Use cases of attack graph for SOC optimization purpose

Abstract

The development and deployment of dynamic and adaptive cyber defense solutions are essential to face the extremely fast evolving and increasingly common cyberattacks. Security Operation Centers (SOC) are widely used recently to correctly identify, analyze, defend, and investigate security incidents. In order to defend our networks, it is also essential to identify vulnerabilities and weaknesses in the system. Nowadays, attack graphs are the most frequently used graphical representations of a system's vulnerabilities as well as different attack paths an attacker may carry out. This paper investigates the possible use cases of attack graphs in a Security Operation Center. It also identifies different areas and point out potential research directions.