Detection Engineering & GRC: Hybrid NIDS Framework

An empirical evaluation combining signature-based parsing (Suricata) and behavioral telemetry (Zeek) to expose internal enterprise threat vectors. Awarded a First-Class Honors distinction, this research maps 14 simulated threat scenarios across the MITRE ATT&CK framework to systematically eliminate network blind spots, manage corporate risk, and ensure regulatory alignment.

Project Overview & Implementation

  • The Objective: Evaluated how effectively an enterprise network can catch advanced, hidden threats (like hackers moving sideways or pivoting between internal systems) by combining two top-tier security tools: Suricata and Zeek.

  • The Testing: Built an isolated corporate network simulation to safely test 14 distinct real-world cyber attack methods based on the global MITRE ATT&CK framework.

  • The Custom Engineering: Developed custom automation scripts and rule pipelines to tune both systems, moving beyond default vendor settings to catch highly stealthy network activity.

Governance, Risk, & Compliance Impact

Security infrastructure must serve the wider business strategy and adhere to strict regulations:

  • Strategic Governance: Proved that out-of-the-box, default security tools leave major coverage gaps. This demonstrates to executive boards that mature defence requires dedicated funding for custom rule engineering rather than relying on default vendor states.

  • Risk Management: Focused on removing day-to-day administrative network noise to stop false alarms. This prevents analyst alert fatigue and keeps Security Operations Center (SOC) costs optimized.

  • Legal & Privacy Compliance: Designed the monitoring data capture to be strict, minimized, and proportionate. This ensures full compliance with international standards (NIST) alongside UK privacy laws.

Links & Artifacts

Explore the open-source code and assets from this project:

Contact

Reach out for collaborations or questions.

© 2025. All rights reserved.