Security Operation System

Abstract

The number of cyber attacks and cyber crimes grows every year. This is why there constantly appear new products, technologies and tools for protection against cyber threats. Security Operation Center (SOC) is one of the most up-to-date and reliable cybersecurity tools of enterprise level. There are already several SOCs in Ukraine in government and law enforcement bodies and there is strong interest to their implemen-tation shown by organizations and enterprises of practically every industry of national economy. SOC al-lows monitoring, detection and quick response to incidents which is necessary to reduce damage and fi-nancial losses caused by such incidents. Implementation of SOC requires significant expenses which can be afforded only by some organizations and enterprises. This is why creation of similar but more affordable tool is very urgent. The paper describes Security Operation System (SOS) designed for effective protection against cyber threats and cyber attacks, which collects, normalizes, correlates and analyses events in or-ganization’s IT infrastructure. Main advantage of this system is ability to receive information on events from different sources and their correlation which is important as today attacks can only be discovered on the basis of combination of events in the IT infrastructure. Another advantage of SOS is ability to add new correlation rules into analytical module which can be based on the unique experience of system exploita-tion, analysis of new attacks against organization’s IT infrastructure or borrowing such correlation rules from other organizations.