Design and Implementation of a SOC Based on Elastic SIEM

Abstract

As cybersecurity threats continue to evolve in complexity and frequency, companies face growing challenges in safeguarding their assets. Despite the availability of various security solutions, organizations still endure significant losses from these attacks. Moreover, in Algeria, there has been a tightening of regulations concerning the security obligations of companies. Implementing multiple security measures can be complex and may have drawbacks. Therefore, establishing a centralized facility to oversee these measures is imperative. By deploying a Security Operations Center (SOC), organizations can bolster their security posture, leading to fewer incidents and mitigated losses in the event of cyber-attacks. Our project aims to establish a SOC for MNA, using Elastic SIEM and the NIST incident response framework. This initiative not only reduces costs for the company but also streamlines security operations, making them more manageable and efficient. Keywords: SOC, SIEM, Elastic, Incident Response, NIST, Cybersecurity.