Cyber Security Professionals’ Challenges: A Proposed Integrated Platform Solution

Mohammed Daffalla Elradi (Communication Systems Engineering Department, University of Science and Technology, Khartoum, Sudan)
Khalid Abass Abdelmaged (Communication Systems Engineering Department, University of Science and Technology, Khartoum, Sudan)
Mutaz Osman Mohammad (Communication Systems Engineering Department, University of Science and Technology, Khartoum, Sudan)

Abstract


As cyber threats and attacks are immensely increasing and broadly spreading catastrophically worldwide, cyber security professionals need to cope up with such a highly demanding environment. Security teams, such as Security operation Centre (SOC), Incident Response (IR) and Threat management teams are the people responsible for dealing with cyber security threats and attacks from detection to containment and preventing future incidents; which encompasses some significant challenges that might impose some limitations to the efficiency and effectiveness of activities cyber security professionals conduct, as these processes are time-consuming. In this paper we propose an integrated platform to help cyber security professionals to proactively manage cyber security threats and emerging incidents by providing an automated functionality that can optimize the workflow. The proposed security platform is supposed to diminish the average time taken by cyber security professionals to respond to cyber incidents with an average of 42%. This study can be used as a preliminary design for such an integrated platform.


Keywords


Cyber security;Threat;Intelligence;SOC;IR

Full Text:

PDF

References


[1] A. Niakanlahiji, L. Safarnejad, R. Harper and B. Chu,“IoCMiner: Automatic Extraction of Indicators of Compromise from Twitter,” 2019 IEEE International Conference on Big Data (Big Data), 2019, pp. 4747-4754.DOI: 10.1109/BigData47090.2019.9006562.

[2] G. Husari, X. Niu, B. Chu and E. Al-Shaer, “Using entropy and mutual information to extract threat actions from cyber threat intelligence”, 2018 IEEE International Conference on Intelligence and ecurity Informatics (ISI), pp. 1-6, Nov 2018.

[3] Definition: Threat intelligence, 2013, [online] Available:https://www.gartner.com/doc/2487216/definition-threat-intelligence.

[4] G. Husari, E. Al-Shaer, M. Ahmed, B. Chu, and X.Niu. 2017. TTPDrill: automatic and accurate extraction of threat actions from unstructured text of cti sources. In Proc. ACSAC 2017, pages103-112.

[5] B. J. Kwon, V. Srinivas, A. Deshpande, and T. Dumitras. 2017. Catching worms, trojan horse and PUPs:un-supervised detection of silent delivery campagins.In Proc. NDSS 17.

[6] O Catakoglu, M. Balduzzi, and D. Balzarotti, “Automatic extraction of indicators of compromise for web applications,” International World Wide Web Conference Committee (IW3C2), Montréal, Québec,Canada, 2016, pp. 1-11.

[7] J. Andress. (2015, May). Working with indicators of compromise. ISSA Journal.[Online].Available:www.issa.org.

[8] Vielberth, Manfred & Böhm, Fabian & Fichtinger,Ines & Pernul, Günther. (2020). Security Operations Center: A Systematic Study and Open Challenges.IEEE Access. PP.10.1109/ACCESS.2020.3045514.

[9] F. B. Kokulu, A. Soneji, T. Bao, Y. Shoshitaishvili,Z. Zhao, A. Doupé, and G.-J. Ahn, ‘‘Matched and mismatched SOCs,’’ in Proc. ACM SIGSAC Conf.Comput. Commun. Secur., New York, NY,USA,Nov. 2019, pp.1955-1970.

[10] B. Hámornik and C. Krasznay, ‘‘A team-level perspective of human factors in cyber security:Security operations centers,’’ in Advances in Human Factors in Cybersecurity, vol. 593 D.Nicholson, Ed. Cham,Switzerland: Springer, 2018, pp. 224-236.

[11] Chris Crowley, John Pescatore. Common and Best Practices for Security Operations Centers:Results of the 2019 SOC Survey. SANS Institute Information Security Reading Room, July 2019.

[12] X. Liao, K. Yuan, X. Wang, Z. Li, L. Xing, and R.Beyah, “Acing the ioc game: toward automatic discovery and analysis of open-source cyber threat intelligence,” in Proc. CCS 16, 2016, pp. 755-766.

[13] crowdstrike.com. 2021. What is Cyber Threat Intelligence? [Beginner’s Guide]. [online] Available at:https://www.crowdstrike.com/cybersecurity-101/threat-intelligence.

[14] Z. Zhu and T. Dumitras, “ChainSmith: automatically learning the semantics of malicious campaigns by mining threat intelligence reports,”in Proc. EuroS&P 2018, 2018.

[15] IT Exchange. 2021. CyberSecurity Knowledge Bases: The Brain of Security Systems. [online] Available at: https://www.itexchangeweb.com/blog/cybersecurity-knowledge-bases-the-brain-of-security-systems.

[16] Smartsheet. 2021. Complete Guide to the PPT Framework | Smartsheet. [online] Available at: https://www.smartsheet.com/content/people-process-technology.

[17] World Economic Forum. 2021. 4 key challenges for cybersecurity leaders. [online] Available at: https://www.weforum.org/agenda/2020/01/four-key-challenges-for-cybersecurity-leaders.



DOI: https://doi.org/10.30564/ese.v3i2.3376

Refbacks

  • There are currently no refbacks.
Copyright © 2021 MOHAMMED DAFFALLA ELRADI ALSIDDIG, Khalid Abass Abdelmajeed Abdelmaged, Mutaz Osman Abdulhaleem Mohammad


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.