Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

Coppolino, Luigi; Sgaglione, Luigi; D’Antonio, Salvatore; Magliulo, Mario; Romano, Luigi; Pacelli, Roberto

doi:10.1007/s42979-021-00858-4

Cited by 6 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4, this architecture is wellrounded. It incorporates log monitoring, threat intelligence, asset inventory, configuration assessment, compliance monitoring, and automated incident response to detect and respond to security issues [15][16][17][18][19].…”

Section: Architecturementioning

confidence: 99%

Building a Scalable Security Operations Center: A Focus on Open-source Tools

Bassey,

Chinda,

Idowu

2024

J. Eng. Res. Rep.

View full text Add to dashboard Cite

Given the prevalence of a wide variety of cyber attacks against businesses of all sizes, it is essential to ensure that adequate security monitoring of organizational assets and infrastructure is in place to ensure the early detection and response to security incidents. By using a security information and event management (SIEM) tool in collaboration with other security tools, such as an extended detection and response (XDR) tool, all housed in an organizational unit, adequate security monitoring and response to detected incidents can be achieved. This research builds a SOC architecture with various components to ensure complete security visibility across endpoints and digital assets. Then, it proposes low-cost open-source tooling that can be used to implement this architecture. To validate the performance of this architecture, the architecture was implemented using the proposed tools, which included the Wazuh platform as the XDR and SIEM tool, TheHive for case management, and Suricata for network intrusion detection. Subsequently, various cybersecurity scenarios, such as brute force attacks, malware downloads, and DoS attacks, were executed against endpoints monitored by this deployed architecture. The results show that the tools implemented performed the correct exposure assessment and successfully detected and responded to the various scenarios. This paper proposed a security operations center architecture utilizing open-source tools and successfully implemented it to detect common cybersecurity attacks.

show abstract

Section: Architecturementioning

confidence: 99%

Building a Scalable Security Operations Center: A Focus on Open-source Tools

Bassey,

Chinda,

Idowu

2024

J. Eng. Res. Rep.

View full text Add to dashboard Cite

show abstract

“…In the above context, the deployment of SIEM solutions is expected. SIEMs improve incident detection, speed up incident management, and enforce adherence to specific regulatory compliance needs [ 41 ].…”

Section: Motivating Casesmentioning

confidence: 99%

PALANTIR: An NFV-Based Security-as-a-Service Approach for Automating Threat Mitigation

Compastié

Martínez

Fernández

et al. 2023

Sensors

View full text Add to dashboard Cite

Small and medium enterprises are significantly hampered by cyber-threats as they have inherently limited skills and financial capacities to anticipate, prevent, and handle security incidents. The EU-funded PALANTIR project aims at facilitating the outsourcing of the security supervision to external providers to relieve SMEs/MEs from this burden. However, good practices for the operation of SME/ME assets involve avoiding their exposure to external parties, which requires a tightly defined and timely enforced security policy when resources span across the cloud continuum and need interactions. This paper proposes an innovative architecture extending Network Function Virtualisation to externalise and automate threat mitigation and remediation in cloud, edge, and on-premises environments. Our contributions include an ontology for the decision-making process, a Fault-and-Breach-Management-based remediation policy model, a framework conducting remediation actions, and a set of deployment models adapted to the constraints of cloud, edge, and on-premises environment(s). Finally, we also detail an implementation prototype of the framework serving as evaluation material.

show abstract

“…Both firms use the Gartner Magic Quadrant as their starting point for study (Balayla Jacques 2020), putting the more complex factors to the side for consideration in upcoming SIEMs. Similar to this, businesses like Solutions Review by (Luigi et al,2022) provides periodic studies to help SIEM purchasers choose the best SIEM solution for their companies. The authors conduct a vendor comparison map focused on compliance, log management, and threat detection, three essential SIEM characteristics.…”

Section: Related Workmentioning

confidence: 99%

“…The media, the security community, and the IT sector have in recent times focused on security due to extremely significant cyberattacks. The Solar Winds breach in 2019 affected the network management systems of numerous organizations (Luigi et al, 2022). This resulted in significant data leaks and caused a great deal of damage.…”

Section: Introductionmentioning

confidence: 99%

Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture

Ehis

2023

AAES

View full text Add to dashboard Cite

This work integrates logical and physical security processes, and simplifies the manageability of the security infrastructure. The process increases visibility to resources, which makes it easier to prevent security incidents, and provides a platform to manage the response and recovery after an incident occur. Log collection is the heart and soul of a SIEM. Log correlation is employed to identify particular sequences of log events from devices. The comparison between network level and host level events automatically perform initial validation that would not normally be performed. It considers movement of data between systems where it would not normally accounts logging on at unusual times or from unusual places, these may not generate specific security alerts, but can be much more easily spotted and flagged by a log correlation solution that sees everything in the environment. It shows some enhancements to event log normalization and significantly improves correlation rule execution. The event monitoring algorithm and SIEM correlation rules result in false positives or false negatives. Security managers, therefore, may waste time and resources that could be used to respond to real threats and assaults if there are too many false positives. This study hereby, strikes a compromise between lowering false positive alerts and not ignoring any potential abnormalities that could indicate a cyberattack when establishing SIEM correlation rules. In order to decide which data is pertinent and which data is irrelevant in an event pipeline, this research employs the use of filters. Through this examination, it can be inferred that the conditions are advantageous for promoting investment in the growth and enhancement of this technology as an essential component of industrial control systems with security operation centers, as well as offering cyber security management for small and medium-sized enterprises (SMEs) with restricted security expertise and capabilities.

show abstract

Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

Cited by 6 publications

References 11 publications

Building a Scalable Security Operations Center: A Focus on Open-source Tools

Building a Scalable Security Operations Center: A Focus on Open-source Tools

PALANTIR: An NFV-Based Security-as-a-Service Approach for Automating Threat Mitigation

Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture

Contact Info

Product

Resources

About