Implementing open-source security information and event management system (SIEM) for private cloud infrastructure of DLSU CCS-TSG

Added Title

Implementing open source security information and event management system

Author

Elijah Dale M. Vidanes, De La Salle University, ManilaFollow

Date of Publication

12-2022

Document Type

Master's Thesis

Degree Name

Master in Information Security

Subject Categories

Computer Sciences | Information Security

College

College of Computer Studies

Department/Unit

Computer Technology

Thesis Advisor

Fritz Kevin S. Flores

Defense Panel Chair

Gregory G. Cu

Defense Panel Member

Arlyn Verina L. Ong
Marnel S. Peradilla

Abstract/Summary

Cybersecurity is an essential part of IT operations in the 21st century, there has been an increase in attacks on businesses by malicious individuals for monetary gain to access sensitive information, and manually investigating each host for suspicious activity is ineffective and reactive, and most of the time early warning signs of an attack are hard to identify. Security Information and Event Management (SIEM) is a set of tools and services that can provide a holistic overview of the organization's information security posture. However, SIEM can be expensive because of its license cost, maintenance, and resource requirements. This project evaluates known open-source SIEM solutions using Strength and Weakness, and Opportunity and Threats analysis that fit with the needs of DLSU CCS-TSG with minimal cost implementation design in mind. The chosen SIEM was deployed, configured, and optimized to improve the detection capabilities for adversarial tactics based on the MITRE ATT&CK framework on Unix-based Operating Systems. To validate the efficacy of the SIEM deployed and rule optimization in system auditing, an attack simulation was conducted based on commands from tactics for Discovery, Credential Access, and Persistence from MITRE ATT&CK. In conclusion, the SIEM helped the organization to centrally collect data across the network environment to gain real-time visibility into activities that may potentially induce risk and help the organization address the issues before becoming a significant financial risk. Lastly, it was proven that optimizing both SIEM and host system auditing to correlate and work with each other improved the detection capabilities of the SIEM. However, a proper set of training to manage, maintain, and improve the skillset and gain experience in cybersecurity to discern potential threats vs. false positives is an essential part of the SIEM to be effective.

Keywords: Cyber Security Operations, SIEM, AuditD, Intrusion Detection, Open-Source

Abstract Format

html

Note

Added title from the approval sheet.

Language

English

Format

Electronic

Physical Description

104 leaves

Keywords

Computer security; Intrusion detection systems (Computer security); Computer networks—Security measures

Recommended Citation

Vidanes, E. M. (2022). Implementing open-source security information and event management system (SIEM) for private cloud infrastructure of DLSU CCS-TSG. Retrieved from https://animorepository.dlsu.edu.ph/etdm_comtech/13

Upload Full Text

wf_yes

Embargo Period

7-12-2023