V-SOC is a virtual Security Operation Centre that aims at providing security analytics and security event management (SIEM) as a cloud based service. Simply stated, “Security Information and Event Management (SIEM) automates incident identification and resolution based on built in business rules to help improve compliance and alert staff to critical intrusions” (source http://www.ukessays.com).
The operation of a SOC becomes a necessity for more and more enterprises offering cloud based services and ISP. Besides these users, many SMEs have business needs for advanced security monitoring tailored to their specific needs. These requirements become even more relevant when confronting the recent increase in data velocity, data volumes and variability. For many small and medium companies, the necessary technical and human resources for developing or the maintenance of the shelf available software is to expensive and rare. For these particular target clients, an easy to use service offering most SIEM related functionalities, that provides advanced analytics and support Big Data. VSOC is a cloud based SOC for this business category. VSOC leverages the experience and research of the proposers in Machine learning and big data processing for security analytics. VSOC integrates existing SIEM (OSSIM an open source security event monitoring tool) with advanced analytical capabilities developed in the SECAN research group. Furthermore, we aim at integrating also more appropriate pure technologies, like NoSQL databases, in memory distributed middleware candidates Shark/Spark and data processing tools like Pig/Hadoop and HBASE.
Project duration: 15.01.2015 - 14.01.2016.