Architecture-centric Support for Integrating Security Tools in a Security Orchestration Platform

Conference: 14th European Conference on Software Architecture (ECSA), 14-18 September 2020, L’Aquila, Italy.

Authors: Chadni Islam, Muhammad Ali Babar and Surya Nepal.

Year: 2020

Abstract: Security Operation Centers (SOC) leverage a number of tools to detect, thwart and deal with security attacks. One of the key challenges of SOC is to quickly integrate security tools and operational activities. To address this challenge, an increasing number of organizations are using Security Orchestration, Automation and Response (SOAR) platforms, whose design needs suitable architectural support. This paper presents our work on architecture-centric support for designing a SOAR platform. Our approach consists of a conceptual map of SOAR platform and the key dimensions of an architecture design space. We have demonstrated the use of the approach in designing and implementing a Proof of Concept (PoC) SOAR platform for (i) automated integration of security tools and (ii) automated interpretation of activities to execute incident response processes. We also report a preliminary evaluation of the proposed architectural support for improving a SOAR’s design.

Published Version: https://link.springer.com/chapter/10.1007/978-3-030-58923-3_11

Presentation:

Architecture-centric Support for Integrating Security Tool in a Security Orchestration Platform from Chadni Islam

Cite as: Islam C., Babar M.A., Nepal S. (2020) Architecture-Centric Support for Integrating Security Tools in a Security Orchestration Platform. In: Jansen A., Malavolta I., Muccini H., Ozkaya I., Zimmermann O. (eds) Software Architecture. ECSA 2020. Lecture Notes in Computer Science, vol 12292. Springer, Cham. https://doi.org/10.1007/978-3-030-58923-3_11