Utilization of SIEM systems for network events monitoring

Autor: Kopřiva, Milan
Přispěvatelé: Čermák, Igor, Habáň, Přemysl
Jazyk: čeština
Rok vydání: 2015
Předmět:
Popis: In the last years we can observe an increasing number of security incidents varying in their focus, motives and success rate. Attacks are often conducted by very skilled organized groups with high knowledge base and they are increasing in their sophistication and efficiency. Because of those reasons information security is now one of the main fields of interest of IT experts. This thesis deals with Security information and Event Management technology and its usage for the detection of potentially harmful activity in a company's internal network. In the first chapter the elementary concepts of security are placed into the context of this thesis. Next chapter deals with security information and event management technology itself, its clear definition and describing the main functionality. The end of the theoretical part is dedicated to the author's view of the future and also to the problems concerning the implementation of SIEM solutions including return on investment calculation which has certain specifics in security field. Main benefit coming from this thesis is a clear description and creation of use cases aimed at the detecting suspicious activity in internal computer networks combined with their deployment in SIEM solution in real environment. The practical part of this thesis is dedicated to the configuration of the chosen device and its connection to the SIEM solution, and the assessment of usability of security events generated by the threat detecting device. Based on this assessment the use cases will be modelled and then deployed in the test environment. This thesis aims to bring on overall view into the security information and event management technology, starting with its definition and base functions. The primary goal of this thesis is use case designing for real time threat detection in a practical environment.
Databáze: OpenAIRE