Bastian Hellmann scite author profile

Abstract. The threat of cyber-attacks grows up, as one can see by several negative security news and reports [8]. Today there are many security components (e.g. anti-virus-system, firewall, and IDS) available to protect enterprise networks; unfortunately, they work independently from each other -isolated. But many attacks can only be recognized if logs and events of different security components are combined and correlated with each other. Existing specifications of the Trusted Computing Group (TCG) already provide a standardized protocol for metadata collection and exchange named IF-MAP. This protocol is very useful for network security applications and for the correlation of different metadata in one common database. That circumstance again is very suitable for Security Information and Event Management (SIEM) systems. In this paper we present a SIEM architecture developed during a research project called SIMU. Additionally, we introduce a new kind of metadata that can be helpful for domains that are not covered by the existing TCG specifications. Therefore, a metadata model with unique data types has been designed for higher flexibility. IntroductionSecurity Information and Event Management (SIEM) systems are seen as an important security component of company networks and IT infrastructures. These systems allow to consolidate and to evaluate messages and alerts of individual components of an IT system. At the same time messages of specialized security systems (firewall-logs, VPN gateways etc.) can be taken into account. However, practice showed that these SIEM systems are extremely complex and only operable with large personnel effort. Many times SIEM systems are installed but neglected in continuing operation.

show abstract

SIEM approach for a higher level of IT security in enterprise networks

Detken

Rix

Kleiner

et al. 2015

View full text Add to dashboard Cite

The threat of cyber-attacks grows up, as one can see by several negative security-news from companies and private persons.[7] Especially small-and-medium-sized enterprises (SME) are in focus of external attackers because they have not implemented sufficient security strategies and components for their networks yet. Additionally, tablets, smartphones, and netbooks changed the requirements of IT security rapidly. Today, there are several security components (e.g. anti-virus-system, firewall, and intrusion detection system) available to protect enterprise networks;unfortunately, they work independently from each other -isolated. But many attacks can only be recognized if logs and events of different security components are combined and correlated with each other. This possibility is offered by a security information and event management (SIEM) system. But nowadays these systems are very complex and expensive in deployment and maintenance ([12]). The SIMU project, funded by the BMBF [6] and presented in this paper, offers several features of a SIEM system with better handling and more efficient use in the SME environment.

show abstract

Integrating visual analysis of network security and management of detection system configurations

Hellmann¹,

Ahlers²,

Rodosek

2017

View full text Add to dashboard Cite

Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources

Ahlers¹,

Heine²,

Hellmann³

et al. 2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.