The Study of the Possibilities of Using SOC Based on Free and Open Source Software

Andrii Yefimenko; Mykhailo Honcharov

doi:10.26642/ten-2024-1(93)-170-175

Технічна інженерія (Jun 2024)

The Study of the Possibilities of Using SOC Based on Free and Open Source Software

Andrii Yefimenko,
Mykhailo Honcharov

Affiliations

Andrii Yefimenko: ORCiD; Zhytomyr Polytechnic State University
Mykhailo Honcharov: ORCiD; Zhytomyr Polytechnic State University

DOI: https://doi.org/10.26642/ten-2024-1(93)-170-175
Journal volume & issue: Vol. 1, no. 93
pp. 170 – 175

Abstract

Read online

The article considers a specific combination of Security Operations Center solutions that use free open source software as an alternative to Security Operations Center based on expensive proprietary ones. The study identifies each of the components of such a Security Operations Center, describes their place and interaction in the process of detecting, analyzing and mitigating the consequences of cyber attacks. The competitiveness of such an Security Operations Center is analyzed, its advantages, disadvantages and development prospects are determined. The research analyzes a specific combination of free open-source tools, detailing each component's role and interaction in detecting, analyzing, and mitigating cyber threats. The proposed free open-source Security Operations Center comprises a Security Information and Event Management system (Elastic Stack), Security Orchestration, Automation and Response platform (TheHive and Cortex), Intrusion Prevention/Intrusion Detection System (Snort), Endpoint Detection and Response/Extended Detection and Response (Wazuh), threat intelligence platform (MISP), vulnerability scanner (OpenVAS), malware analysis tool (YARA), honeypot solution (Honeyd), and detection testing framework (Atomic Red Team). The study illustrates use cases demonstrating the Security Operations Center's response to ransomware infections, vulnerability exploits, and honeypot triggers, highlighting the synergistic interplay between components. Advantages of the free open-source Security Operations Center include cost-effectiveness, customizability, agility, reliability, community support, and resilience. Drawbacks encompass complexity, integration challenges, limited documentation, lack of vendor support, potential security risks, and restricted features compared to enterprise solutions. The research concludes that while deploying and managing free open-source tools can be complex, the advantages of a free open-source Security Operations Center outweigh the disadvantages, making it a viable option for organizations with specific security needs, especially those with budgetary constraint.

Published in Технічна інженерія

ISSN: 2706-5847 (Print); 2707-9619 (Online)
Publisher: Zhytomyr Polytechnic State University
Country of publisher: Ukraine
LCC subjects: Technology: Engineering (General). Civil engineering (General)
Website: http://ten.ztu.edu.ua/

About the journal

Abstract

Keywords