Analysis of ICT Infrastructure w.r.t. Performance and Security Perspective Using SIEM Capabilities

Analysis of ICT Infrastructure w.r.t. Performance and Security Perspective Using SIEM Capabilities

연구 분야: Safety

학회: International Conference on Computing & Emerging Technologies

Although more and more corporations are taking measures to protect their sensitive information, malicious insiders remain one of the most serious issues that must be addressed. The number of cyber security events and breaches against corporations and organizations has increased significantly in recent years. These attacks not only cause the loss and compromise of personal data, but also network equipment malfunction, disruption of daily operation, and economic damages to the targeted firm or organization. As a result, especially for firms that rely on IT, the prevention and early notification of these attacks are important for guaranteeing business continuity. These attacks required advanced intrusion detection systems. However, utilizing these resources is costly, especially for small and medium-sized firms. It should be cost-effective for SMEs because it simply employs free and open-source features and does not require any licensing fees. Furthermore, because it is a Self-Contained System, it requires less management effort. Security personnel can offer comments for irregularities and are shown discovered abnormalities via a Graphical User Interface for their review. GUI provides network administrators with quick access to issue replies. Our paper examines the effective implementation of Security Information and Event Management (SIEM) settings. Our research aims to create such a system to address current and future security challenges. While studies show that insiders are the majority of the time to blame for security vulnerabilities, many firms still lack the proper security procedures or technology capabilities to detect unusual insider behavior. The practical component of the paper focuses on identifying insider threats using SIEM, a multifunctional security investigation, log management, visualization, and report generation. The fundamental research question of this thesis seems to be whether SIEM is suitable and useful for detecting insider threats in any organization with sensitive data. This is verified and evaluated by the actual installation of Solar Winds, a relevant and industry-leading SIEM solution. Among the information, sources are a small test environment used to create data, as well as the creation of artificial insider threats and their identification in LAB. The data is then analyzed, and a variety of different tests are recreated using diagrams and visualizations.