The paper addresses the problem of anomaly detection in network traffic and proposes a comprehensive solution to enhance the level of cybersecurity for organizations of various scales. A comparative analysis of existing monitoring and anomaly detection systems has been carried out, including both open-source solutions and commercial products.
The aim of this study is a comprehensive analysis of the fundamental SOAR (Security Orchestration, Automation, and Response) model in the context of cybersecurity for virtual networks. The paper presents a synthesis of the core concepts of orchestration, automation, and response, which are critical elements of modern approaches to risk management and information system protection.
The problem of joint detection and rating intensity of а stream applications in telecommunication system is examined. A mathematical model, which includes a flow model, procedure of estimation of parameters and threshold device, which finds that or other critical level which determines the level of traffic intensity, is offered in the article. In algorithms which describe functioning of this mathematical model, key moments is an exposure of critical level of loading, which consists in the evaluation of trend of unstationarity and determination of achievement of critical level.