Logo do repositório
 
Miniatura
Publicação

Autonomous Incident Response

2023Dissertação de mestrado Acesso aberto
http://hdl.handle.net/10451/57250
Utilize este identificador para referenciar este registo.
Nome:Descrição:Tamanho:Formato: 
TM_Juan_Siqueira.pdf4.21 MBAdobe PDF Ver/Abrir

Autores

Siqueira, Juan Christian da Silva

Orientador(es)

Sá, Alan Oliveira de

Resumo(s)

Information security is a must-have for any organization willing to stay relevant and grow, it plays an important role as a business enabler, be it from a regulatory perspective or a reputation perspective. Having people, process, and technology to solve the ever growing number of security incidents as fast as possible and with the least amount of impact is a challenge for small and big companies. To address this challenge, companies started investing in Security Orchestration, Automation, and Response (SOAR) [39, 68, 70]. Security orchestration is the planning, integration, cooperation, and coordination of the activities of security tools and experts to produce and automate required actions in response to any security incident across multiple technology paradigms [40]. In other words, the use of SOAR is a way to translate the manual procedures followed by the security analysts into automated actions, making the process faster and scalable while saving on human resources budget. This project proposes a low-cost cloud native SOAR platform that is based on serverless computing, presenting the underlying details of its design. The performance of the proposed solution was evaluated through 364 real-world incidents related to 11 use cases in a large multinational enterprise. The results show that the solution is able to decrease the duration of the tasks by an average of 98.81% while having an operating expense of less than $65/month. Prior to the SOAR, it took the analyst 75.84 hours to perform manual tasks related to the 11 use cases. Additionally, an estimated 450 hours of the analyst’s time would be used to run the Update threat intelligence database use case. After the SOAR, the same tasks were automatically ran in 31.2 minutes and the Update threat intelligence database use case ran 9.000 times in 5.3 hours.

Descrição

Trabalho de Projeto de Mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de Ciências

Palavras-chave

SOAR Computação em nuvem Segurança Orquestração Automação Teses de mestrado - 2023

URI

http://hdl.handle.net/10451/57250

Contexto Educativo

Citação

Projetos de investigação

Unidades organizacionais

Fascículo

Editora

Coleções

FC-DI - Master Thesis (projects)

Licença CC