Profiling SIEM tools and correlation engines for security analytics

Sekharan, S. Sandeep; Kandasamy, Kamalanathan

doi:10.1109/wispnet.2017.8299855

Cited by 31 publications

(19 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Elastic stack es una Plataforma de código abierto para la ingesta confinable de dates de different fonts, in a variety of different formats; that allows to search, analyse and visualize data in real time [10]. It is used to create big data solutions, it is composed of: Elasticsearch (ES), Logstash and Kibana [29]. It is known as an open source search and analytics engine, based on Apache Lucene, considered as a full-text, distributed and multi-tenancy search engine with a RESTful web interface (Based on REST architecture, which is an interface to connect several HTTP-based systems, and serves to obtain and generate data and operations) and with JSON documents, designed to enable scale-out, reliability and easy management [30].…”

Section: Elastic Stack Componentsmentioning

confidence: 99%

Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM)

2022

IJIES

View full text Add to dashboard Cite

It is estimated that the number of devices and sensors connected to the Internet of Things (Internet of Things) will grow to around 125 billion by the end of this decade, compared to 21 billion this year. The Internet of Things promises tremendous advantages in many applications such as industrial environment, smart homes, smart cities, smart environment, agriculture, control of critical infrastructure and smart health. However, as the number of IoT devices increases and more information is shared between IoT devices, massive amount of data is transmitted between these devices and providing security becomes a major concern for researchers, developers and users, since IoT devices have low power and limited computing and storage capabilities. Where the application of strong and complex encryption processes requires significant capabilities in terms of computing and storage, which makes these devices more vulnerable to attacks and security risks that threaten the integrity of corporate and institutional data and other information. This article proposes implementing a security solution based on the "all-in-one" architecture for Wazuh and Elastic Stack as a tester, in order to implement proof of concept to detect anomalies occurring in devices on a network, which constitute the Wazuh proxy. In this way, the security contribution proactively with the collection of logs in real time, allows this system in question to generate alerts in the event of attempted attacks and implement the active response, a measure that allows mitigation of the detected incident. This project promotes open-source software solutions, and proves to be a complete business security solution in the context of analysing log data to secure a host for the internal business network. He concluded that the solution is ideal for business environments of any type, and even more so for small environments such as our simulated environments. Considering that the method of automating responses to security incidents offers a great alternative in the field of information technology.

show abstract

Section: Elastic Stack Componentsmentioning

confidence: 99%

Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM)

2022

IJIES

View full text Add to dashboard Cite

show abstract

“…They investigate strategies for preprocessing alarm events in order to reduce the number of displayed alarms, thus simplifying the system for human operators. An overview of the most popular SIEM tools and open-source rule-based correlation engines (including IBM QRadar, HP ArcSight, Splunk, and LogRhythm) was presented in [23], which compared the engine correlation mechanisms and classified them into similaritybased, knowledge-based, and statistical correlation. The authors of [24] proposed two novel alert correlation approaches for SIEM systems: enforcement-based correlation, which aims at classifying all possible countermeasures and their associated policy enforcement points to implement the security rule as a defense mechanism; metric-based correlation, which aims at deriving correlation rules from information security indicators to allow the analysis and evaluation of the SIEM effectiveness.…”

Section: State-of-the-art On Siemmentioning

confidence: 99%

Toward the Integration of Cyber and Physical Security Monitoring Systems for Critical Infrastructures

Fausto

Gaggero

Patrone

et al. 2021

Sensors

View full text Add to dashboard Cite

Critical Infrastructures (CIs) are sensible targets. They could be physically damaged by natural or human actions, causing service disruptions, economic losses, and, in some extreme cases, harm to people. They, therefore, need a high level of protection against possible unintentional and intentional events. In this paper, we show a logical architecture that exploits information from both physical and cybersecurity systems to improve the overall security in a power plant scenario. We propose a Machine Learning (ML)-based anomaly detection approach to detect possible anomaly events by jointly correlating data related to both the physical and cyber domains. The performance evaluation showed encouraging results—obtained by different ML algorithms—which highlights how our proposed approach is able to detect possible abnormal situations that could not have been detected by using only information from either the physical or cyber domain.

show abstract

“…However, it does not solve the tampering problem, as all logging data is stored in the same place, without a way to verify if someone modified an entry. Alternative common log management tools, like LogRhytm [8] or Splunk [9], have the same problem. Their main concern is storing data and retrieving entries quickly and efficiently, without analysing possible integrity problems.…”

Section: Related Workmentioning

confidence: 99%

Blockchain structures to guarantee logging integrity of a digital platform to support community-dwelling older adults

2020

View full text Add to dashboard Cite

Current epidemiological changes promote a trend toward distributed care provision in the community. Digital platforms allowing the exchange of patient information are essential in optimizing community care. However, these digital platforms should present trustworthy environments. This article reports a study aiming to implement and evaluate a Logging Service based on blockchain technologies to guarantee the integrity of the activity logs of the Social Cooperation for Integrated Assisted Living platform. This platform of services was developed to support integrated care and assistance of communitydwelling older adults and uses the Fast Healthcare Interoperability Resources to promote information interoperability.

show abstract

Profiling SIEM tools and correlation engines for security analytics

Cited by 31 publications

References 4 publications

Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM)

Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM)

Toward the Integration of Cyber and Physical Security Monitoring Systems for Critical Infrastructures

Blockchain structures to guarantee logging integrity of a digital platform to support community-dwelling older adults

Contact Info

Product

Resources

About