Improving security prioritization in security operations centres with help of automation

Abstract

Security operations centres often encounter overwhelming amounts of security threats that are reported by ML identification systems. Therefore, this thesis proposes utilizing shared datasets from the threat intelligence platform MISP and implementing automation of the risk prioritization process by help of a MySQL and a Java application that is illustrated in a proof of concept. This is especially relevant since manual work is still a concern with current risk assessment models. The implementation of the proof-of-concept shows great potential but also highlights potential limitations, difficulties and discusses these further in depth. Moreover, it was concluded that there is a vast amount of data and tools available which makes an implementation of automation in risk prioritization models feasible without an overwhelming amount of complexity. However, it was also concluded that automating resistance capabilities was deemed especially challenging but could be approached by utilizing agile methodologies.