A carregar...
Publicação
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 8.44 MB | Adobe PDF |
Autores
Resumo(s)
In the present day, IT systems are an integral part of most organizations, and
play a huge role it their success. With the necessity to connect these systems to
the internet to further amplify their benefits and possibilities, comes the issue of
cybersecurity. Allied to the importance of these systems for the organizations, comes
the interest of attackers in disrupting these same services. When the amount of
cyberattacks occurring everyday is taken into consideration, and how these might
impact organizations, this issue becomes one of the greatest challenges they have to
deal with.
The problems that this project deals with is fundamentally connect with this
issue. With the variety of attacks that currently circulates Security Operations
Center (SOC) rely on many different software to monitor their systems, which in
turn create too much information to be handled individually by security analysts.
In this project this issue was analyzed, as well how it can be handled, as the main
objective of this is project is to find a solution for the SOC of the Instituto Politécnico
de Leiria (IPLeiria) which is facing this very same issue. The proposed solution to
this problem is through Security Orchestration, Automation and Response (SOAR).
SOAR encompasses different concepts that help in creating effective and efficient
routines to handles the incidents that a SOC faces on a daily basis.
To tackle this problem in the case of the IPLeiria SOC, the solution found relied on
the use of a SOAR platform or software. For this effect different solutions available
were analysed, including free and paid software. The choice came down to using a
free software called Shuffle 1 in conjunction with the already existent in the IPLeiria
SOC case management platform TheHive 2.
With these two tools, different playbooks were developed to handle the most
prominent type of incidents the SOC faces.
Descrição
Palavras-chave
Cybersecurity Security Operations Center (SOC) Security Orchestration Automation and Response (SOAR) x Software Information security Politécnico de Leiria