A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data

Security operation centers (SOCs) all over the world are tasked with reacting to cybersecurity alerts ranging in severity. Security Orchestration, Automation, and Response (SOAR) tools streamline cybersecurity alert responses by SOC operators. SOAR tool adoption is expensive both in effort and finan...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Norem, Savannah, Rice, Ashley E, Erwin, Samantha, Bridges, Robert A, Oesch, Sean, Weber, Brian
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Norem, Savannah
Rice, Ashley E
Erwin, Samantha
Bridges, Robert A
Oesch, Sean
Weber, Brian
description Security operation centers (SOCs) all over the world are tasked with reacting to cybersecurity alerts ranging in severity. Security Orchestration, Automation, and Response (SOAR) tools streamline cybersecurity alert responses by SOC operators. SOAR tool adoption is expensive both in effort and finances. Hence, it is crucial to limit adoption to those most worthwhile; yet no research evaluating or comparing SOAR tools exists. The goal of this work is to evaluate several SOAR tools using specific criteria pertaining to their usability. SOC operators were asked to first complete a survey about what SOAR tool aspects are most important. Operators were then assigned a set of SOAR tools for which they viewed demonstration and overview videos, and then operators completed a second survey wherein they were tasked with evaluating each of the tools on the aspects from the first survey. In addition, operators provided an overall rating to each of their assigned tools, and provided a ranking of their tools in order of preference. Due to time constraints on SOC operators for thorough testing, we provide a systematic method of downselecting a large pool of SOAR tools to a select few that merit next-step hands-on evaluation by SOC operators. Furthermore, the analyses conducted in this survey help to inform future development of SOAR tools to ensure that the appropriate functions are available for use in a SOC.
doi_str_mv 10.48550/arxiv.2112.00100
format Article
fullrecord <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2112_00100</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2112_00100</sourcerecordid><originalsourceid>FETCH-LOGICAL-a670-a973eb6a22b4ffab0e1c3569c75aea93b318736657c6ab0025f0c7f6d9df6fd83</originalsourceid><addsrcrecordid>eNotz0tOwzAUhWFPGKDCAhhxN5DgR20nw6i0gBSoRDOPbhxbtUgwct2U7p4-GJ3BLx3pI-SB0XxeSEmfMP76KeeM8ZxSRukt-ajgHdPWjpi8wQFWEUd7CPELXIiwnHDYn0r4huBgs64-oQlh2MHBpy3UfvTJ9rDZx8ke4RkT3pEbh8PO3v_vjDSrZbN4zer1y9uiqjNUmmZYamE7hZx3c-ewo5YZIVVptESLpegEK7RQSmqjTpVy6ajRTvVl75TrCzEjj9fbC6j9iX7EeGzPsPYCE38Sl0hX</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data</title><source>arXiv.org</source><creator>Norem, Savannah ; Rice, Ashley E ; Erwin, Samantha ; Bridges, Robert A ; Oesch, Sean ; Weber, Brian</creator><creatorcontrib>Norem, Savannah ; Rice, Ashley E ; Erwin, Samantha ; Bridges, Robert A ; Oesch, Sean ; Weber, Brian</creatorcontrib><description>Security operation centers (SOCs) all over the world are tasked with reacting to cybersecurity alerts ranging in severity. Security Orchestration, Automation, and Response (SOAR) tools streamline cybersecurity alert responses by SOC operators. SOAR tool adoption is expensive both in effort and finances. Hence, it is crucial to limit adoption to those most worthwhile; yet no research evaluating or comparing SOAR tools exists. The goal of this work is to evaluate several SOAR tools using specific criteria pertaining to their usability. SOC operators were asked to first complete a survey about what SOAR tool aspects are most important. Operators were then assigned a set of SOAR tools for which they viewed demonstration and overview videos, and then operators completed a second survey wherein they were tasked with evaluating each of the tools on the aspects from the first survey. In addition, operators provided an overall rating to each of their assigned tools, and provided a ranking of their tools in order of preference. Due to time constraints on SOC operators for thorough testing, we provide a systematic method of downselecting a large pool of SOAR tools to a select few that merit next-step hands-on evaluation by SOC operators. Furthermore, the analyses conducted in this survey help to inform future development of SOAR tools to ensure that the appropriate functions are available for use in a SOC.</description><identifier>DOI: 10.48550/arxiv.2112.00100</identifier><language>eng</language><subject>Computer Science - Human-Computer Interaction</subject><creationdate>2021-11</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2112.00100$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2112.00100$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Norem, Savannah</creatorcontrib><creatorcontrib>Rice, Ashley E</creatorcontrib><creatorcontrib>Erwin, Samantha</creatorcontrib><creatorcontrib>Bridges, Robert A</creatorcontrib><creatorcontrib>Oesch, Sean</creatorcontrib><creatorcontrib>Weber, Brian</creatorcontrib><title>A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data</title><description>Security operation centers (SOCs) all over the world are tasked with reacting to cybersecurity alerts ranging in severity. Security Orchestration, Automation, and Response (SOAR) tools streamline cybersecurity alert responses by SOC operators. SOAR tool adoption is expensive both in effort and finances. Hence, it is crucial to limit adoption to those most worthwhile; yet no research evaluating or comparing SOAR tools exists. The goal of this work is to evaluate several SOAR tools using specific criteria pertaining to their usability. SOC operators were asked to first complete a survey about what SOAR tool aspects are most important. Operators were then assigned a set of SOAR tools for which they viewed demonstration and overview videos, and then operators completed a second survey wherein they were tasked with evaluating each of the tools on the aspects from the first survey. In addition, operators provided an overall rating to each of their assigned tools, and provided a ranking of their tools in order of preference. Due to time constraints on SOC operators for thorough testing, we provide a systematic method of downselecting a large pool of SOAR tools to a select few that merit next-step hands-on evaluation by SOC operators. Furthermore, the analyses conducted in this survey help to inform future development of SOAR tools to ensure that the appropriate functions are available for use in a SOC.</description><subject>Computer Science - Human-Computer Interaction</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz0tOwzAUhWFPGKDCAhhxN5DgR20nw6i0gBSoRDOPbhxbtUgwct2U7p4-GJ3BLx3pI-SB0XxeSEmfMP76KeeM8ZxSRukt-ajgHdPWjpi8wQFWEUd7CPELXIiwnHDYn0r4huBgs64-oQlh2MHBpy3UfvTJ9rDZx8ke4RkT3pEbh8PO3v_vjDSrZbN4zer1y9uiqjNUmmZYamE7hZx3c-ewo5YZIVVptESLpegEK7RQSmqjTpVy6ajRTvVl75TrCzEjj9fbC6j9iX7EeGzPsPYCE38Sl0hX</recordid><startdate>20211130</startdate><enddate>20211130</enddate><creator>Norem, Savannah</creator><creator>Rice, Ashley E</creator><creator>Erwin, Samantha</creator><creator>Bridges, Robert A</creator><creator>Oesch, Sean</creator><creator>Weber, Brian</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20211130</creationdate><title>A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data</title><author>Norem, Savannah ; Rice, Ashley E ; Erwin, Samantha ; Bridges, Robert A ; Oesch, Sean ; Weber, Brian</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a670-a973eb6a22b4ffab0e1c3569c75aea93b318736657c6ab0025f0c7f6d9df6fd83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science - Human-Computer Interaction</topic><toplevel>online_resources</toplevel><creatorcontrib>Norem, Savannah</creatorcontrib><creatorcontrib>Rice, Ashley E</creatorcontrib><creatorcontrib>Erwin, Samantha</creatorcontrib><creatorcontrib>Bridges, Robert A</creatorcontrib><creatorcontrib>Oesch, Sean</creatorcontrib><creatorcontrib>Weber, Brian</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Norem, Savannah</au><au>Rice, Ashley E</au><au>Erwin, Samantha</au><au>Bridges, Robert A</au><au>Oesch, Sean</au><au>Weber, Brian</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data</atitle><date>2021-11-30</date><risdate>2021</risdate><abstract>Security operation centers (SOCs) all over the world are tasked with reacting to cybersecurity alerts ranging in severity. Security Orchestration, Automation, and Response (SOAR) tools streamline cybersecurity alert responses by SOC operators. SOAR tool adoption is expensive both in effort and finances. Hence, it is crucial to limit adoption to those most worthwhile; yet no research evaluating or comparing SOAR tools exists. The goal of this work is to evaluate several SOAR tools using specific criteria pertaining to their usability. SOC operators were asked to first complete a survey about what SOAR tool aspects are most important. Operators were then assigned a set of SOAR tools for which they viewed demonstration and overview videos, and then operators completed a second survey wherein they were tasked with evaluating each of the tools on the aspects from the first survey. In addition, operators provided an overall rating to each of their assigned tools, and provided a ranking of their tools in order of preference. Due to time constraints on SOC operators for thorough testing, we provide a systematic method of downselecting a large pool of SOAR tools to a select few that merit next-step hands-on evaluation by SOC operators. Furthermore, the analyses conducted in this survey help to inform future development of SOAR tools to ensure that the appropriate functions are available for use in a SOC.</abstract><doi>10.48550/arxiv.2112.00100</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier DOI: 10.48550/arxiv.2112.00100
ispartof
issn
language eng
recordid cdi_arxiv_primary_2112_00100
source arXiv.org
subjects Computer Science - Human-Computer Interaction
title A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-26T11%3A48%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Mathematical%20Framework%20for%20Evaluation%20of%20SOAR%20Tools%20with%20Limited%20Survey%20Data&rft.au=Norem,%20Savannah&rft.date=2021-11-30&rft_id=info:doi/10.48550/arxiv.2112.00100&rft_dat=%3Carxiv_GOX%3E2112_00100%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true