IMPROVING SOC DETECTION CAPABILITY USING MITRE ATT&CK FRAMEWORK AND RISK DRIVEN APPROACH: A CASE STUDY IN XYZ ORGANIZATION

Abstract

The Security Operations Center (SOC) is crucial for organizations to ensure operational continuity and security amidst rapidly evolving threats. However, SOCs often develop detection capabilities without a clear direction, which can lead to ineffectiveness. This research aims to create a process model for enhancing SOC detection capabilities, aligning them with organizational goals, relevant risks and adaptive to evolving threat. The study reviews existing detection approaches and employs the MITRE ATT&CK Top 10 framework, and threat intelligent information based on relevant factor to identify pertinent threats. Both hands-off and hands-on methods employed to analyze and validate detection gaps in the SOC. Additionally, the research adopts a case study approach, applying the proposed process model to the XYZ organization. The model was validated through a qualitative approach that included interviews with experts in the SOC field, complemented by surveys to enhance the reliability of the findings. The research findings show that experts agree the proposed process model helps aligns SOC detection capabilities with organizational goals, helps identify relevant threats, and promotes the development of focused SOC detection capabilities.