The National Science Foundation (NSF) has awarded EECS Assistant Professor Alexandru Bardas and his collaborator, Bradley Fidler from Stevens Institute of Technology, a research grant to design a novel framework of metrics that can be used by cybersecurity professionals to better harmonize network performance and security.
Network and Security Operations Centers (SOCs) are central components of modern enterprise networks. Organizations deploy SOCs to manage their network operations, defend against cyber threats, and maintain regulatory compliance. Traditionally, these organizations are provided with an abstract view of network security through the interface of SOC metrics, and the SOC, in turn, interfaces with the network through monitoring software. By isolating a narrow subset of "performance" measurements, most typically a closed ticket count, these metrics misrepresent the effectiveness of the SOC and the security posture of the network itself. Metrics incentivize unproductive behavior in a SOC (e.g., analysts are cherry-picking alerts, quantity over quality), conceal potentially fundamental security vulnerabilities in the network itself (e.g., inappropriate and expensive tools acquired for compliance purposes), and trigger destabilizing right-sizing processes in the controlling organization.
Photo: EECS Assistant Professor Alexandru Bardas.
This project focuses on developing a new metrics framework that enables the harmonization of SOC performance against enterprise network security. It also provides opportunities for embedding and training students in SOC environments, evaluating parts of the proposed metrics in students' cyberdefense competitions, and for validating the metrics framework in real-world SOC environments. Instead of putting forward another set of generic metrics, the goal is to create a sociotechnical framework that each SOC and parent organization personnel can use to create tailored metrics for their unique security environment. For this, the project utilizes the concept of the sociotechnical system, an approach to the study of organizational environments that analyzes people and technological artifacts as interacting components in complex systems.
This interdisciplinary research effort draws on two demonstrated areas of expertise. Assistant Prof. Bardas has studied the interface between NOC/SOC staff, security tools, metrics, and the network managing organizations. Fidler, assistant professor of science and technology studies at Stevens Institute of Technology, has studied the evolution of network architectures, and the forms of human management they have necessitated over time. Together, these perspectives provide the intellectual background needed to create a new metrics framework that will provide a closer link between SOC effectiveness and network security.