Monitoring Network through SIEM using IDS, IPS and EDR
This project proposes and implements the installation of a SIEM (Security Information and Events Management) solution integrated with IPS / IDS (Intrusion Prevention and Detection Systems) and Firewall for active monitoring of a network. In future, EDR (End-point Detection and Response) System will
2025-06-28 16:34:11 - Adil Khan
Monitoring Network through SIEM using IDS, IPS and EDR
Project Area of Specialization Cyber SecurityProject SummaryThis project proposes and implements the installation of a SIEM (Security Information and Events Management) solution integrated with IPS / IDS (Intrusion Prevention and Detection Systems) and Firewall for active monitoring of a network. In future, EDR (End-point Detection and Response) System will also be integrated with the SIEM solution.
Project ObjectivesSecuring the cyber space of an organization or a country is of critical importance in this information warfare era. Pakistan is far left behind in the race of information warfare and needs alot of awareness and work to fortify its cyber security. This project aims to implement an open source complete SIEM solution for real time network monitoring and implement security applications including Intrusion Detection and Prevention Systems (IDS / IPS), a complete configured opensource firewall, and a comprehensive End-point Detection and Response System, and integrating all these applications with one complete Security Information Event Management (SIEM) solution, in an attempt to deploy a complete opensource Cyber Security Operation Centre (Cyber SOC). It will be a step forward to explore best available open source cyber security tools and to implement fully functional SOCs at small and corporate levels to safeguard cyber space of organizations and their valuable data.
this will also help us understand the functionality and how to configure custom security rules for different types of organizational structures, and would be a way forward for us to indigenously develop our own security applications to maximize our cyber security potential.
Project Implementation MethodThe project will be implemented in three phases.
First phase will be to carry out extensive research on all available open-source tools and doing a qualitative comparison to choose the best among the available tools.
Second step will be to deploy Intrusion detection and prevention systems (IPS / IDS) along with a firewall in a test network environment.
Last phase will be to implement End-point detection and response system and integrating all these applications with am open-source SIEM.
This fully developed and functional SOC setup will be deployed in a live network environment as a fully functional cyber security setup.
Benefits of the ProjectThis project will benefit the cyber space of our country, we aim to spread awareness regarding the importance of open-source tools, and their useability as a building block towards developing our own cyber security applications and getting rid of dependency on international cyber security companies' products.
According to a finding, most of the firewalls deployed in the asian region are intentially left with backdoors, that leak data to their manufacturing companies and agencies. Our cyber space can never be safe until we indigenously develop our own systems.
Thsi project aims to deploy open-source cyber security tools and configuring them according to our own needs and cyber space requirements.
later on we aim to develop our own security tools.
Technical Details of Final DeliverableFinal deliverable will be a complete Security Operations Centre (SOC) system.
The system will consist of following fully operational applications / components / appliances / systems / servers:
1. Security Information and Event Management (SIEM) Solution
2. Intrusion Detection System.
3. Intrusion Prevention System.
4. Firewall
5. Endpoint Detection and Response (EDR) system
Final Deliverable of the Project HW/SW integrated systemCore Industry ITOther IndustriesCore Technology Artificial Intelligence(AI)Other Technologies Cloud Infrastructure, Others, Big DataSustainable Development Goals Industry, Innovation and InfrastructureRequired Resources| Item Name | Type | No. of Units | Per Unit Cost (in Rs) | Total (in Rs) |
|---|---|---|---|---|
| Total in (Rs) | 80000 | |||
| switches | Equipment | 3 | 6000 | 18000 |
| server | Equipment | 1 | 40000 | 40000 |
| wires | Equipment | 4 | 500 | 2000 |
| connectors | Equipment | 2 | 1500 | 3000 |
| lan cables | Equipment | 5 | 200 | 1000 |
| fiber-optic cable | Equipment | 3 | 2000 | 6000 |
| tools | Miscellaneous | 2 | 5000 | 10000 |