ANALYTICAL REVIEW OF TECHNOLOGIES AND METHODS OF DEVELOPING A NETWORK PERIMETER PROTECTION SUBSYSTEM FOR SOC
Keywords:
SOC, Network Perimeter Protection, NGFW (Next-Generation Firewall), IDS/IPS, Threat Intelligence (TI), XDR (Extended Detection and Response), AI/ML (Artificial Intelligence / Machine Learning), Zero Trust Architecture (ZTA), SASE (Secure Access Service Edge), CASB (Cloud Access Security Broker), EDR (Endpoint Detection and Response), MFA (Multi-Factor Authentication), SIEM, NTA/NDR, TLS Inspection, Deception Technology, Microsegmentation, Security Awareness Training, Phishing Simulation, UEBA (User and Entity Behavior Analytics), IAM (Identity and Access Management), DLP (Data Loss Prevention), SOAR (Security Orchestration, Automation, and Response), SOC Process Automation, Virtual Analysts / AI Systems, Cyber Range / Cyber Training Grounds.Abstract
This article analyzes modern methods for protecting the network perimeter in Security Operations Centers (SOC). The features and drawbacks of each approach are examined, as well as the areas where each method is most effective. The dependencies of security levels on the implementation of various traffic monitoring and analysis technologies are demonstrated, along with methods for detecting and mitigating cyber threats.
After analyzing existing methods, the author recommends a multi-layered network perimeter protection strategy that ensures the most comprehensive and reliable threat detection. The SOC-oriented approach is considered the most effective for the following reasons:
— centralized collection and correlation of security events;
— use of behavioral analysis systems and machine learning;
— integration with SIEM for rapid incident response;
— capability for automated threat mitigation;
— protection against sophisticated targeted attacks through continuous updates of detection algorithms.
References
1. Аксенов К.Ю. Информационная безопасность: защита сетей и систем // М.: Инфра-М, 2020. – 352 с.
2. Бойко А.Ю., Костин И.А. Технологии защиты периметра корпоративной сети: учебное пособие. – СПб.: Питер, 2021. – 288 с.
3. Принципы построения центров мониторинга информационной безопасности (SOC). – М.: РОСИНФОРМТЕХ, 2019. – 212 с.
4. Беляев В.И. Сетевые технологии и защита информации: монография. – М.: Академия, 2020. – 416 с.
5. Гиляров А.В., Зайцев Д.А. Методы обнаружения атак в системах мониторинга безопасности // Вестник компьютерных и информационных технологий. – 2022. – №2. – С. 55–63.
6. Нестеренко Л.А., Калмыков А.С. Анализ угроз информационной безопасности в корпоративных сетях // Информационные технологии. – 2021. – №9. – С. 22–28.
7. ISO/IEC 27001:2022. Information technology – Security techniques – Information security management systems – Requirements. – Geneva: ISO, 2022.
8. Национальный стандарт Российской Федерации. ГОСТ Р 57580.1–2017. Защита информации. Безопасность финансовых организаций. Общие требования. – М.: Стандартинформ, 2018.
9. Stallings W. Network Security Essentials: Applications and Standards. – 6th ed. – Boston: Pearson Education, 2022. – 480 p.
10. Scarfone K., Mell P. Guide to Intrusion Detection and Prevention Systems (IDPS). – NIST Special Publication 800-94. – Gaithersburg: NIST, 2007.
11. Anton A., Killcrece G. Building a Security Operations Center: A Strategic Guide. – SANS Institute, 2019. – 87 p.
12. Лебедев С.Н., Мишустин И.В. Методология построения SOC: современное состояние и перспективы // Информационные технологии и безопасность. – 2023. – Т. 12, №4. – С. 41–49.
13. Cisco Systems. Cisco Security Architecture for the Enterprise. – Cisco White Paper, 2021. – URL: https://www.cisco.com (дата обращения: 10.06.2025).
14. Palo Alto Networks. The SOC Transformation Model. – Palo Alto White Paper, 2022. – URL: https://www.paloaltonetworks.com (дата обращения: 10.06.2025).
