Abstract
|
Security Information and Event Management
… Security Information and Event Management
(SIEM) systems have been adopted by organizations to enable
holistic monitoring of malicious activities in their IT infrastructures. SIEMs receive events from diverse devices of the
organization’s IT infrastructure (e.g., servers, firewalls, IDS),
correlate these events, and present reports for security analysts.
Given the large number of events collected by SIEMs, it is costly
to store such data for long periods. Since organizations store
a relatively limited time-frame of events, the forensic analysis
capabilities severely become reduced. We present SLICER an
archival system for long-term storage that makes use of a
multi-cloud-based storage system to guarantee data security,
low cost and “infinite” scalability, and ensures cost-effectiveness
by grouping events in blocks and using indexing techniques to
recover them. The system was evaluated using a real dataset and
the results show that it is significantly more cost-efficient than
competing alternatives. ost-efficient than
competing alternatives.
|