Combining Network Access Control (NAC) and SIEM functionality based on open source

Detken, Kai-Oliver; Jahnke, Marcel; Kleiner, Carsten; Rohde, Marius

doi:10.1109/idaacs.2017.8095094

Cited by 5 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Menges et al [11] proposed an architecture of SIEM that meets the privacy requirements of the General Data Protection Regulation (GDPR). Detken et al [12] proposed a security system, which extends existing Network Access Control (NAC) systems with SIEM functionality, additional analyzing methods and dynamical compliance support. One of the aims of the proposed security platform is to make it affordable for SMEs in contrast to other commercial SIEM systems.…”

Section: Research On Improving Siemmentioning

confidence: 99%

“…They provide a set of suitable technological and business requirements that are believed to be valuable in a SIEM system. They provide a template with 14 features: (1) level of compliance, (2) complexity, (3) capability, (4) robustness, (5) scalability, (6) vision, (7) installation duration, (8) licensing, (9) support, (10) training, (11) additional features, (12) integration with third parties, (13) vendor skills, (14) price. This template must be completed for each candidate SIEM solution by assigning appropriate weight/importance to each feature.…”

Section: Other Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs

Manzoor,

Waleed,

Jamali

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

The proliferation of cyber threats necessitates robust security measures to safeguard critical assets and data in today’s evolving digital landscape. Small and Medium Enterprises (SMEs), which are the backbone of the global economy are particularly vulnerable to these threats due to inadequate protection for critical and sensitive information, budgetary constraints, and lack of cybersecurity expertise and personnel. Security Information and Event Management (SIEM) systems have emerged as pivotal tools for monitoring, detecting, and responding to security incidents. While proprietary SIEM solutions have historically dominated the market, open-source SIEM systems have gained prominence for their accessibility and cost-effectiveness for SMEs. This article presents a comprehensive study focusing on the evaluation of open-source SIEM systems. The research investigates the capabilities of these open-source solutions in addressing modern security challenges and compliance with regulatory requirements. Performance aspects are explored through empirical testing in simulated enterprise-grade SME network environments to assess resource utilization, and real-time data processing capabilities. By providing a rigorous assessment of the security and performance features of open-source SIEM systems, this research offers valuable insights to cybersecurity practitioners, organizations seeking cost-effective security solutions, and the broader academic community. The findings shed light on the strengths and limitations of these systems, aiding decision-makers in selecting the most suitable SIEM solution for their specific requirements while enhancing the cybersecurity posture of SMEs.

show abstract

Section: Research On Improving Siemmentioning

confidence: 99%

Section: Other Related Workmentioning

confidence: 99%

Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs

Manzoor,

Waleed,

Jamali

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

show abstract

“…Kai-Oliver Detken et. kal [3] worked on the research project CLEARER aimed at developing a security system, which extends existing NAC systems with SIEM functionality, additional analyzing methods, and dynamical compliance support. This goal will only be reached by using Open Source Software (OSS).…”

Section: Literature Surveymentioning

confidence: 99%

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Yadav¹,

Mishra²

2021

JUSST

View full text Add to dashboard Cite

The field of information security plays an important role in education, IT, health domain, etc. Much research has been carried out in order to secure data in hardware, on the cloud, and during transmission over the network. A secure data transmission and securing the stored data is still taken as one of the concerned areas. Cloud-based SIEM is used nowadays, which is the art and science to secure the information of the organization. SIEM is Security Information and Event Management, which means securing the organization containing network devices and devices holding critical and sensitive information. In this paper, a survey is carried out to determine the gap in current security providers and areas that need attention. We take logs as input and send them to SIEM for analysis. Whether a SIEM is capable enough to determine the unknown threats and user behavior to identify insider threats. Also, terms such as EPS, False positive Rate, Mean Time to Resolution are used as compassion and aim to keep False positive rate and mean time resolution value low and EPS no restriction.

show abstract

“…Comparative studies of existing NAC systems has concluded that the NAC solutions from Cisco, Trustwave, and Forescout can be implemented in accordance with the existing network infrastructure so that it can produce maximum profits where NAC can limit the access of devices and users that are defined based on existing roles and ensure network access obtained according to what is needed [17]. The main benefit of NAC systems is to prevent potentially malicious or infected devices from entering the network in order to keep the network clean [18]. So that network security can be increased from the user level by using NAC.…”

Section: A Nacmentioning

confidence: 99%

Internal Threat Defense using Network Access Control and Intrusion Prevention System

Putra¹,

Surantha²

2019

IJACSA

View full text Add to dashboard Cite

This study aims to create a network security system that can mitigate attacks carried out by internal users and to reduce attacks from internal networks. Further, a network security system is expected to be able to overcome the difficulty of mitigating attacks carried out by internal users and to improve network security. The method used is to integrate the ability of Network Access Control (NAC) and the Intrusion Prevention System (IPS) that have been designed and implemented in this study, then an analysis is performed to compare the results of tests that have been carried out using only the NAC with the results using integration of NAC capabilities and IPS. The results obtained from the tests that have been carried out, namely, the security system by using the integration of NAC and IPS capabilities is better than using only the NAC.

show abstract

Combining Network Access Control (NAC) and SIEM functionality based on open source

Cited by 5 publications

References 7 publications

Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs

Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs

Study of challenges faced by Enterprises using Security Information and Event Management (SIEM)

Internal Threat Defense using Network Access Control and Intrusion Prevention System

Contact Info

Product

Resources

About