Aljoša Počič (2017) Detection of critical events in complex information systems. EngD thesis.
Abstract
Safety in the information environment depends not just on the technologies used, but also on the policies and rules in place. New security protections have developed as a response to new threats and attacks. In order to make use of the data obtained from different security protections and introduce policies into everyday activities within the information system, we used a SIEM system. SIEM system assumes the essential role regarding security of the information system. All records, events and network traffic are stored in one place and in a normalized form, which allows analysis of their correlation. This is how we gain a central position, allowing us to monitor the security situation in the information system, and also to conduct analyses and security reports. The thesis discusses the key sources of information for SIEM systems and the possibilities for data collection from the network traffic. The development of SIEM systems over time and the expectations of next generation SIEM systems available today are also described. The following part focuses on the sample customer and on the model environment. The types of devices in the customer’s environment and the integration of devices in the SIEM system used are listed and described as well. The last part of the thesis shows the use of the solution and three typical areas of analyses performed in the SIEM system. The analysis of advanced attacks also shows the use of free online tools that help us to confirm or reject the threats identified by the security solutions in the information environment.
Actions (login required)