Please use this identifier to cite or link to this item: https://rda.sliit.lk/handle/123456789/2632
Title: The Next Gen Security Operation Center
Authors: Perera, A
Rathnayaka, S
Che, C
Madushanka, W. W
Senarathne, A. N
Keywords: Operation Center
Next Gen Security
Issue Date: 2-Apr-2021
Publisher: IEEE
Citation: A. Perera, S. Rathnayaka, N. D. Perera, W. W. Madushanka and A. N. Senarathne, "The Next Gen Security Operation Center," 2021 6th International Conference for Convergence in Technology (I2CT), 2021, pp. 1-9, doi: 10.1109/I2CT51068.2021.9418136.
Series/Report no.: 2021 6th International Conference for Convergence in Technology (I2CT);
Abstract: Due to the evolving Cyber threat landscape, Cyber criminals have found new and ingenious ways of breaching defenses in networks. Due to the sheer destruction these threat actors can cause to an organization, most modern-day organizations have focused their attention towards protecting their critical infrastructure and sensitive information through multiple methods. The main defense against both internal and external threats to an organization has been the implementation of the Security Operations Center (SOC) which is responsible for monitoring, analyzing and mitigating incoming threats. At the heart of the Security Operations Center, lies the Security Information and Event Management system (SIEM) which is utilized by SOC analysts as the centralized point where all security notifications from various security technologies including firewalls, IPS/IDS and Anti-Virus logs are collected and visualized. The effective operation of SOC in an organization is dependent on how well the SIEM filters log events and generates actual alerts. Here lies the major problem faced by SOC analysts in detecting threats. If proper alert correlation is not accomplished, analysts would have to deal with too much alert noise due to a high false positive count. This would ultimately cause analysts to miss critical security incidents, thus causing severe implications to the organization's security. The performance of a SIEM can be enhanced through adding various functionalities such as Threat Hunting, Threat Intelligence and malware identification and prevention in order to reduce false positive alarms, threat framework and machine learning which would increase the accuracy and efficiency of the overall Security Operations process of an organization. Even though many products which provide these additional functionalities exist in the current market, they can be too expensive for smaller scale organizations to handle. Our aim is to make security operations deliverable to any organization regardless of the size and scale without any financial implications and enhance its functionalities with the aid of Advanced Machine Learning Techniques.
URI: http://rda.sliit.lk/handle/123456789/2632
ISBN: 978-1-7281-8876-8
Appears in Collections:Department of Computer systems Engineering-Scopes
Research Papers - Dept of Computer Systems Engineering
Research Papers - IEEE
Research Papers - SLIIT Staff Publications

Files in This Item:
File Description SizeFormat 
The_Next_Gen_Security_Operation_Center.pdf
  Until 2050-12-31
834.57 kBAdobe PDFView/Open Request a copy


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.