Impact on Basic Security Operations Center (SOC) Processes

Owned by IMPETUS Consortium
Mar 02, 2023
3 min read

The below description of impact builds on the description of the four primary SOC work processes as described here.

Effectiveness and Efficiency of Basic SOC Processes

The effectiveness and efficiency of basic processes are influenced by a number of factors that may be supported and strengthened by the proper use of IMPETUS tools.

  • Correct information that is quickly collected and accessible is essential for prompt response activation in SOCs. Information may come from a variety of sources, such as cameras, human sensors, online sources or intelligence from collaborating agencies. Information that is unreliable or incorrect can introduce cascading consequences in operations as analysis and response are reactive to incoming information. Quite a few of the tools in the IMPETUS portfolio are reinforcing the information collection process in the SOC. E.g.,

    • The Bacteria Detector (BD) tool improves the SOC operation by introducing information about threats due to airborne bacteria in a timely and reliable manner

    • The Cyber Threat Intelligence (CTI) tool improves SOC intelligence activities by early identification of emerging threats and the “signatures” that will indicate their presence

    • The Cyber Threat Detection and Response (CTDR) tool enables identification of the initial stages of an attack graph of a presumed cyber threat, enabling online recognition of and selection of proper countering of an attack

    • The Urban Anomaly Detector (UAD) tool provides the SOC with early recognition of anomalous situations in public spaces

    • The Social Media Detection (SMD) tool provides the SOC with intelligence related to upcoming, unwanted events in the public spaces gathered from online sources.

    • The Firearm Detector (FA) tool enables real-time detection and alerts on the presence of firearms in public spaces

  • Analysis of the information is vital in order to narrow down the volume of the information that is collected, to combine information coming from different source, and to retrieve the relevant information for the situation at hand. E.g.,

    • The Social Media Detection (SMD) tool has a set of filtering options for analysis which eases the process of finding the relevant information in a big dataset for the intelligence analyst/operator

    • The Cyber Threat Intelligence (CTI) tool provides advanced analysis filtering functions to find the relevant information about cyber related threats for a specific situation

Moreover, practically all IMPETUS tools contribute to a shared information picture that impacts the overall analysis process and enriches the grounds for shared situational awareness.

  • Response activation to incidents may vary depending on the incident and information available, which levels are engaged, if there are several simultaneous incidents, situational awareness and other factors. The decision support provided can be vital to the operators' ability to succeed in their approach to incidents. E.g.,

    • The Cyber Threat Detection and Response (CTDR) tool enables tracking of an attack graph of an active threat, enabling the countering of the threat at many stages

    • The Workload Monitoring System (WMS) tool improves overall SOC operation by recognising fatigue and other stress impacts reducing the performance of SOC operators

    • The IMPETUS Platform enables joint access and effective coordination of relevant information among SOC operators

  • A response can alter situations, not necessarily resolving them. For example, dispersing a group causing disorder may lead to scattering or relocation and not the end of the activity. If the response is not monitored and corrected the response may become insufficient or disproportionate. E.g.,

    • Practically all IMPETUS tools are able to update information continuously

    • The IMPETUS platform conveys all updated information, accessible for SOC operators