A Security Operations and Analytics Framework: Continuous Detection and Response

Security operations face several challenges, including the increasing volume and complexity of security data, limited analyst resources, and sophisticated cyber threats. This study is motivated by three main factors: the need to utilise advanced technologies, improve operational efficiency, and apply theoretical progress to practical cybersecurity solutions.

To address these issues, this study proposes a Security Operations and Analytics Framework (SOAF) emphasising automation and continuous detection and response. The framework integrates tools such as Wazuh, Elasticsearch, Kibana, TheHive and Cortex within a Security Operations and Analytics Platform (SOAP), leveraging AI, machine learning, and automation to enhance cybersecurity operations.

The effectiveness of the SOAF is evaluated using a design science research methodology. Two case studies demonstrate the framework’s ability to reduce incident response times from three hours to one hour, increase detection accuracy by 80%, and streamline threat detection, analysis, and incident response operations.

The study concludes by analysing its findings, discussing the consequences, acknowledging constraints, and providing actionable recommendations for future research. The implementation of the SOAF showcases key functionalities in a practical setting, highlighting the framework’s theoretical and practical contributions to advancing security operations and analytics.