Vulcan: Improving Analyst Collaboration for Cyber Security
Purpose of research
- Increase the speed with which cyber security analysts communicate to match that of their adversaries
- Expand the domains where cyber security analysts communicate, beyond official channels to informal sources and even the queries they execute
- Minimize the effort required for collaboration
We wish to make collaboration among cyber security analysts effortless by increasing their ambient awareness of what other analysts are doing.
Most forms of collaboration require active user input. Our approach derives much of this information passively from the analysts' normal workflow.
By observing the questions cyber security analysts ask of their data and the other sources they commonly use to inform their work, Vulcan can inform the work of other analysts. The communication protocol can protect the identities and sensitivities of analysts and organizations involved. This enables rapid communication while protecting sensitive information and connecting the people who need to collaborate most. We strive to enhance collaboration by minimizing (1) the effort a required to provide shared information, (2) the effort required to use shared information, and (3) the risk associated with identifying the sources of information.