Treffer: ZenGuard a machine learning based zero trust framework for context aware threat mitigation using SIEM SOAR and UEBA.

Perimeter-based security models, which rely on predefined network boundaries, are increasingly ineffective against modern threats such as insider misuse, supply chain attacks, and Advanced Persistent Threats (APTs). Zero Trust Architecture (ZTA) offers a more resilient approach by enforcing continuous verification of users, devices, and activity. While SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms are widely adopted and play a critical role in monitoring and response, they often operate with static rules and limited behavioral context, making it challenging to fully implement ZTA principles. ZenGuard addresses these operational gaps by introducing context-aware, real-time, and adaptive enforcement capabilities. This paper introduces ZenGuard, an open-source framework that integrates ZTA, SIEM, SOAR, and User and Entity Behavior Analytics (UEBA) into a unified, vendor-independent platform. ZenGuard employs Python-based automation and interpretable machine learning models to detect behavioral anomalies and trigger adaptive responses across identity, device, and network layers. We evaluate ZenGuard using real-world Security Operation Center (SOC) telemetry from enterprise environments to validate overall threat detection and response, demonstrating a Mean Time to Respond (MTTR) under 10 seconds in cases such as privilege escalation, lateral movement and data exfiltration. Furthermore, UEBA accuracy was assessed on synthetic behavioral datasets that emulate diverse threats that are not consistently observable in live environments. In essence, ZenGuard supports Zero Trust principles as defined by NIST SP 800-207 and ISO/IEC 27001 controls, offering a practical, explainable, and scalable approach to modern cybersecurity automation. [ABSTRACT FROM AUTHOR]