Cloud Security Automation Through Symmetry: Threat Detection and Response
Abstract
:1. Introduction
2. Related Work
- This paper proposes a modular, scalable architecture tailored for cloud environments, integrating essential SIEM components, such as data collection, normalization, storage, correlation, and alerting, all into one framework;
- This study proposes a novel cloud security architecture that integrates SIEM, SOAR, XDR, and other capabilities with threat intelligence for improved incident detection and response;
- This research aims to provide organizations with practical methods and strategies based on real-world cases to help them implement automated threat detection and response;
- The study provides a comparative analysis, highlighting how this approach differs from traditional cloud security frameworks in terms of scalability, automation, and detection accuracy.
3. Research Methodology
3.1. Research Questions
- Question 1: What are the current approaches to automating cloud security operations?
- Question 2: What techniques and tools are used for threat detection in cloud environments?
- Question 3: How do organizations implement and evaluate response strategies for cloud-based security incidents?
- Question 4: What are the emerging trends and open research challenges in cloud security automation?
3.2. Databases and Sources
3.3. Search Strategy and Keywords
4. Understanding Cloud Security and the Threat Landscape
4.1. Common Security Threats in Cloud Environments
4.2. Key Security Principles in the Cloud
5. Cloud Security Automation: Concept and Importance
5.1. Definition of Cloud Security Automation
5.2. Benefits of Automating Security in the Cloud
6. Key Technologies and Tools for Cloud Security Automation
6.1. Security Information and Event Management (SIEM)
6.2. Extended Detection and Response (XDR)
6.3. Security Orchestration, Automation, and Response (SOAR)
6.4. Machine Learning and AI in Security Automation
7. Implementing Automated Threat Detection and Response in the Cloud
7.1. Threat Intelligence Integration
7.2. Automated Incident Response Playbooks
7.3. Real-Time Monitoring and Log Analysis
- Continuous data collection and analysis from multiple sources across the cloud infrastructure;
- Automated correlation of security events and alerts;
- Real-time threat detection and automated response capabilities;
- Integration with threat intelligence feeds for enhanced threat detection;
- Automated alerting and notification systems for security teams.
7.4. Identity and Access Management (IAM) Automation
8. Case Studies and Real-World Applications
8.1. Cloud Security Automation in Large Enterprises
8.2. Examples of Automated Threat Detection in Action
9. Challenges and Limitations of Cloud Security Automation
9.1. Tasks Best Suited for Automation
9.2. Tasks Best Suited for Human Interaction
- Human role evolution and resistance to change: The role of humans should shift towards interpretation, investigation, and strategic planning. In some cases, these individuals may not be supportive of this transition.
- Loss of situational awareness: Relying too much on automation can sometimes create a black-box effect where humans are detached from critical detection and response processes, which may, in turn, reduce situational awareness when unexpected incidents occur.
10. Discussion
11. Conclusions
Funding
Data Availability Statement
Conflicts of Interest
References
- Beaty, K.A.; Chow, J.M.; Cunha, R.L.F.; Das, K.K.; Hulber, M.F.; Kundu, A.; Michelini, V.; Palmer, E.R. Managing sensitive applications in the public cloud. IBM J. Res. Dev. 2016, 60, 4:1–4:13. [Google Scholar] [CrossRef]
- Sureshkumar, V.; Baranidharan, B. A study of the cloud security attacks and threats. J. Phys. Conf. Ser. 2021, 1964, 042061. [Google Scholar] [CrossRef]
- Research, K. Identity Threat Detection and Response (ITDR) Market Size|2031. Technical Report, KBV Research. 2024. Available online: https://www.kbvresearch.com/identity-threat-detection-and-response-market/ (accessed on 4 March 2025).
- Gill, S.S.; Tuli, S.; Xu, M.; Singh, I.; Singh, K.V.; Lindsay, D.; Tuli, S.; Smirnova, D.; Singh, M.; Jain, U.; et al. Transformative effects of IoT, Blockchain and Artificial Intelligence on cloud computing: Evolution, vision, trends and open challenges. Internet Things 2019, 8, 100118. [Google Scholar] [CrossRef]
- Kumar Samriya, J.; Kumar, S.; Kumar, M.; Wu, H.; Singh Gill, S. Machine Learning-Based Network Intrusion Detection Optimization for Cloud Computing Environments. IEEE Trans. Consum. Electron. 2024, 70, 7449–7460. [Google Scholar] [CrossRef]
- D’Antoni, L.; Ding, S.; Goel, A.; Ramesh, M.; Rungta, N.; Sung, C. Automatically Reducing Privilege for Access Control Policies. Proc. ACM Program. Lang. 2024, 8, 763–790. [Google Scholar] [CrossRef]
- Ali, S.M.; Razzaque, A.; Yousaf, M.; Shan, R.U. An Automated Compliance Framework for Critical Infrastructure Security Through Artificial Intelligence. IEEE Access 2024, 13, 4436–4459. [Google Scholar] [CrossRef]
- Jalalvand, F.; Baruwal Chhetri, M.; Nepal, S.; Paris, C. Alert Prioritisation in Security Operations Centres: A Systematic Survey on Criteria and Methods. ACM Comput. Surv. 2024, 57, 1–36. [Google Scholar] [CrossRef]
- Wu, Y.; Kang, Z.; Dai, T.; Cheng, D. Managing cloud security in the presence of strategic hacker and joint responsibility. J. Oper. Res. Soc. 2023, 75, 1371–1384. [Google Scholar] [CrossRef]
- He, H.; Li, X.; Chen, P.; Chen, J.; Liu, M.; Wu, L. Efficiently localizing system anomalies for cloud infrastructures: A novel Dynamic Graph Transformer based Parallel Framework. J. Cloud Comput. 2024, 13, 115. [Google Scholar] [CrossRef]
- Gursimsir, M.; Ayar, C.; Sogukpinar, I. Multipurpose Malware Detection System. In Proceedings of the 2024 9th International Conference on Computer Science and Engineering (UBMK), Antalya, Turkey, 26–28 October 2024; pp. 1–5. [Google Scholar] [CrossRef]
- Ahmad, W.; Rasool, A.; Javed, A.R.; Baker, T.; Jalil, Z. Cyber Security in IoT-Based Cloud Computing: A Comprehensive Survey. Electronics 2021, 11, 16. [Google Scholar] [CrossRef]
- Annunziata, G.; Sheykina, A.; Palomba, F.; De Lucia, A.; Catolino, G.; Ferrucci, F. Security Risk Assessment on Cloud: A Systematic Mapping Study. In Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering, Salerno, Italy, 18–21 June 2024; pp. 604–613. [Google Scholar] [CrossRef]
- Xiao, Z.; Xiao, Y. Security and Privacy in Cloud Computing. IEEE Commun. Surv. Tutor. 2013, 15, 843–859. [Google Scholar] [CrossRef]
- Borgeaud, A. Topic: Data Security. Available online: https://www.statista.com/topics/13106/data-security/ (accessed on 12 January 2025).
- Noor, Z.; Hina, S.; Hayat, F.; Shah, G.A. An intelligent context-aware threat detection and response model for smart cyber-physical systems. Internet Things 2023, 23, 100843. [Google Scholar] [CrossRef]
- Bagheri, A.; Shameli-Sendi, A. Automating the Translation of Cloud Users’ High-Level Security Needs to an Optimal Placement Model in the Cloud Infrastructure. IEEE Trans. Serv. Comput. 2023, 16, 4580–4590. [Google Scholar] [CrossRef]
- Imran, M.; Siddiqui, H.U.R.; Raza, A.; Raza, M.A.; Rustam, F.; Ashraf, I. A performance overview of machine learning-based defense strategies for advanced persistent threats in industrial control systems. Comput. Secur. 2023, 134, 103445. [Google Scholar] [CrossRef]
- Muhammad Saad Zahoor, E.A. Security Challenges and Solutions in AI-Enhanced Cloud Platforms: A Comprehensive Study. Power Syst. Technol. 2023, 47, 103–118. [Google Scholar] [CrossRef]
- Jeyalakshmi, J.; Gnanavel, S.; Vijay, K.; Eugene Berna, I. Threat Landscape and Common Security Challenges in Cloud Environments: In Advances in Information Security, Privacy, and Ethics; Goel, P.K., Pandey, H.M., Singhal, A., Agarwal, S., Eds.; IGI Global: Hershey, PA, USA, 2024; pp. 194–213. [Google Scholar] [CrossRef]
- Bringhenti, D.; Marchetto, G.; Sisto, R.; Valenza, F. Automation for Network Security Configuration: State of the Art and Research Trends. ACM Comput. Surv. 2024, 56, 1–37. [Google Scholar] [CrossRef]
- Panigrahi, G.R.; Sethy, P.K.; Behera, S.K.; Gupta, M.; Alenizi, F.A.; Suanpang, P.; Nanthaamornphong, A. Analytical Validation and Integration of CIC-Bell-DNS-EXF-2021 Dataset on Security Information and Event Management. IEEE Access 2024, 12, 83043–83056. [Google Scholar] [CrossRef]
- Dunsin, D.; Ghanem, M.C.; Ouazzane, K.; Vassilev, V. A comprehensive analysis of the role of artificial intelligence and machine learning in modern digital forensics and incident response. Forensic Sci. Int. Digit. Investig. 2024, 48, 301675. [Google Scholar] [CrossRef]
- Vazão, A.P.; Santos, L.; Costa, R.L.D.C.; Rabadão, C. Implementing and evaluating a GDPR-compliant open-source SIEM solution. J. Inf. Secur. Appl. 2023, 75, 103509. [Google Scholar] [CrossRef]
- Manzoor, J.; Waleed, A.; Jamali, A.F.; Masood, A. Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs. PLoS ONE 2024, 19, e0301183. [Google Scholar] [CrossRef]
- Kaur, H.; Sanjaiy Sl, D.; Paul, T.; Kumar Thakur, R.; Kumar Reddy, K.V.; Mahato, J.; Naveen, K. Evolution of Endpoint Detection and Response (EDR) in Cyber Security: A Comprehensive Review. E3S Web Conf. 2024, 556, 01006. [Google Scholar] [CrossRef]
- Olteanu, I.C. Evaluating the Response Effectiveness of XDR Technology in a Scaled Down Environment. Master’s Thesis, Eindhoven University of Technology, Eindhoven, The Netherlands, 2022. [Google Scholar]
- González-Granadillo, G.; González-Zarzosa, S.; Diaz, R. Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors 2021, 21, 4759. [Google Scholar] [CrossRef]
- Nguyen, M.D.; Mallouli, W.; Cavalli, A.R.; Montes De Oca, E. AI4SOAR: A Security Intelligence Tool for Automated Incident Response. In Proceedings of the 19th International Conference on Availability, Reliability and Security, Vienna, Austria, 30 July–2 August 2024; pp. 1–8. [Google Scholar] [CrossRef]
- Bridges, R.A.; Rice, A.E.; Oesch, S.; Nichols, J.A.; Watson, C.; Spakes, K.; Norem, S.; Huettel, M.; Jewell, B.; Weber, B.; et al. Testing SOAR tools in use. Comput. Secur. 2023, 129, 103201. [Google Scholar] [CrossRef]
- Lee, M.; Jang-Jaccard, J.; Kwak, J. Novel Architecture of Security Orchestration, Automation and Response internet of Blended Environment. Comput. Mater. Contin. 2022, 73, 199–223. [Google Scholar] [CrossRef]
- Zaman, S.; Alhazmi, K.; Aseeri, M.A.; Ahmed, M.R.; Khan, R.T.; Kaiser, M.S.; Mahmud, M. Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey. IEEE Access 2021, 9, 94668–94690. [Google Scholar] [CrossRef]
- AL-Aamri, A.S.; Abdulghafor, R.; Turaev, S.; Al-Shaikhli, I.; Zeki, A.; Talib, S. Machine Learning for APT Detection. Sustainability 2023, 15, 13820. [Google Scholar] [CrossRef]
- Wendt, D.W. The Cybersecurity Trinity: Artificial Intelligence, Automation, and Active Cyber Defense; Apress: Berkeley, CA, USA, 2024. [Google Scholar] [CrossRef]
- Vo, H.V.; Du, H.P.; Nguyen, H.N. AI-powered intrusion detection in large-scale traffic networks based on flow sensing strategy and parallel deep analysis. J. Netw. Comput. Appl. 2023, 220, 103735. [Google Scholar] [CrossRef]
- Wu, Y.c.; Chang, Y.l. Ransomware Detection on Linux Using Machine Learning with Random Forest Algorithm. TechRxiv 2024. [CrossRef]
- Khammas, B.M. Ransomware Detection using Random Forest Technique. ICT Express 2020, 6, 325–331. [Google Scholar] [CrossRef]
- Google. Google Security Operations Reference. Technical Report, Google Cloud. 2024. Available online: https://cloud.google.com/chronicle/docs/reference (accessed on 4 March 2025).
- Wagner, T.D.; Mahbub, K.; Palomar, E.; Abdallah, A.E. Cyber threat intelligence sharing: Survey and research directions. Comput. Secur. 2019, 87, 101589. [Google Scholar] [CrossRef]
- Centre, A.C.S. Annual Cyber Threat Report. Technical Report, Australian Cyber Security Centre. 2022. Available online: https://www.cyber.gov.au/sites/default/files/2023-03/ACSC-Annual-Cyber-Threat-Report-2022_0.pdf (accessed on 4 March 2025).
- Akbari Gurabi, M.; Nitz, L.; Bregar, A.; Popanda, J.; Siemers, C.; Matzutt, R.; Mandal, A. Requirements for Playbook-Assisted Cyber Incident Response, Reporting and Automation. Digit. Threat. Res. Pract. 2024, 5, 1–11. [Google Scholar] [CrossRef]
- Amazon. Volkswagen Group Case Study|Amazon GuardDuty|AWS—aws.amazon.com. Technical Report, AWS. 2021. Available online: https://aws.amazon.com/solutions/case-studies/volkswagen-group-guardduty/ (accessed on 4 March 2025).
- Chen, C.; Yan, T.; Shi, C.; Xi, H.; Fan, Z.; Wan, H.; Zhao, X. The Last Mile of Attack Investigation: Audit Log Analysis Toward Software Vulnerability Location. IEEE Trans. Inf. Forensics Secur. 2024, 19, 9566–9581. [Google Scholar] [CrossRef]
- Mahat, D.; Karki, T.B.; Neupane, D.; Shrestha, D.K.; Shrestha, S. Decolonization in Focus: A Bibliometric Analysis of Scientific Articles from 2010 to 2023. Nepal J. Multidiscip. Res. 2024, 7, 1–21. [Google Scholar] [CrossRef]
- Pangarkar, T. Identity and Access Management Statistics and Facts (2025)—scoop.market.us. Technical Report, market.us. 2025. Available online: https://scoop.market.us/identity-and-access-management-statistics/ (accessed on 4 March 2025).
- Oliveira, M.P.V.D.; Handfield, R. Analytical foundations for development of real-time supply chain capabilities. Int. J. Prod. Res. 2019, 57, 1571–1589. [Google Scholar] [CrossRef]
- Stoll, J. Topic: Netflix—Statista.com. Technical Report, Statista. 2024. Available online: https://www.statista.com/topics/842/netflix/ (accessed on 4 March 2025).
- Talukder, M.A.; Khalid, M.; Uddin, M.A. An integrated multistage ensemble machine learning model for fraudulent transaction detection. J. Big Data 2024, 11, 168. [Google Scholar] [CrossRef]
- Mink, J.; Benkraouda, H.; Yang, L.; Ciptadi, A.; Ahmadzadeh, A.; Votipka, D.; Wang, G. Everybody’s Got ML, Tell Me What Else You Have: Practitioners’ Perception of ML-Based Security Tools and Explanations. In Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 21–25 May 2023; pp. 2068–2085. [Google Scholar] [CrossRef]
- Lines, D.A. Delta Air Lines Announces December Quarter and Full Year 2023 Financial Results. Technical Report, Delta Air Lines. 2024. Available online: https://ir.delta.com/news/news-details/2025/Delta-Air-Lines-Announces-December-Quarter-and-Full-Year-2024-Financial-Results/default.aspx (accessed on 4 March 2025).
- Tilbury, J.; Flowerday, S. Humans and Automation: Augmenting Security Operation Centers. J. Cybersecur. Priv. 2024, 4, 388–409. [Google Scholar] [CrossRef]
- Vaccaro, M.; Almaatouq, A.; Malone, T. When combinations of humans and AI are useful: A systematic review and meta-analysis. Nat. Hum. Behav. 2024, 8, 2293–2303. [Google Scholar] [CrossRef]
- Houser, A.M.; Bolton, M.L. Formal Mental Models for Human-Centered Cybersecurity. Int. J. Hum.–Comput. Interact. 2025, 41, 1414–1430. [Google Scholar] [CrossRef]
- Borgeaud, A. Global AI Cybersecurity Market Size 2030|Statista—Statista.com. Technical Report, Statistica. 2024. Available online: https://www.statista.com/statistics/1450963/global-ai-cybersecurity-market-size/ (accessed on 4 March 2025).
- Thaqi, R.; Krasniqi, B.; Mazrekaj, A.; Rexha, B. Literature Review of Machine Learning and Threat Intelligence in Cloud Security. IEEE Access 2025, 13, 11663–11678. [Google Scholar] [CrossRef]
- Manzoor, S.; Gouglidis, A.; Bradbury, M.; Suri, N. Enabling Multi-Layer Threat Analysis in Dynamic Cloud Environments. IEEE Trans. Cloud Comput. 2024, 12, 319–336. [Google Scholar] [CrossRef]
- Dugyala, R.; Chithaluru, P.; Ramchander, M.; Kumar, S.; Yadav, A.; Yadav, N.S.; Elminaam, D.S.A.; Alsekait, D.M. Secure cloud computing: Leveraging GNN and leader K-means for intrusion detection optimization. Sci. Rep. 2024, 14, 30906. [Google Scholar] [CrossRef]
Author(s) | Focus Area | Limitations | Contribution of This Work |
---|---|---|---|
Kumar et al., 2024 | ML-based intrusion detection | Does not address automated response. | Covers end-to-end automation including detection-response |
Dantoni et al., 2024 | Identity and Access Management | Very specific to AWS cloud | Cloud-agnostic: Discusses SOAR in multi-cloud and hybrid contexts |
Ali et al., 2025 | ML-based framework that recommends Cybersecurity standards and monitoring | Not cloud-specific | Focused review of cloud-native threat detection mechanisms |
Jalalvand et al., 2025 | Highlights role of AI in anomaly detection and alerting | Does not address dynamic and scalable nature of cloud infrastructure | Automation capable of handling the scale of cloud infrastructure. |
Wu et al., 2024 | Joint responsibility of cloud providers and enterprises. | Lacks comprehensive framework for threat detection | Recommends solutions with improved incident response and reduced security breaches |
He et al., 2024 | Accuracy of anomaly detection | Does not address reponse to anomalies detected | Recommends strategies for automated threat detection and response |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Pitkar, H. Cloud Security Automation Through Symmetry: Threat Detection and Response. Symmetry 2025, 17, 859. https://doi.org/10.3390/sym17060859
Pitkar H. Cloud Security Automation Through Symmetry: Threat Detection and Response. Symmetry. 2025; 17(6):859. https://doi.org/10.3390/sym17060859
Chicago/Turabian StylePitkar, Harshad. 2025. "Cloud Security Automation Through Symmetry: Threat Detection and Response" Symmetry 17, no. 6: 859. https://doi.org/10.3390/sym17060859
APA StylePitkar, H. (2025). Cloud Security Automation Through Symmetry: Threat Detection and Response. Symmetry, 17(6), 859. https://doi.org/10.3390/sym17060859