Enhancing Cloud Security-Proactive Threat Monitoring and Detection Using a SIEM-Based Approach

With the escalating frequency of cybersecurity threats in public cloud computing environments, there is a pressing need for robust security measures to safeguard sensitive data and applications. This research addresses growing security concerns in the cloud by proposing an innovative security information and event management system (SIEM) that offers automated visibility of cloud resources. Our implementation includes a virtual network comprising virtual machines, load balancers, Microsoft Defender for Cloud, and an application gateway that functions as a web application firewall (WAF). This WAF scans incoming Internet traffic and provides centralized protection against common exploits and vulnerabilities, securing web applications within the cloud environment. We deployed the SIEM system to automate visibility and incident response for cloud resources. By harnessing the power of this employed SIEM, the developed system can continuously monitor, detect security incidents, and proactively mitigate potential security threats. Microsoft Defender for Cloud consistently assesses the configuration of cloud resources against industry standards, regulations, and benchmarks to ensure compliance requirements are met. Our findings highlight the practicality and effectiveness of deploying such solutions to safeguard cloud resources, offering valuable insights to organizations and security professionals seeking sustainable and resilient security measures in the cloud computing environment.