DiSIEM: Diversity-enhancements for Security Information and Event Management

From Navigators

(Difference between revisions)
Jump to: navigation, search
(3 intermediate revisions not shown)
Line 16: Line 16:
|Summary=Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and correlate the obtained events to discover possible threats (attacks, vulnerabilities, etc.) to the organization. The DiSIEM project aims to enhance existing SIEM systems with diversity-related technology. More specifically, we want to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open-source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.
|Summary=Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and correlate the obtained events to discover possible threats (attacks, vulnerabilities, etc.) to the organization. The DiSIEM project aims to enhance existing SIEM systems with diversity-related technology. More specifically, we want to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open-source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.
|NavigatorsSite=FCUL
|NavigatorsSite=FCUL
-
|Researchers=Alysson Bessani, Pedro M. Ferreira, Nuno Ferreira Neves, Fernando Alves
+
|Researchers=Alysson Bessani, Pedro M. Ferreira, Nuno Ferreira Neves, Ibéria Medeiros, Fernando Alves, AdrianoSerckumecka, Rui Azevedo, Ivo Vacas, Claudio Martins, Pedro Gaspar,
}}
}}

Revision as of 00:02, 5 October 2018

http://www.disiem-project.eu

Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and correlate the obtained events to discover possible threats (attacks, vulnerabilities, etc.) to the organization. The DiSIEM project aims to enhance existing SIEM systems with diversity-related technology. More specifically, we want to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open-source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.

Publications

  • Adriano Serckumecka, Ibéria Medeiros, Bernardo Ferreira, Alysson Bessani, “SLiCER: Safe Long-term Cloud Event Archival”, in In Proceedings of the IEEE Pacific Rim International Symposium on Dependable Computing (PRDC), Dec. 2019.

  • Adriano Serckumecka, Ibéria Medeiros, Bernardo Ferreira, Alysson Bessani, “A Cost-Effective Cloud Event Archival for SIEMs”, in In Proceedings of the Workshop on Distributed and Reliable Storage Systems (DRSS, with SRDS 2019), Oct. 2019.

  • Mario Faiella, Gustavo Gonzalez-Granadillo, Ibéria Medeiros, Rui Azevedo, Susana Gonzalez-Zarzosa, “Enriching Threat Intelligence Platforms Capabilities”, in In Proceedings of the International Conference on Security and Cryptography, Prague, Czech Republic (SECRYPT), Jul. 2019.

BibTeX

Navigators - DiSIEM project
Personal tools
Navigators toolbox