This study compares three popular open-source Security Information and Event Management (SIEM) solutions—Wazuh, Graylog, and the ELK Stack—based on their effectiveness in cyber threat detection and response. The motivation for this research originates from the growing complexity of cyber threats, which necessitates robust and effective detection technologies for organizations. The primary purpose is to assess each Security Information and Event Management (SIEM) solution's readiness, accuracy, and effectiveness in detecting and responding to simulated cyberattacks like brute force attacks, malware infections, and data exfiltration. Wazuh, Graylog, and ELK Stack were deployed in a controlled environment, and each tool was subjected to simulated cyber-attacks to create log data for analysis. The log data was processed to evaluate detection rates, accuracy (true positives, false positives/negatives), and system performance (resource consumption and scalability). The study employed performance metrics like detection accuracy, precision, recall, and F1-score to assess each tool's threat detection capabilities. The results show that all three SIEM solutions can detect and respond to cyber threats, with Wazuh outperforming Graylog in real-time monitoring and response and the ELK Stack excelling in log analysis and scalability. However, the effectiveness of each strategy varies according to the specific attack type and organizational requirements. This study emphasizes the need to choose an SIEM solution that is suitable for an organization's security requirements and architecture. Organizations should assess qualities such as usability, scalability, and integration capabilities. In order to improve accuracy, each SIEM system should have its threat detection algorithms updated on a regular basis and employ the latest machine learning techniques.

Authors: O. Owolafe, Ayobami James Alabi

Published in: International Conference for Internet Technology and Secured Transactions (ICITST-2024)

• Date of Conference: 4-6 November 2024
• DOI: 10.20533/ICITST.2024.0015
• ISBN: 978-1-913572-76-1
• Conference Location: St Anne’s College, Oxford University, UK