Search

Your search keyword '"SIEM system"' showing total 12 results
Start Over Descriptor "SIEM system"
12 results on '"SIEM system"'

2. Method for Information Security Events Detection in a Cloud Signature Systems

Author

V. A. Gerasimov and O. V. Boyprav

Subjects
siem system, signature activation protocol, signer profile, cloud signature system, information security event, Information technology, T58.5-58.64
Abstract

The parameters and mechanisms that can be used as the basis for a method for detecting information security events in cloud signature systems, where the signature activation protocol is used, and the development of such a method are substantiated. The following parameters are proposed: the number of signed electronic documents, the number of incorrect authentication attempts to access the user’s personal key, the rate of comparing the hash value of the signed documents, and the rate of sending the hash value of the signed data in the signature creation device. It is recommended to base the method on the mechanisms of mathematical statistics in relation to the listed parameters. The description and results of testing the developed method, the number of false positive and false negative results of the analysis of information security events in cloud signature systems are presented. The obtained values turned out to be less than similar indicators typical for the results of analysis carried out using other existing methods. This is the main advantage of the proposed method compared to its analogues.

Published
2024
Full Text
View/download PDF

3. Principles of data collection for building a secure enterprise infrastructure based on SIEM systems

Author

A. D. Popov and A. N. Nikitenko

Subjects
siem system, data collection, data storage, integration, information security, Technology
Abstract

Objective. The purpose of the article is to present the main capabilities and advantages of implementing and using SIEM systems.Method. System analysis method was used.Result. The main systems of the SIEM class are described, their main capabilities, advantages and disadvantages are listed, and various options for constructing such systems and principles of data collection are considered.Conclusion. Studying the functioning of systems of this type allows us to assess the possibility of their use in the construction of security systems of various scales and architectures. To make maximum use of the capabilities of SIEM systems, it is necessary to adapt and configure it to specific information security requirements. The prospect for further research will be the use of hybrid approaches based on intermediate storage using data streaming.

Published
2024
Full Text
View/download PDF

4. Proactive threat hunting to detect persistent behaviour-based advanced adversaries

Author

Akashdeep Bhardwaj, Salil Bharany, Ahmad Almogren, Ateeq Ur Rehman, and Habib Hamam

Subjects
Persistence behavior, Threat hunt, Resilience, Elastic search, SIEM system, Proactive, Electronic computers. Computer science, QA75.5-76.95
Abstract

Persistence behavior is a tactic advanced adversaries use to maintain unauthorized access and control of compromised assets over extended periods. Organizations can efficiently detect persistent adversaries and reduce the growing risks posed by highly skilled cyber threats by embracing creative techniques and utilizing sophisticated tools. By taking a proactive stance, businesses may increase their entire cybersecurity posture by anticipating and mitigating possible risks before they escalate. Security analysts perform thorough investigations and extract meaningful insights from large datasets with greater technical advantage by using Elasticsearch in conjunction with a variety of linguistic tools. This research presents a novel methodology for proactive threat intelligence to identify and mitigate advanced adversaries that use persistent behaviors. The authors designed and set up an Elasticsearch-based advanced Security Information and Event Management platform to offer a proactive threat-hunting strategy. This enables comprehensive analysis and detection by integrating Lucene, Kibana, and domain-specific languages. The goal of this research is to locate hidden advanced enemies who exhibit persistent behavior during cyberattacks. The framework can help improve the organization’s resilience to identify and respond to threats by closely examining activities like boot or logon auto-start execution in registry keys, tampering with system processes and services, and unauthorized creation of local accounts on compromised assets. This study emphasizes proactive actions over reactive reactions, which advances danger detection techniques. This technical study provides security practitioners seeking to improve defenses against new advanced attacks to stay ahead in a dynamic threat landscape.

Published
2024
Full Text
View/download PDF

5. Enhancing Cloud Security—Proactive Threat Monitoring and Detection Using a SIEM-Based Approach.

Author

Tuyishime, Emmanuel, Balan, Titus C., Cotfas, Petru A., Cotfas, Daniel T., and Rekeraho, Alexandre

Subjects
CLOUD computing, CLOUD computing security measures, VIRTUAL machine systems, MANAGEMENT information systems, VIRTUAL networks, INTERNET traffic
Abstract

With the escalating frequency of cybersecurity threats in public cloud computing environments, there is a pressing need for robust security measures to safeguard sensitive data and applications. This research addresses growing security concerns in the cloud by proposing an innovative security information and event management system (SIEM) that offers automated visibility of cloud resources. Our implementation includes a virtual network comprising virtual machines, load balancers, Microsoft Defender for Cloud, and an application gateway that functions as a web application firewall (WAF). This WAF scans incoming Internet traffic and provides centralized protection against common exploits and vulnerabilities, securing web applications within the cloud environment. We deployed the SIEM system to automate visibility and incident response for cloud resources. By harnessing the power of this employed SIEM, the developed system can continuously monitor, detect security incidents, and proactively mitigate potential security threats. Microsoft Defender for Cloud consistently assesses the configuration of cloud resources against industry standards, regulations, and benchmarks to ensure compliance requirements are met. Our findings highlight the practicality and effectiveness of deploying such solutions to safeguard cloud resources, offering valuable insights to organizations and security professionals seeking sustainable and resilient security measures in the cloud computing environment. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

6. Enhancing Cloud Security—Proactive Threat Monitoring and Detection Using a SIEM-Based Approach

Author

Emmanuel Tuyishime, Titus C. Balan, Petru A. Cotfas, Daniel T. Cotfas, and Alexandre Rekeraho

Subjects
cloud security, SIEM system, security threats, Microsoft Sentinel, compliance, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999
Abstract

With the escalating frequency of cybersecurity threats in public cloud computing environments, there is a pressing need for robust security measures to safeguard sensitive data and applications. This research addresses growing security concerns in the cloud by proposing an innovative security information and event management system (SIEM) that offers automated visibility of cloud resources. Our implementation includes a virtual network comprising virtual machines, load balancers, Microsoft Defender for Cloud, and an application gateway that functions as a web application firewall (WAF). This WAF scans incoming Internet traffic and provides centralized protection against common exploits and vulnerabilities, securing web applications within the cloud environment. We deployed the SIEM system to automate visibility and incident response for cloud resources. By harnessing the power of this employed SIEM, the developed system can continuously monitor, detect security incidents, and proactively mitigate potential security threats. Microsoft Defender for Cloud consistently assesses the configuration of cloud resources against industry standards, regulations, and benchmarks to ensure compliance requirements are met. Our findings highlight the practicality and effectiveness of deploying such solutions to safeguard cloud resources, offering valuable insights to organizations and security professionals seeking sustainable and resilient security measures in the cloud computing environment.

Published
2023
Full Text
View/download PDF

8. Proactive threat hunting to detect persistent behaviour-based advanced adversaries.

Author

Bhardwaj, Akashdeep, Bharany, Salil, Almogren, Ahmad, Ur Rehman, Ateeq, and Hamam, Habib

Abstract

Persistence behavior is a tactic advanced adversaries use to maintain unauthorized access and control of compromised assets over extended periods. Organizations can efficiently detect persistent adversaries and reduce the growing risks posed by highly skilled cyber threats by embracing creative techniques and utilizing sophisticated tools. By taking a proactive stance, businesses may increase their entire cybersecurity posture by anticipating and mitigating possible risks before they escalate. Security analysts perform thorough investigations and extract meaningful insights from large datasets with greater technical advantage by using Elasticsearch in conjunction with a variety of linguistic tools. This research presents a novel methodology for proactive threat intelligence to identify and mitigate advanced adversaries that use persistent behaviors. The authors designed and set up an Elasticsearch-based advanced Security Information and Event Management platform to offer a proactive threat-hunting strategy. This enables comprehensive analysis and detection by integrating Lucene, Kibana, and domain-specific languages. The goal of this research is to locate hidden advanced enemies who exhibit persistent behavior during cyberattacks. The framework can help improve the organization's resilience to identify and respond to threats by closely examining activities like boot or logon auto-start execution in registry keys, tampering with system processes and services, and unauthorized creation of local accounts on compromised assets. This study emphasizes proactive actions over reactive reactions, which advances danger detection techniques. This technical study provides security practitioners seeking to improve defenses against new advanced attacks to stay ahead in a dynamic threat landscape. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

9. IoTBlockSIEM for information security incident management in the internet of things ecosystem.

Author

Miloslavskaya, Natalia and Tolstoy, Alexander

Subjects
*INFORMATION technology security, *INTERNET of things, *SECURITY management, *INFORMATION resources management, *ECOSYSTEMS, *TRANSACTION systems (Computer systems)
Abstract

The Internet unfolded enormous opportunities to the modern computing world where not only humans but also computers and machines, as well as any tiny sensing devices, can communicate and collaborate. The Internet of Things (IoT) is still a new concept in its early stages after 20 years of successful usage in various application domains. Nowadays, the "Internet of Things Ecosystem" term is being used more often that emphasizes its complex internal structure and functionality. Based on the available standards on the IoT's generalized architecture and reference model, the IoT ecosystem is presented as a security object to be protected. Numerous security controls, collecting raw data for complex and multi-stage processing and further detection of events related to information security (IS), are located on its layers. The IS incident management process with different routine actions for the IoT ecosystems needs automation, for which Security Information and Event Management (SIEM) systems are the best applicable solutions. But modern challenges require modifying two previously known generations of these systems, especially for the IoT ecosystems. A new blockchain-based system called the IoTBlockSIEM is proposed to solve this problem. An example of constructing transactions in the IoTBlockSIEM for the case of its use in managing IS incidents in the IoT ecosystem is provided. Further research concludes the article. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

10. Встраивание инструментов SOAR-платформ в экосистему SOC для автоматизации процесса реагирования на инциденты ИБ

Subjects
SOAR platform, response automation, SIEM system, SIEM-система, анализ событий, SOC, SOAR-платформа, автоматизация реагирования, event analysis, information security incidents, инциденты информационной безопасности
Abstract

Мир кибербезопасности полон инструментов информационной безопасности (далее ‒ ИБ). Наиболее новый элемент постоянно прогрессирующих технологий – SOAR-платформа (Security Orchestration, Automation, and Response platform), которая, как обещают производители, сокращает время реагирования на инциденты, улучшает работу функций безопасности и облегчает жизнь командам безопасности [1]. Данная статья посвящена основным проблемам выстраивания процесса реагирования на инциденты информационной безопасности с помощью встраивания SOAR-платформ в экосистему SOC, выбора SOAR-платформы в соответствии с требованиями к системе управления инцидентами ИБ, взаимодействия SOAR-платформы и SIEM-системы, а также определению преимуществ интеграции SOAR-платформы с иными системами ИБ., The world of cybersecurity is full of information security ("IS") tools. The newest element of constantly evolving technology is the SOAR (Security Orchestration, Automation, and Response platform), which, as manufacturers promise, reduces incident response time, improves security functions, and makes life easier for security teams [1]. This article focuses on the main problems of building the information security incident response process by integrating SOAR platforms into the SOC ecosystem, choosing a SOAR platform in accordance with the requirements for the IS incident management system, the interaction between the SOAR platform and the SIEM system, and identifying the benefits of integrating the SOAR platform with other IS systems., Международный научно-исследовательский журнал, Выпуск 10 (124) 2022

Published
2022
Full Text
View/download PDF

11. Встраивание инструментов SOAR-платформ в экосистему SOC для автоматизации процесса реагирования на инциденты ИБ

Subjects
SOAR platform, response automation, SIEM system, SIEM-система, анализ событий, SOC, SOAR-платформа, автоматизация реагирования, event analysis, information security incidents, инциденты информационной безопасности
Abstract

Международный научно-исследовательский журнал, Выпуск 10 (124) 2022

Published
2022
Full Text
View/download PDF

12. An Ontological Model of the Domain of Applications for the Internet of Things in Analyzing Information Security.

Author

Lavrova, D. S. and Vasil'ev, Yu. S.

Abstract

In this paper, we have proposed an ontological model for the application domain of the Internet of Things (IoT) that provides a detailed representation of the relationships and interrelations between system elements at different levels of abstraction with different degrees of detail. The ontological model allows one to understand the technical aspects of developing security information and event management (SIEM) systems for the detection and analysis of security incidents in the IoT. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results