Cloud Security Operation Center SOC

benifits
  • Creating jobs for 20 people for 1 year
  • Used in different Iranian companies, organization & banks
  • Reducing costs for 500.000 (for 10 SIEMs sold)
Research partner
IT Group, IRISA
Year
description

Cloud Security Operation Center is a SOC that receives logs and events from cloud platform (virtual switch mirror port and Zabbix). Sitra agent is customized to receive logs and events from OpenStack platform. New correlation rules have been added to Sitra to detect cloud attacks. Sitra is the name of SOC produced by IRISA.

The following features have been added to Sitra:

  • Plug-ins deployed to receive logs from different services of OpenStack
  • Snort customization for OpenStack
  • Cloud multi-step attack detection & correlation i.e. DoS attack on OpenStack services, botnets on cloud
  • Log management, log search & log retention for 90 days
  • Incident response
  • Alert prioritization
  • Multi-user, access control

Within this scope, following services can be taken into account:

  • MSSP (Managed Security Provider)
  • Reporting
  • Network forensics
  • Different payment mechanisms for MSSP
  • 500-5000 event per second on average
  • Supporting different types of security devices (500 security devices)
  • Supporting different assets (500-5000 different assets), including:
  • Services
  • Operating Systems & Applications
  • Configuration i.e. Open ports, IPtables
  • Attack identification & prediction:
  • Single-step attacks
  • Multi-step attacks

Distributed attacks

X