| Summary: | Sonification (the representation of data as sound) may offer a solution to some of the network-security monitoring challenges faced in security operations centres (SOCs). Prior work has shown that sonification can present network-security information to humans effectively, and indicated that security practitioners foresee potential for sonification to aid in scenarios related to their work. The use of sonification by security practitioners in tasks relevant to SOCs has not been examined, however. To address this gap, we assessed the use of sonification by security practitioners in network-security monitoring tasks in an experimental setting. We report on the results of a study in which we compared the performance of security practitioners using a Security Information and Event Management (SIEM) tool with their performance using a SIEM tool that incorporated sonification, in a primary and a non-primary monitoring task. In both tasks, a number of aspects of the monitoring performance of participants were significantly improved when sonification was used. Our results support the potential for sonification to aid in SOC tasks, and indicate a need to validate the utility of sonification systems by running them in operational SOCs.
|
|---|