项目的成果将发展SOC可用的手段,以显著增加攻击者的负担,降低其危害企业网络的能力。该奖项反映了NSF的法定使命,并已被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Alexandru Bardas其他文献

Alexandru Bardas的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Alexandru Bardas', 18)}}的其他基金

CRII: SaTC: Creating and Managing Structurally-Morphing IT Systems - Moving Targets
CRII:SaTC:创建和管理结构变化的 IT 系统 - 移动目标
  • 批准号:
    1850406
  • 财政年份:
    2019
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
EAGER: SaTC: Early-Stage Interdisciplinary Collaboration: Collaborative: A Sociotechnical Metrics Framework for Network and Security Operations Centers
EAGER:SaTC:早期跨学科协作:协作:网络和安全运营中心的社会技术指标框架
  • 批准号:
    1915824
  • 财政年份:
    2019
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant

相似海外基金

CRII: SaTC: Automated Knowledge Representation for IoT Cybersecurity Regulations
CRII:SaTC:物联网网络安全法规的自动化知识表示
  • 批准号:
    2348147
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
CRII: SaTC: Reliable Hardware Architectures Against Side-Channel Attacks for Post-Quantum Cryptographic Algorithms
CRII:SaTC:针对后量子密码算法的侧通道攻击的可靠硬件架构
  • 批准号:
    2348261
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
CRII: SaTC: Privacy vs. Accountability--Usable Deniability and Non-Repudiation for Encrypted Messaging Systems
CRII:SaTC:隐私与责任——加密消息系统的可用否认性和不可否认性
  • 批准号:
    2348181
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
SaTC: CORE: Small: An evaluation framework and methodology to streamline Hardware Performance Counters as the next-generation malware detection system
SaTC:核心:小型:简化硬件性能计数器作为下一代恶意软件检测系统的评估框架和方法
  • 批准号:
    2327427
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
  • 批准号:
    2317232
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
  • 批准号:
    2330940
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Continuing Grant
CRII: SaTC: Evolving I/O Protocols for Confidential Computing
CRII:SaTC:用于机密计算的不断发展的 I/O 协议
  • 批准号:
    2348130
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
CRII: SaTC: Enforcing Expressive Security Policies using Trusted Execution Environments
CRII:SaTC:使用可信执行环境执行表达性安全策略
  • 批准号:
    2348304
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338301
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Continuing Grant
CRII: SaTC: The Right to be Forgotten in Follow-ups of Machine Learning: When Privacy Meets Explanation and Efficiency
CRII:SaTC:机器学习后续中被遗忘的权利:当隐私遇到解释和效率时
  • 批准号:
    2348177
  • 财政年份:
    2024
  • 资助金额:
    $ 52.43万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了