Deploying Active Defence in a SOC: Analysts’ Perceptions of Cyber Deception
Files
Date
2025-01-07
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
1122
Ending Page
Alternative Title
Abstract
Security Operations Centres (SOCs) are pivotal in safeguarding an organisation's network infrastructure. While existing technologies focus on reactive measures, the emergence of deception tools presents an opportunity for a more proactive defence against cyber threats. Integrating such tools into SOCs, however, necessitates understanding their impact, value, and implementation challenges. To explore this, we conducted fifteen interviews with analysts from a leading SoC provider in Australia. Our thematic analysis revealed key insights: implementing cyber deception requires a shift in organisational risk tolerance, efficacy hinges on proper implementation, and it introduces new risks requiring strategic management. Analysts suggested that in-house SOCs or threat intelligence teams might be more suited for cyber deception deployment in a Managed Service Provider (MSP) SOC. This study sheds light on the implications of cyber deception for SOC operations. We conclude with recommendations to guide the integration of deception tools into SOCs.
Description
Keywords
Cyber Deception and Cyberpsychology for Defense, active defence, cyber deception, cyber security, soc, soc analysts
Citation
Extent
10
Format
Geographic Location
Time Period
Related To
Proceedings of the 58th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.