HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2021 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10400.8/6695 |
Resumo: | In the present day, IT systems are an integral part of most organizations, and play a huge role it their success. With the necessity to connect these systems to the internet to further amplify their benefits and possibilities, comes the issue of cybersecurity. Allied to the importance of these systems for the organizations, comes the interest of attackers in disrupting these same services. When the amount of cyberattacks occurring everyday is taken into consideration, and how these might impact organizations, this issue becomes one of the greatest challenges they have to deal with. The problems that this project deals with is fundamentally connect with this issue. With the variety of attacks that currently circulates Security Operations Center (SOC) rely on many different software to monitor their systems, which in turn create too much information to be handled individually by security analysts. In this project this issue was analyzed, as well how it can be handled, as the main objective of this is project is to find a solution for the SOC of the Instituto Politécnico de Leiria (IPLeiria) which is facing this very same issue. The proposed solution to this problem is through Security Orchestration, Automation and Response (SOAR). SOAR encompasses different concepts that help in creating effective and efficient routines to handles the incidents that a SOC faces on a daily basis. To tackle this problem in the case of the IPLeiria SOC, the solution found relied on the use of a SOAR platform or software. For this effect different solutions available were analysed, including free and paid software. The choice came down to using a free software called Shuffle 1 in conjunction with the already existent in the IPLeiria SOC case management platform TheHive 2. With these two tools, different playbooks were developed to handle the most prominent type of incidents the SOC faces. |
| id |
RCAP_dd8e5bb2626d8c49e0be70485033ca47 |
|---|---|
| oai_identifier_str |
oai:iconline.ipleiria.pt:10400.8/6695 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIACybersecuritySecurity Operations Center (SOC)Security Orchestration Automation and Response (SOAR) x SoftwareInformation securityPolitécnico de LeiriaDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaIn the present day, IT systems are an integral part of most organizations, and play a huge role it their success. With the necessity to connect these systems to the internet to further amplify their benefits and possibilities, comes the issue of cybersecurity. Allied to the importance of these systems for the organizations, comes the interest of attackers in disrupting these same services. When the amount of cyberattacks occurring everyday is taken into consideration, and how these might impact organizations, this issue becomes one of the greatest challenges they have to deal with. The problems that this project deals with is fundamentally connect with this issue. With the variety of attacks that currently circulates Security Operations Center (SOC) rely on many different software to monitor their systems, which in turn create too much information to be handled individually by security analysts. In this project this issue was analyzed, as well how it can be handled, as the main objective of this is project is to find a solution for the SOC of the Instituto Politécnico de Leiria (IPLeiria) which is facing this very same issue. The proposed solution to this problem is through Security Orchestration, Automation and Response (SOAR). SOAR encompasses different concepts that help in creating effective and efficient routines to handles the incidents that a SOC faces on a daily basis. To tackle this problem in the case of the IPLeiria SOC, the solution found relied on the use of a SOAR platform or software. For this effect different solutions available were analysed, including free and paid software. The choice came down to using a free software called Shuffle 1 in conjunction with the already existent in the IPLeiria SOC case management platform TheHive 2. With these two tools, different playbooks were developed to handle the most prominent type of incidents the SOC faces.Rabadão, Carlos Manuel da SilvaOliveira, Adail Domingues da Silva deIC-OnlineMateus, Marco Alexandre Clemente2022-02-21T14:12:48Z2021-12-062021-12-06T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.8/6695TID:202944310enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-17T15:53:47Zoai:iconline.ipleiria.pt:10400.8/6695Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:49:53.676506Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| title |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| spellingShingle |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA Mateus, Marco Alexandre Clemente Cybersecurity Security Operations Center (SOC) Security Orchestration Automation and Response (SOAR) x Software Information security Politécnico de Leiria Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| title_short |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| title_full |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| title_fullStr |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| title_full_unstemmed |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| title_sort |
HANDLING CYBERSECURITY RELATED INCIDENTS IN THE SECURITY OPERATION CENTER OF THE POLYTECHNIC OF LEIRIA |
| author |
Mateus, Marco Alexandre Clemente |
| author_facet |
Mateus, Marco Alexandre Clemente |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Rabadão, Carlos Manuel da Silva Oliveira, Adail Domingues da Silva de IC-Online |
| dc.contributor.author.fl_str_mv |
Mateus, Marco Alexandre Clemente |
| dc.subject.por.fl_str_mv |
Cybersecurity Security Operations Center (SOC) Security Orchestration Automation and Response (SOAR) x Software Information security Politécnico de Leiria Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| topic |
Cybersecurity Security Operations Center (SOC) Security Orchestration Automation and Response (SOAR) x Software Information security Politécnico de Leiria Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| description |
In the present day, IT systems are an integral part of most organizations, and play a huge role it their success. With the necessity to connect these systems to the internet to further amplify their benefits and possibilities, comes the issue of cybersecurity. Allied to the importance of these systems for the organizations, comes the interest of attackers in disrupting these same services. When the amount of cyberattacks occurring everyday is taken into consideration, and how these might impact organizations, this issue becomes one of the greatest challenges they have to deal with. The problems that this project deals with is fundamentally connect with this issue. With the variety of attacks that currently circulates Security Operations Center (SOC) rely on many different software to monitor their systems, which in turn create too much information to be handled individually by security analysts. In this project this issue was analyzed, as well how it can be handled, as the main objective of this is project is to find a solution for the SOC of the Instituto Politécnico de Leiria (IPLeiria) which is facing this very same issue. The proposed solution to this problem is through Security Orchestration, Automation and Response (SOAR). SOAR encompasses different concepts that help in creating effective and efficient routines to handles the incidents that a SOC faces on a daily basis. To tackle this problem in the case of the IPLeiria SOC, the solution found relied on the use of a SOAR platform or software. For this effect different solutions available were analysed, including free and paid software. The choice came down to using a free software called Shuffle 1 in conjunction with the already existent in the IPLeiria SOC case management platform TheHive 2. With these two tools, different playbooks were developed to handle the most prominent type of incidents the SOC faces. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021-12-06 2021-12-06T00:00:00Z 2022-02-21T14:12:48Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.8/6695 TID:202944310 |
| url |
http://hdl.handle.net/10400.8/6695 |
| identifier_str_mv |
TID:202944310 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799136991360581632 |