| Popis: |
Cyber security incidents need to be analyzed and acted upon on a real time basis for preventing major information security disasters. For achieving real time security incident detection, continuously generated, varied in format and voluminous in size log data is to be analyzed simultaneously, in any medium / large organizational network, which is a challenging task. Lot of research work is targeted to address these issues. Big data analytics has evolved to effectively manage IT security incidents. Elasticsearch, Logstash, Kibana (ELK) is a well-known, free open source platform, which provides the basic components to perform log and network traffic related big size data analysis. For organizations falling under Critical Information Infrastructure (CII) definition, identification of the subset of security incidents to be necessarily monitored on a real time basis is important. We have identified such security events which need to be monitored on a real time basis and addressed at the very first occurrence to mitigate any further serious security disasters in an organization. In this paper we present our approach to design and develop a setup to collect, analyze, visualize, and correlate the data on a real time basis to monitor and detect identified critical security incidents that could either result in data breaches or a security compromise in near future. Results of the effectiveness of the setup for our network of 2500 nodes is also discussed. |
