Machine Learning as One of the Highly Effective Methods of Reducing the Load on CSOC's Analysts

Machine Learning as One of the Highly Effective Methods of Reducing the Load on CSOC's Analysts

연구 분야: Safety

학회: 2023 IEEE 13th International Conference on Electronics and Information Technologies (ELIT)

The primary objective of this investigation revolves around streamlining the operational workflow within the Cybersecurity Operation Center (CSOC). It is no secret that the CSOC faces a significant challenge due to the influx of signals originating from a multitude of cybersecurity tools, each demanding precise processing. These tools encompass Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR), Next-Generation Firewalls (NGFW), Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), and more. Furthermore, a substantial volume of raw information, including event logs from diverse systems and applications, necessitates analysis and decision-making. This cumulative workload places immense pressure on CSOC analysts, resulting in an upsurge in poorly processed events, longer response times, extended event processing durations, and inevitably, an increase in the number of false positives. To address these challenges, two viable options emerge: 1.Augment CSOC funding by recruiting additional analysts. However, this approach is not without its hurdles, including a scarcity of qualified specialists in the job market and the potential for inflated financial costs, which may not align with optimal business decisions. 2.Develop an integrated system designed to detect malicious actions comprehensively. A key component of such a system involves the sophisticated detection of anomalies and responding not solely to individual events but to the anomalies themselves.