SRM INSTITUTE OF SCIENCE AND TECHNOLOGY SCHOOL OF COMPUTING

PROJECT GUIDELINES 2023 – 2024

18CSP109L – PROJECT (10 CREDITS)

IMPLEMENTING SECURITY MEASURES USING

MANAGED DETECTION AND RESPONSE (MDR)

Prepared by:
Selva Kumar SA (RA2011030010062)
Sharan K (RA2011030010027)
Guide :
Hemamalini .V
 TABLE OF CONTENTS
• Abstract
• Introduction
• Motivation
• Literature review
• Challenges and limitations
• Objectives
• Innovation
• Scope and Application
• Architecture
• Proposed Modules
• UML diagrams
• Result and Discussions
• References
ABSTRACT
This study investigates the implementation of Managed Detection and Response (MDR) for bolstering cybersecurity. By exploring
MDR's key components like threat intelligence integration and real-time monitoring, the research highlights its efficacy in rapidly
identifying and mitigating cyber threats. The findings emphasize MDR's adaptability to evolving threats, showcasing its impact on
incident response times and overall security posture. By deploying Wazuh agents across diverse IT environments, organizations can
effectively detect, analyze, and respond to security incidents in real-time. These agents provide continuous monitoring and log analysis,
enabling proactive threat hunting and vulnerability assessment. Wazuh's centralized management console offers comprehensive visibility
and control, facilitating the orchestration of security measures across the entire infrastructure. Through its integration with threat
intelligence feeds and correlation rules, Wazuh empowers organizations to stay ahead of emerging threats and compliance requirements.
With its scalable architecture and robust features, Wazuh serves as a vital component in modern cybersecurity strategies, helping
enterprises fortify their defenses and mitigate risks effectively.
INTRODUCTION
• In an era of escalating cyber threats and evolving attack vectors, organizations face the imperative to fortify their cybersecurity
posture. As traditional security measures prove insufficient against sophisticated adversaries, the adoption of innovative
solutions becomes paramount. This study focuses on the strategic implementation of Managed Detection and Response (MDR)
as a proactive approach to addressing the dynamic landscape of cyber threats.

• MDR integrates advanced threat detection, real-time monitoring, and automated incident response to provide a comprehensive
and agile defense mechanism. As the digital landscape continues to evolve, understanding and harnessing the capabilities of
MDR becomes essential for organizations striving to stay ahead in the ongoing battle against cyber adversaries.
MOTIVATION

• In the face of escalating cyber threats, organizations are compelled to rethink and reinforce their cybersecurity strategies. The
motivation behind this research stems from the pressing need to understand and harness the potential of Managed Detection and
Response (MDR) in countering contemporary cyber risks.

• Conventional security measures often fall short in the fast-evolving threat landscape, necessitating a shift toward proactive solutions.
MDR, with its real-time threat detection and response capabilities, offers a promising avenue for organizations seeking a dynamic
defense mechanism. This study is motivated by the aspiration to contribute practical insights into the implementation and impact of
MDR, empowering organizations to effectively thwart cyber threats.
LITERATURE REVIEW
Title of the paper Author Names Objective of the paper Limitations
Autonomous Threat WESSEL HAVENGA This paper proposes an Autonomous Results of conducted experiments
Detection and Response ANTONIE BAGULA Threat Detection and Response (ATDR) show that ATDR can accurately
For self-protected Networks system which combines unsupervised classify network traffic in real time
machine learning, for autonomous threat based on pattern but it considered
IEEE 2022 detection, with intelligent queue slow and unpredictable
management for an effective self-
organized responses to threats.
Endpoint Detection and Asad Arfeen We have presented a comprehensive The paper may not extensively
response review of existing EDRs through various address the robustness and
security layers that includes detection, generalization capabilities of the
IEEE 2021 response and management capabilities ML-based DDoS detection
which enables security teams to have methods, leaving questions about
clarity. their effectiveness across diverse
and evolving attack scenarios.

Intrusion Detection and Kimmi Kumari The development of an intrusion
prevention System M. Mrunalini detection and prevention system begins,
which will not require a greater
IEEE 2020 investment in the budget of small
companies, this being a solid security
stack that allows registration, visibility
and automatic response to Possible
threats on the network,
The system is based on Raspberry
Pi hardware and free Ubuntu
Server software as the operating
system and Snort as the intrusion
detection and prevention system
which can be expensive .
CHANGES AND LIMITATIONS IN THE EXISTING SYSTEM

• Positive changes are evident in the system's improved user interface and experience, enhancing overall usability. However, scalability
remains a limitation, with the current architecture struggling to accommodate increased user demands efficiently. Addressing this
requires strategic upgrades to the system's architecture.

• On the security front, positive changes include the implementation of advanced encryption and multi-factor authentication, fortifying
the system against potential breaches. Nevertheless, staying ahead of evolving cyber threats poses an ongoing challenge, necessitating
continuous updates to security protocols.
OBJECTIVES

• Emphasize the real-time detection and analysis capabilities provided by Wazuh agents.

• Helping enterprises fortify their defenses and mitigate risks effectively through Wazuh deployment.
INNOVATION IDEA OF THE PROJECT

INTRODUCING A SELF-HEALING SYSTEM

• Develop an innovative self-healing mechanism within the existing system that autonomously identifies and rectifies minor issues
and performance bottlenecks. Utilizing machine learning algorithms and predictive analytics, the system can proactively detect
anomalies, automatically initiate corrective measures, and optimize its own performance.

• This innovation aligns with the objective of optimizing system performance and fortifying the system against potential disruptions,
showcasing a forward-thinking approach to system management and maintenance.
SCOPE AND APPLICATION

• A Self-Healing Managed Detection and Response (MDR) system encompasses an automated approach to detect, respond
to, and recover from cybersecurity incidents.

• It achieves real-time incident detection through advanced threat analysis, responding promptly to known threats with
automated actions and continuously adapting to evolving threat landscapes.

• The system also conducts in-depth incident forensics and employs User and Entity Behavior Analytics (UEBA) to identify
anomalies. Its applications span various sectors, safeguarding businesses, critical infrastructure, and cloud environments,
while also securing IoT devices and networks. Additionally, it strengthens the cybersecurity posture of financial,
healthcare, and government institutions, offering a comprehensive defense strategy across diverse domains.
WAZUH MANAGER
ENDPOINT CONFIGURATION
PROPOSED MODULES
• THREAT DETECTION MODULE
• Machine Learning Models: Random Forest, Support Vector Machines, or Neural Networks for anomaly
detection.
• Signature-based detection for known threats.
• Behaviour analysis algorithms for UEBA.
• AUTOMATED RESPONSE MODULE
• Playbooks: Pre-defined sequences of actions based on the type of threat.
• Automated quarantine scripts.
• Incident response workflows.
• INCIDENT FORENSICS MODULE
• Disk and memory forensics algorithms.
• Chain of custody tracking for evidence.
• Timeline analysis algorithms.
• UEBA MODULE
• Behaviour profiling algorithms.
• Clustering algorithms for identifying similar behavior patterns.
• Anomaly detection algorithms.
SEQUENCE DIAGRAM
RESULT AND DISCUSSIONS
RESULT AND DISCUSSIONS
RESULT AND DISCUSSIONS
REFERENCES
[1] SHI Dong And Mudar Sarem,” Threat Detection Attack Detection Method Based on Improved KNN With the Degree
of Threat Detection Attack in Software-Defined Networks”, IEEE Access ( Volume: 8), DOI:
10.1109/ACCESS.2019.2963077
[2] Shahzeb Haider,” A Deep CNN Ensemble Framework for Efficient Threat Detection Attack Detection in Software
Defined Networks”, IEEE Access ( Volume: 8), DOI: 10.1109/ACCESS.2020.2976908
[3] Derya Erhan AND Emin Anarim,” Hybrid Threat Detection Detection Framework Using Matching Pursuit Algorithm”,
IEEE Access ( Volume: 8), DOI: 10.1109/ACCESS.2020.3005781
[4] Liang Tan , Yue Pan , Jing Wu, JIAN” A New Framework for Threat Detection Attack Detection and Defense in SDN
Environment”, IEEE Access ( Volume: 8), DOI: 10.1109/ACCESS.2020.3021435
[5] Mohammed Tayyab, Bahari Belaton, AND Mohammed Anber,” ICMPv6-Based SIEM and Threat Detection Attacks
Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review”, IEEE Access
( Volume: 8), DOI: 10.1109/ACCESS.2020.3022963
THANK YOU