Enhancing Cyber Resilience: Convergence of SIEM, SOAR, and AI in 2024
DOI:
https://doi.org/10.47941/ijce.1754Keywords:
Cybersecurity, Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Artificial Intelligence (AI).Abstract
Purpose: The study aims to examine the synergistic effects of integrating Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Artificial Intelligence (AI) technologies in enhancing cybersecurity frameworks. It explores how this combination can lead to a transformative era in cybersecurity, focusing on the improved efficacy of threat management and incident response.
Methodology: An analytical approach was used to investigate the integration trends between SIEM and SOAR technologies, underpinned by advancements in AI. This method emphasizes accelerated incident detection and response, enriched threat intelligence collaboration, and fortified security strategies.
Findings: The fusion of SIEM, SOAR, and AI technologies has led to a paradigm shift in cybersecurity, offering unparalleled efficiency in threat management and a significant reduction in the impacts of cyber incidents on entities. It highlights the accelerated detection and response to incidents and the enhancement of threat intelligence collaboration and security strategies.
Unique Contribution to Theory, Practice, and Policy: This study contributes to the field by presenting invaluable insights for cybersecurity practitioners and entities aiming to strengthen their defenses against an evolving digital threat landscape. It advocates for a proactive orchestration of security measures, underlining the strategic implications of the SIEM-SOAR-AI triad for future cybersecurity endeavors. Recommendations are provided for entities to adopt this integrated approach to enhance their cybersecurity frameworks effectively.
Downloads
References
Ansari, M. F. (2022). ). The Impact and Limitations of Artificial Intelligence in Cybersecurity: A Literature Review. International Journal of Advanced Research in Computer and Communication Engineering.
Bartwal, U. M. (2022). Security orchestration, automation, and response engine for deployment of behavioural honeypots. IEEE Conference on Dependable and Secure Computing (DSC) (pp. 1-8). IEEE.
Bhatt, S. M. (2014). The operational role of security information and event management systems. . IEEE security & Privacy, 12(5), 35-41.
Cotroneo, D. P. (2017). Empirical analysis and validation of security alerts filtering techniques. IEEE Transactions on Dependable and Secure Computing 16(5), 856-870.
Huang, J. K. (2014). Knowledge discovery from big data for intrusion detection using LDA. IEEE International Congress on Big Data (pp. (pp. 760-761)). IEEE.
K. -O. Detken, T. R. (2015). K. -O. Detken, T. Rix, C. Kleiner, B. Hellmann and L. Renners, "SIEM approach for a higher level of IT security in enterprise networks," 2015 SIEM approach for a higher level of IT security in enterprise networks. IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (pp. 322-327). Warsaw, Poland: IDAACS.
Kinyua, J. &. (2021). AI/ML in Security Orchestration, Automation and Response: Future Research Directions. Intelligent Automation & Soft Computing, 28(2).
Kotenko, I. &. (2012). Attack modeling and security evaluation in SIEM systems. International Transactions on Systems Science and Applications, 8, 129-147.
Laird, J. E. (2014). The evolution of the Soar cognitive architecture. In Mind matters . In J. E. Laird, The evolution of the Soar cognitive architecture. In Mind matters (pp. 1-50). Psychology Press.
Lehman, J. F. (2006). A gentle introduction to soar, an architecture for human cognition: 2006 update. . In J. F. Lehman, A gentle introduction to soar, an architecture for human cognition: 2006 update (pp. 1-36). University of Michigan, .
Masombuka, M. G. (2018). Towards an artificial intelligence framework to actively defend cyberspace. . European Conference on Cyber Warfare and Security (pp. (pp. 589-XIII)). Academic Conferences International Limited.
Montesino, R. F. (2012). SIEM‐based framework for security controls automation. Information Management & Computer Security, 20(4), 248-263.
Pulyala, S. R. (2023). The Future of SIEM in a Machine Learning-Driven Cybersecurity Landscape. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 14(03), 1309-1314.
Romanovs, O. P. (2019). Why SIEM is Irreplaceable in a Secure IT Environment? 2019 Open Conference of Electrical, Electronic and Information Sciences (eStream) (pp. 1-5). Vilnius, Lithuania: doi: 10.1109/eStream.2019.8732173.
Sikos, L. F. (2018). AI in Cybersecurity (Vol. 151). . Springer.
Taddeo, M. M. (2019). Trusting artificial intelligence in cybersecurity is a double-edged sword. . Nature Machine Intelligence, 1(12),, 557-560.
Young, R. M. (1999). The Soar cognitive architecture and human working memory. Models of working memory: Mechanisms of active maintenance and executive control.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Shanmugavelan Ramakrishnan, Dinesh Reddy Chittibala
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
