MODERN TECHNOLOGIES FOR NETWORK SECURITY MONITORING: THE ROLE OF SIEM WAZUH IN THREAT DETECTION AND RESPONSE
Keywords:
SIEM, Wazuh, security monitoring, network traffic, threat detection, incident response, event correlation, regulatory compliance, cybersecurity, machine learning algorithmsAbstract
In today’s digital environment, the proliferation of network resources and devices makes them attractive to cybercriminals. The increasing sophistication of attacks such as DDoS, data breaches, malware and phishing calls for new approaches to cyber defense. A particular difficulty is the protection of large corporate and cloud infrastructures, where volumes of data require automation to detect threats and respond to them.One of the solutions is the implementation of SIEM systems, in particular the open platform Wazuh, which provides security monitoring, event management and analytics. Its functionality includes file integrity monitoring, event correlation, regulatory compliance, and behavioral analysis for real-time threat prevention. Its advantages, practical effectiveness and possibilities of integration with other security components are analyzed. In the process of the research, practical testing of Wazuh, analysis of the functionality of the threat detection system, response automation and compliance with regulatory requirements was carried out. Integration with other tools, such as Suricata’s IDS, allowed detection of complex multi-stage attacks and reduced response time.Testing showed threat detection accuracy of up to 98% and a low rate of false positives.Wazuh’s automation functionality has reduced incident response time to 1-2 minutes. The system demonstrated stable operation in large networks and the possibility of integration into cloud environments. Wazuh has also proven itself to be competitive against commercial solutions such as IBM QRadar due to its open source, customization flexibility and cost-effectiveness.The Wazuh SIEM system is an effective tool for ensuring network security in today’s cyberspace.Open architecture and wide functionality make it relevant both for large organizations and for small businesses that seek to reduce the risks of cyberattacks at minimal financial costs.
References
Слабінога, М. О., Чабан, С. В. Розробка веб-додатків в контексті оптимізації їх швидкодії. Таврійський науковий вісник. Серія: Технічні науки, 2022, (3), 63-69. https://doi.org/10.32851/tnv-tech.2022.3.7
Антіпова, К. О., Раленко, В. С. Використання штучного інтелекту в розробці Android застосунків. Таврійський науковий вісник. Серія: Технічні науки, 2024, (2), 100-105. https://doi.org/10.32782/tnv-tech.2024.2.9
Ольховська, О. В., Олексійчук, Ю. Ф., Кошова, О. П., Черненко, О. О., Бойко, О. А. Розробка telegram чат-бота для надання технічної підтримки у галузі туристичних послуг. Таврійський науковий вісник. Серія: Технічні науки, 2024, (6), 35-44. https://doi.org/10.32782/tnv-tech.2023.6.
Singh, S., Kumar, A. Detect and Mitigate Cyberattacks Using SIEM. IEEE Xplore. 2022.
Лаута О. Підвищення стійкості інформаційної безпеки за допомогою SIEM-системи Wazuh. Західноукраїнський національний університет. 2023.
Comparative Analysis of IBM QRadar and Wazuh for Security Information and Event Management. DAAAM International Symposium. URL: https://example.com (дата звернення: 25.11.2024).
Wazuh Named as One of the Best SIEM Solutions. TechTimes. URL: https:// example.com (дата звернення: 25.11.2024).
Ban, Tao; Takahashi, Takeshi; Ndichu, Samuel; Inoue, Daisuke Breaking Alert Fatigue: AI-Assisted SIEM Framework for Effective Incident Response. Applied Sciences (2076-3417), 2023, v. 13, n. 11, p. 6859, doi. 10.3390/app13116859
Srinivas Reddy Pulyala The Future of SIEM in a Machine Learning-Driven Cybersecurity Landscape. Turkish Journal of Computer and Mathematics Education,Vol.14, No.3, 2023, 1309-1314.
Dr. Nirvikar Katiyar, Ai AndCyber-Security: Enhancing Threat Detection And Response With Machine Learning Educational Administration: Theory And Practice, 2024, 30(4), 6273-6282. Doi:10.53555/kuey.v30i4.2377
Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2021, 1232 р.
Chuvakin, A., Schmidt, K., Phillips, C. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Syngress, 2021.
Stallings, W. Network Security Essentials: Applications and Standards (7th Edition). Pearson, 2022.
Liu, H., Lang, B. Machine Learning and Deep Learning for Security: Principles and Applications. Electronic Markets, Springer, 2021, Volume 31, Р. 685-695.
Amorós, L., Hafiz, S. M., Lee, K., Tol, M. C. Gimme that model: A trusted ML model trading protocol. 2020, arXiv:2003.00610 [cs]. http://arxiv.org/abs/2003.00610
