The implementation of Security Incident Event Management (SIEM) system in the IT infrastructure i... more The implementation of Security Incident Event Management (SIEM) system in the IT infrastructure is the direction of the enterprise networks for monitoring malicious and anomalous traffic in Security Operation Centers (SOC). Log management is the challenge of SIEM solutions due to the voluminous amount of data collected from different types of devices daily. Another challenge is the classification of true alerts by analyzing the logs collected. The Project Coordinate (Correlation of Relevant Data in Network Access Technologies) explores different correlation techniques that identify patterns based on specific components in the logs. The researchers also present Tree Correlation, a newly-created correlation technique that can be used to aid in determining potential attacks that can happen by analyzing series of logs based on header, content and behavior. The system is tested in an isolated network environment where different attacks are executed to compare how the different correlation techniques summarize the logs.
The implementation of Security Incident Event Management (SIEM) system in the IT infrastructure i... more The implementation of Security Incident Event Management (SIEM) system in the IT infrastructure is the direction of the enterprise networks for monitoring malicious and anomalous traffic in Security Operation Centers (SOC). Log management is the challenge of SIEM solutions due to the voluminous amount of data collected from different types of devices daily. Another challenge is the classification of true alerts by analyzing the logs collected. The Project Coordinate (Correlation of Relevant Data in Network Access Technologies) explores different correlation techniques that identify patterns based on specific components in the logs. The researchers also present Tree Correlation, a newly-created correlation technique that can be used to aid in determining potential attacks that can happen by analyzing series of logs based on header, content and behavior. The system is tested in an isolated network environment where different attacks are executed to compare how the different correlation techniques summarize the logs.
Uploads
Papers by Jan Bernardo