A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data
Savannah Norem, Ashley E Rice, Samantha Erwin, Robert A Bridges, Sean, Oesch, Brian Weber
TL;DR
This paper introduces a mathematical framework to evaluate SOAR tools using limited survey data, helping SOCs identify the most valuable tools efficiently and guiding future development based on usability criteria.
Contribution
It presents a systematic method for downselecting SOAR tools from survey data, enabling efficient evaluation and informing future tool development.
Findings
Systematic downselection method for SOAR tools
Insights into usability factors important to SOC operators
Framework aids in prioritizing tools for detailed evaluation
Abstract
Security operation centers (SOCs) all over the world are tasked with reacting to cybersecurity alerts ranging in severity. Security Orchestration, Automation, and Response (SOAR) tools streamline cybersecurity alert responses by SOC operators. SOAR tool adoption is expensive both in effort and finances. Hence, it is crucial to limit adoption to those most worthwhile; yet no research evaluating or comparing SOAR tools exists. The goal of this work is to evaluate several SOAR tools using specific criteria pertaining to their usability. SOC operators were asked to first complete a survey about what SOAR tool aspects are most important. Operators were then assigned a set of SOAR tools for which they viewed demonstration and overview videos, and then operators completed a second survey wherein they were tasked with evaluating each of the tools on the aspects from the first survey. In…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.