Integrated Dashboard for Real-time Security Monitoring and Incident Response

In a fully managed serverless environment, the cloud service provider is responsible for securing the cloud infrastructure, considerably decreasing application developers' operational and maintenance workloads. However, such environments limit the use of traditional cybersecurity tools and frameworks, reducing observability and situational awareness (for example, risk assessment and incident management). Furthermore, existing security frameworks designed for serverless applications frequently lack universal adaptability to different application architectures and require customization, expert skills, and other adaptations for implementation in fully managed serverless environments. This article describes a three-tiered security system developed primarily for applications deployed in fully controlled serverless environments. The first two tiers use an innovative ontology developed entirely from serverless logs to turn them into a unified application activity knowledge graph. The third tier tackles the critical need for observability and situational awareness by adding two graph-based tools: An incident response interface that uses ontologies to visualize and analyse application activity records in connection to cybersecurity warnings. User research found that this tool allowed users to respond to new security alarms more quickly and accurately than a baseline tool. A paradigm for evaluating the criticality of assets (CoA) that enables specialists to prioritize cybersecurity scenarios effectively.