Information and security event management system
Master Thesis
Author
Βούλγαρης, Ιωάννης
Voulgaris, Ioannis
Date
2020-03-10Advisor
Λαμπρινουδάκης, ΚωνσταντίνοςView/ Open
Keywords
Beats ; Security Operation Center (SOC) ; GDPR ; Search engines ; Threat hunting ; Elastic Stack (ELK)Abstract
The cyber security field has evolved tremendously over the past decade. Cyber
incidents and threats have been increasing rapidly both in figures as well as intricacy.
As all fights, it is consisted by two or more participants; regularly an attacker and a
defender. The defending is done by an organization while the attacker keeps changing
the threat landscape by availing himself of the new exploits, weaknesses and possible
security loopholes. These attackers usually have as an end goal to exfiltrate, alter or
even delete valuable data.
This Thesis proposes, analyzes and evaluates some cyber security solutions. It is
based on the Elastic Stack (ELK), an enterprise grade logging suite of tools which
provides active threat hunting in a corporate environment. In the market it is mainly
used as a search engine. Scenarios are presented with it being used alone as it is with
Beats or combined with the Wazuh platform. The initial phases of this Thesis focus
on what a SOC center, how important efficient log analysis is, how GDPR is affected
by ELK and how Elasticsearch can be used as a search engine. Afterwards, some
scenarios are presented followed by a detailed manual for these technologies. Lastly,
from just this handful of scenarios and examples an opinion is presented about how
these technologies can be effectual in an enterprise environment.