Hermes Ransomware v2.1 Action Monitoring using Next Generation Security Operation Center (NGSOC) Complex Correlation Rules

Abstract: A new malware is identified every fewer than five seconds in today's threat environment, which is changing at a rapid speed. As part of cybercrime, there is a lot of malware activity that can infect the system and make it problematic. Cybercrime is a rapidly growing field, allowing cyber thieves to engage in a wide range of damaging activities. Hacking, scams, child pornography, and identity theft are all examples of cybercrime. Cybercrime victims might be single entities or groups of persons who are being tar… Show more

“…To enhance botnet detection methods, collaboration with Security Operations Centers (SOCs) is crucial for strengthening the capability to monitor and respond the emerging botnet effectively. It is also responsible to monitor network activity, analyzing, investigate and response to the security threat by using a range of tools and technologies [17], [18], [8]. Incorporating advanced technologies, such as machine learning-based detection, within the SOC framework enables real-time analysis of network traffic and anomalies.…”

“…SOC incident management is the process of identifying, detecting, analyzing, and responding to the information security in a systematic way. Ti Dun et al [31] investigated how Next Generation Security Operation Centers (NGSOCs) respond to malicious activities in their research. A specific use case was developed to detect the Hermes Ransomware v2.1 malware, utilizing complex correlation rules within the SIEM anomalies engine.…”

Botnet Detection and Incident Response in Security Operation Center (SOC): A Proposed Framework

“…To enhance botnet detection methods, collaboration with Security Operations Centers (SOCs) is crucial for strengthening the capability to monitor and respond the emerging botnet effectively. It is also responsible to monitor network activity, analyzing, investigate and response to the security threat by using a range of tools and technologies [17], [18], [8]. Incorporating advanced technologies, such as machine learning-based detection, within the SOC framework enables real-time analysis of network traffic and anomalies.…”

“…SOC incident management is the process of identifying, detecting, analyzing, and responding to the information security in a systematic way. Ti Dun et al [31] investigated how Next Generation Security Operation Centers (NGSOCs) respond to malicious activities in their research. A specific use case was developed to detect the Hermes Ransomware v2.1 malware, utilizing complex correlation rules within the SIEM anomalies engine.…”

Botnet Detection and Incident Response in Security Operation Center (SOC): A Proposed Framework

“…The above could be even more challenging if the CyberSOC service itself is outsourced, which is also a common practice in public sector and involves roles with high cybersecurity skills, as questioned in Nugraha [94]. Although outsourcing also has advantages, as mentioned in previous paragraphs, the cons are relevant in this case, according to Ti Dun et al [93], and several efforts have to be made to enhance the communication between the public entity's manager and the provider of CyberSOC services, which is analyzed in [95] by Kokulu et al In view of the above, we are of the opinion that one potential disadvantage of outsourcing a CyberSOC is the loss of control over the security of the organization's systems and data. When a CyberSOC is managed by an external provider, the organization loses the ability to directly oversee and manage the security measures in place to protect its systems and data.…”

Boosting Holistic Cybersecurity Awareness with Outsourced Wide-Scope CyberSOC: A Generalization from a Spanish Public Organization Study

Building A Barrier: A Security Operations Center Framework For A Sustainable Smart Campus Network