Security operations centre: Situation awareness, threat intelligence and cybercrime

Abstract

There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments. In this research cyber security operations centre deployment models are proposed to provide better and enhanced situational awareness in order to detect common and frequent exploits, and also sophisticated and cross-channel exploits.