Centralized Operation Management for Front-end Security Appliance Based on Lifecycle Approach

• Main Authors: Shu-Cheng Chen, 陳書正
• Other Authors: 許振銘
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/60133160841558696215

碩士 === 健行科技大學 === 資訊工程系碩士班 === 104 === Growing cyber threats are an increasing concern to organizations of all sizes, critical infrastructure, economy, and even to national security around the world. Security Operation Center (SOC) with security incident management process based on the Security Information and Event Management (SIEM) is a powerful solution for cyber threat incident detection and response. The corporate starts outsourcing security monitoring work to a Managed Security Service Provider (MSSP) due to running an internal SOC costs enormous resources. In order to do security event monitoring, MSSP tends to deploy Front-end Security Appliance (FSA) on client’s side to collect, transform, normalize, aggregate and compress log data from different types of security related devices. Those logs collected by FSA will be sent to SIEM platform via secure communication channels for SOC’s real-time monitoring. Once there is abnormal user behavior, a corresponding alert will be generated by SIEM and the administrator will receive the notification for early detection of compromised. Nowadays, sophisticated attacking technique increase the requirements of SIEM that leads to growing numbers of FSA. Planning and launching the deployment of FSA becomes a real challenge. The methodology of central control and manage FSA proposed by the thesis is essential to MSSP and helps drop the cost of daily operation drastically. The thesis develops centralized and automated FSA operation management platform according to Develop & Operation (DevOps) life-cycle concept, including automatic provision, subscription, monitoring, software delivery, configuration management, version control, single-sign on, one-time password, and management portal. The experimental results from the designed virtual-lab show that the developed platform provides both efficiency and effectiveness for simultaneous deployments and centralized management. The designed architecture brings different concepts for future developments and operation methodology regarding security software deployments in industry.