Visible to the public VSOC - A Virtual Security Operating Center

TitleVSOC - A Virtual Security Operating Center
Publication TypeConference Paper
Year of Publication2017
AuthorsFalk, E., Repcek, S., Fiz, B., Hommes, S., State, R., Sasnauskas, R.
Conference NameGLOBECOM 2017 - 2017 IEEE Global Communications Conference
KeywordsBig Data, cloud computing, composability, Computational modeling, Computer architecture, Metrics, Monitoring, Operating Systems Security, pubcrawl, Real-time Systems, Resiliency, security
Abstract

Security in virtualised environments is becoming increasingly important for institutions, not only for a firm's own on-site servers and network but also for data and sites that are hosted in the cloud. Today, security is either handled globally by the cloud provider, or each customer needs to invest in its own security infrastructure. This paper proposes a Virtual Security Operation Center (VSOC) that allows to collect, analyse and visualize security related data from multiple sources. For instance, a user can forward log data from its firewalls, applications and routers in order to check for anomalies and other suspicious activities. The security analytics provided by the VSOC are comparable to those of commercial security incident and event management (SIEM) solutions, but are deployed as a cloud-based solution with the additional benefit of using big data processing tools to handle large volumes of data. This allows us to detect more complex attacks that cannot be detected with todays signature-based (i.e. rules) SIEM solutions.

DOI10.1109/GLOCOM.2017.8254427
Citation Keyfalk_vsoc_2017