The Operational Role of Security Information and Event Management Systems

被引：102

作者：

Bhatt, Sandeep ^{[1
]}

Manadhata, Pratyusa K. ^{[1
]}

Zomlot, Loai ^{[1
]}

机构：

[1] Hewlett Packard Labs, Palo Alto, CA 94304 USA

来源：

IEEE SECURITY & PRIVACY | 2014年 / 12卷 / 05期

关键词：

INTRUSION DETECTION; ALERT CORRELATION;

D O I：

10.1109/MSP.2014.103

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

An integral part of enterprise computer security incident response teams, a security operations center (SOC) monitors security incidents in real time. Security incident and event management systems play a critical role in SOCs-collecting, normalizing, storing, and correlating events to identify malicious activities-but face operational challenges.

引用

页码：35 / 41

页数：7

共 10 条

[1]

Agrawal R., 1993, SIGMOD Record, V22, P207, DOI 10.1145/170036.170072

[2]

[Anonymous], 2013, P 29 ANN COMP SEC AP, DOI DOI 10.1145/2523649.2523670

[3]

[Anonymous], APPLIED SECURITY VIS

[4]

Axelsson S., 2000, ACM Transactions on Information and Systems Security, V3, P186, DOI 10.1145/357830.357849

[5]

Cuppens F, 2002, P IEEE S SECUR PRIV, P202, DOI 10.1109/SECPRI.2002.1004372

[6] A survey on information visualization: recent advances and challenges [J].

Liu, Shixia ;

Cui, Weiwei ;

Wu, Yingcai ;

Liu, Mengchen .

VISUAL COMPUTER, 2014, 30 (12) :1373-1393

[7] A logic-based model to support alert correlation in intrusion detection [J].

Morin, Benjamin ;

Me, Ludovic ;

Debar, Herve ;

Ducasse, Mireille .

INFORMATION FUSION, 2009, 10 (04) :285-299

[8]

Ogas O., 2013, WIRED

[9]

Zhai Y., 2004, Proceedings. 20th Annual Computer Security Applications Conference, P39

[10]

Zomlot L., 2011, P 4 ACM WORKSHOP SEC, P59, DOI [10.1145/2046684.2046694, DOI 10.1145/2046684.2046694]

← 1 →