The Operational Role of Security Information and Event Management Systems

被引：92

作者：

Bhatt, Sandeep ^{[1
]}

Manadhata, Pratyusa K. ^{[1
]}

Zomlot, Loai ^{[1
]}

机构：

[1] Hewlett Packard Labs, Palo Alto, CA 94304 USA

来源：

IEEE SECURITY & PRIVACY | 2014年 / 12卷 / 05期

关键词：

INTRUSION DETECTION; ALERT CORRELATION;

D O I：

10.1109/MSP.2014.103

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

An integral part of enterprise computer security incident response teams, a security operations center (SOC) monitors security incidents in real time. Security incident and event management systems play a critical role in SOCs-collecting, normalizing, storing, and correlating events to identify malicious activities-but face operational challenges.

引用

页码：35 / 41

页数：7

共 10 条

[1] Agrawal R., 1993, SIGMOD Record, V22, P207, DOI 10.1145/170036.170072
[2] [Anonymous], 2013, P 29 ANN COMP SEC AP, DOI DOI 10.1145/2523649.2523670
[3] [Anonymous], APPLIED SECURITY VIS
[4] Axelsson S., 2000, ACM Transactions on Information and Systems Security, V3, P186, DOI 10.1145/357830.357849
[5] Cuppens F, 2002, P IEEE S SECUR PRIV, P202, DOI 10.1109/SECPRI.2002.1004372
[6] A survey on information visualization: recent advances and challenges
Liu, Shixia
Cui, Weiwei
Wu, Yingcai
Liu, Mengchen
[J]. VISUAL COMPUTER, 2014, 30 (12) : 1373 - 1393
[7] A logic-based model to support alert correlation in intrusion detection
Morin, Benjamin
Me, Ludovic
Debar, Herve
Ducasse, Mireille
[J]. INFORMATION FUSION, 2009, 10 (04) : 285 - 299
[8] Ogas O., 2013, WIRED
[9] Zhai Y., 2004, Proceedings. 20th Annual Computer Security Applications Conference, P39
[10] Zomlot L., 2011, P 4 ACM WORKSHOP SEC, P59, DOI [10.1145/2046684.2046694, DOI 10.1145/2046684.2046694]

← 1 →