Building a Scalable Security Operations Center: A Focus on Open-source Tools

Christian Bassey *

Department of Security and Network Engineering, Innopolis University, Innopolis, Russia.

Ebenezer Tonye Chinda

Department of Computer Science, University of Sunderland, London, United Kingdom.

Samson Idowu

Department of Security and Network Engineering, Innopolis University, Innopolis, Russia.

*Author to whom correspondence should be addressed.


Abstract

Given the prevalence of a wide variety of cyber attacks against businesses of all sizes, it is essential to ensure that adequate security monitoring of organizational assets and infrastructure is in place to ensure the early detection and response to security incidents. By using a security information and event management (SIEM) tool in collaboration with other security tools, such as an extended detection and response (XDR) tool, all housed in an organizational unit, adequate security monitoring and response to detected incidents can be achieved. This research builds a SOC architecture with various components to ensure complete security visibility across endpoints and digital assets. Then, it proposes low-cost open-source tooling that can be used to implement this architecture. To validate the performance of this architecture, the architecture was implemented using the proposed tools, which included the Wazuh platform as the XDR and SIEM tool, TheHive for case management, and Suricata for network intrusion detection. Subsequently, various cybersecurity scenarios, such as brute force attacks, malware downloads, and DoS attacks, were executed against endpoints monitored by this deployed architecture. The results show that the tools implemented performed the correct exposure assessment and successfully detected and responded to the various scenarios. This paper proposed a security operations center architecture utilizing open-source tools and successfully implemented it to detect common cybersecurity attacks.

Keywords: Security operations center, security information, event management, incident response, extended detection, response, open-source


How to Cite

Bassey , Christian, Ebenezer Tonye Chinda, and Samson Idowu. 2024. “Building a Scalable Security Operations Center: A Focus on Open-Source Tools”. Journal of Engineering Research and Reports 26 (7):196-209. https://doi.org/10.9734/jerr/2024/v26i71203.

Downloads

Download data is not yet available.