Advancing Security Operations Centers: Modern Use Cases, MITRE ATT&CK Integration, and Coverage Optimization in 2025

Citation

Ghani Virk, Salman and Iqbal, Jawaid and Ali, Atif and Mahmud, Ali Rashid and Rashid, Imran and Hanif, Tariq (2025) Advancing Security Operations Centers: Modern Use Cases, MITRE ATT&CK Integration, and Coverage Optimization in 2025. Journal of Computing and Biomedical Informatics, 9 (2). ISSN 27101606

[img] Text
Type of the Paper (Article.pdf - Published Version
Restricted to Repository staff only

Download (809kB)

Abstract

The frequency of cybersecurity threats has risen considerably over the years. Furthermore, these attacks have become increasingly complex and costly. The total damage worldwide is estimated to go beyond USD 10.5 trillion per year by 2025 (Cybersecurity Ventures, 2025). Such an increasingly threatening environment requires organizations to take stronger security measures as a matter of great importance. SOCs are instrumental in organizations' security plans, as they provide ongoing checks of IT environments, facilitate the quick identification of breaches, and coordinate incident mitigation measures to prevent potential harm. This research paper employs the design science method to develop an image of detection coverage mapping and a visualization interface that helps correlate enterprise event logs with the MITRE ATT&CK tactics and techniques for identification. The study has been updated with various industry datasets, including IBM's 2025 Cost of Data Breach Report, Verizon's DBIR 2025, and ENISA's Threat Landscape 2024, which serve as the basis for the assessment. The study indicates that the implementation of AI-supported SOCs can significantly reduce the mean-time-to-detect (MTTD) by almost 40%, resulting in a notable performance increase for the threat detection system. Our research suggests that the first/primary way of managing SOCs (Security Operations) concerns by human analysts trained comprehensively and assisted by intelligent automation is the most acceptable. Additionally, the incessant adaptation of the MITRE ATT&CK framework as a benchmark and the launch of the targeted budget planning to advance detection and security quality were among the key points raised.

Item Type: Article
Uncontrolled Keywords: Cybersecurity
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines
Divisions: Others
Depositing User: Ms Rosnani Abd Wahab
Date Deposited: 06 Feb 2026 07:36
Last Modified: 06 Feb 2026 07:36
URII: http://shdl.mmu.edu.my/id/eprint/15205

Downloads

Downloads per month over past year

View ItemEdit (login required)