DESIGN AND INTEGRATION OF ORCHESTRATION AND AUTOMATION RESPONSE SYSTEMS IN SECURITY OPERATION CENTER INFRASTRUCTURE USING ELASTIC STACK AND TINES
ii ABSTRACT DESIGN AND INTEGRATION OF ORCHESTRATION AND AUTOMATION RESPONSE SYSTEMS IN SECURITY OPERATION CENTER INFRASTRUCTURE USING ELASTIC STACK AND TINES By Mochammad Ronny Ardianto NIM: 18118039 (Telecommunication Engineering Program) The number of reports of information security atta...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/66634 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | ii
ABSTRACT
DESIGN AND INTEGRATION OF ORCHESTRATION AND
AUTOMATION RESPONSE SYSTEMS IN SECURITY
OPERATION CENTER INFRASTRUCTURE USING ELASTIC
STACK AND TINES
By
Mochammad Ronny Ardianto
NIM: 18118039
(Telecommunication Engineering Program)
The number of reports of information security attacks resulting in data leaks has
increased over the year until it was reported that 2020 was the worst year where
the high number of data leaks reached 36 billion in the third quarter. The Covid-
19 pandemic also contributed to an increase in the threat of fraud (scam) which
rose by 400%. The number of cases of security attacks and the high risk of leaking
information in cyberspace cause the focus in the field of cybersecurity needs to be
increased. In relation, in the world of cybersecurity there are two main roles,
namely the red team as a tester or attacker and the blue team as the defense team.
However, in the real world there are many companies that apply red teams more in
their operations. Therefore, this final project will try to underlie the role of the blue
team which is very important as the defense of an organization or company in an
effort to monitor, secure, and respond if there is a security incident.
In this final task will be created an architecture and implementation of the system
that can help the role of the blue team, in this case will be referred to as the security
operation center (SOC) team. The system consists of an SOC system using tools or
software, namely security information and event management (SIEM) as a
centralized integration tool of all logs generated by the company's devices and
services. The next system to strengthen SIEM's capabilities is the use of security
orchestration, automation and response (SOAR). SOAR can provide orchestration
support in running several tasks that can be done automatically. The use of SOAR
in the SOC system will assist the team in conducting analysis intelligence on an
incident warning that occurs and can assist the team in determining the direction
of response to the incident effectively. The entire system will be tested and verified
to determine that the system is in accordance with the purpose of the final task.
Keywords: information security, blue team, SOC, SIEM, SOAR. |
|---|