USING CISCO SECUREX FOR SOC AUTOMATION
DOI:
https://doi.org/10.26906/SUNZ.2025.4.138Keywords:
information security, cybersecurity, cyber threats, artificial intelligence, architecture, scalability, SOCAbstract
Relevance. The article is devoted to the analysis of the capabilities of the Cisco SecureX platform in the context of automating processes within Security Operations Centers (SOC). The study emphasizes the relevance of this research, which is driven by the growing number of cyber threats, the increasing complexity of attacks, and the shortage of highly qualified professionals in the field of cybersecurity. It is underlined that traditional SOC operation methods are insufficiently effective under conditions of multivector attacks, which objectively necessitates the implementation of orchestration and automation technologies. The research systematizes the core functional features of Cisco SecureX, including: integration with multi-component cybersecurity infrastructures (SIEM systems, EDR platforms, IDS/IPS solutions), which ensures the creation of a unified information space; orchestration of SOC processes through the use of response playbooks, enabling the automation of routine operations, reducing incident handling time, and minimizing the human factor; enhanced analytical capabilities, based on the use of machine learning mechanisms and event correlation from heterogeneous data sources; improved accuracy of threat detection through multi-layered data analysis, including the examination of user behavioral patterns and network activity. Particular attention is paid to the research aspect of SecureX’s impact on SOC efficiency. The study substantiates that the use of this platform makes it possible to reduce the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), which are critical indicators for evaluating SOC performance. It is demonstrated that integrating SecureX with Threat Intelligence systems provides a more comprehensive contextual understanding of attacks, increases the level of proactive defense, and contributes to the development of an adaptive security architecture. From the standpoint of scientific novelty, the article presents a systematization of approaches to SOC automation, in which Cisco SecureX is considered not only as a tool for practical implementation but also as a subject of research for evaluating the effectiveness of integrative security platforms. The paper identifies promising directions for further study, including: advancing the level of cognitive SOC automation based on AI, optimizing response playbooks through adaptive algorithms, and assessing the scalability of SecureX in diverse organizational environments. Thus, the implementation of Cisco SecureX is justified both from the perspective of theoretical research and practical application. The platform contributes to the formation of a new approach to information security management, based on integration, automation, and analytics, which determines its strategic significance for enhancing the cyber resilience of modern organizations.Downloads
References
1. Whitepaper Cisco Public. Whitepaper Cisco Public. From Complex to Cohesive. How a Platform Approach Can Solve Today’s Security Conundrum. URL: https://s3.amazonaws.com/external_clips/3356387/securex-cohesivewhitepaper.pdf?1583527154=&utm_source
2. Юрген Кучер M-Тренди 2024: Наш погляд з передової. URL: https://cloud.google.com/blog/topics/threat-intelligence/mtrends-2024?utm_source=chatgpt.com
3. А. Мохсін, Х. Яніке, А. Ібрагім, .Х. Саркер, С. Камтепе. Уніфікована структура для співпраці людини та штучного інтелекту в центрах операцій безпеки з довіреною автономією URL: https://arxiv.org/html/2505.23397v2?utm_source
4. Кеті Биковскі Де знаходиться магічний квадрант Gartner SOAR? URL: https://swimlane.com/blog/soar-magicquadrant/?utm_source
5. Цінго Чжан Розробка посібників з автоматизації безпеки - обмін отриманим досвідом з практиками. Біла книга. URL: https://www.cisco.com/c/en/us/products/collateral/security/designing-security-automation-playbooks-wp.html?utm_source
6. Zhyvylo Y. (2023). Exploring and Acquiring Modern Human Resource Competencies in Cybersecurity Amidst State Digital Transformation. Pressing Problems of Public Administration, 2(63), 111-127. DOI: https://doi.org/10.26565/1684-8489-2023-2-08
7. Zhyvylo , Y. O., & Zhyvylo , I. O. (2021). Joint training of the cyber security defense forces personnel in the conditions of total state defense. Theory and Practice of Public Administration, 2(73), 144-153. https://doi.org/10.34213/tp.21.02.16
8. Mahdi, Q. A., Zhyvotovskyi, R., Kravchenko, S., Borysov, I., Oleksandr, O., Panchenko, I., Zhyvylo, Y., Kupchyn, A., Koltovskov, D., Boholii, S. (2021). Development of a method of structural-parametric assessment of the object state. EasternEuropean Journal of Enterprise Technologies, 5 (4 (113)), 34–44. doi: https://doi.org/10.15587/1729-4061.2021.240178
9. Koval M., Sova O., Orlov O., Zhyvylo Y., Zhyvylo I. Improvement of complex resource management of special-purpose communication systems // 5(9-119) (2022): Eastern-European Journal of Enterprise Technologies. Р. 34–44, doi: https://doi.org/10.15587/1729-4061.2022.266009
10. S. Kashkevich, A. Shyshatskyi, O. Dmytriieva, Y. Zhyvylo, G. Plekhova, S. Neronov The development of management methods based on bio-inspired algorithms Information and control systems: modelling and optimizations: collective monograph. – Kharkiv: TECHNOLOGY CENTER PC, 2024. – 35-69p. DOI: http://doi.org/10.15587/978-617-8360-04-7
11. Zhyvylo, Y.О. (2024). Methodology for developing a national cybersecurity strategy. State Formation, no. 2 (36), 307–321. DOI: https://doi.org/10.26565/1992-2337-2024-2-21 [in Ukrainian].
12. Живило Є. О., Шевченко Д. Г. Оцінка ризиків кібербезпеки та контролю конфіденційності в інформаційних системах державного управління. Збірник наукових праць Військового інституту Київського національного університету імені Тараса Шевченка. 2022. № 75. С. 66-77. URL: http://nbuv.gov.ua/UJRN/Znpviknu_2022_75_9
13. Живило Є.О., Черноног О.О. Стратегія кібероборони України, Збірник наукових праць ВІТІ № 4, 2017, С.30–37. URL: https://www.researchgate.net/publication/380979172_STRATEGIA_KIBEROBORONI_UKRAINI
14. Cyber risk management technology to strengthen the information security of the national economy, S. Onyshchenko, Ye. Zhyvylo, A. Hlushko, S. Bilko ISSN 2071-2227, E-ISSN 2223-2362, Naukovyi Visnyk Natsionalnoho Hirnychoho Universytetu, 2024, No 5. С. 136-142, https://doi.org/10.33271/nvngu/2024-5/136
15. Svitlana Onyshchenko, Yevhen Zhyvylo, Anna Cherviak, Stanislav Bilko Determining the patterns of using information protection systems at financial institutions in order to improve the level of financial security. Vol. 5 (13 (125)) (2023): Eastern-European Journal of Enterprise Technologies. P. 65–76. DOI: https://doi.org/10.15587/1729-4061.2023.288175
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Tatiana Fesenko, Yuliia Kalashnikova
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
