Abstract
|
Security Information and Event Management
… Security Information and Event Management
(SIEM) systems have been adopted by organizations to enable
a holistic monitoring of malicious activities in their IT infrastructures. SIEMs receive events from diverse devices of the
organization’s IT infrastructure (e.g., servers, firewalls, IDS),
correlate these events, and present reports for security analysts.
Given the large number of events collected by SIEMs, it is costly
to store such data for long periods. Since organizations store
a relatively limited time-frame of events, the forensic analysis
capabilities severely become reduced. This concern limits the
organizations’ ability to store important information about the
past cybersecurity-related activity, limiting forensic analysis. A
possible solution for this issue is to leverage public cloud storage
services, exploiting their low cost and “infinite” scalability. We
present SLICER an archival system for long-term storage that
makes use of a multi-cloud-based storage system to guarantee
data security and ensures cost-effectiveness by grouping events in
blocks and using indexing techniques to recover them. The system
was evaluated using a real dataset and the results show that it
is significantly more cost-efficient than competing alternatives. ost-efficient than competing alternatives.
|