Response automation for security information and event manager, SIERA

Information security is a crucial element that should be prioritized in all organization today. With the fast-paced growth of security threats, there is a need to strengthen their defense. Security information and event managers (SIEM) systems are deployed into organizations as one of its lines of d...

Full description

Saved in:
Bibliographic Details
Main Authors: Albayda, Giodeelyn B., Coloma, Juan Paolo A., Corpuz, Danica Christine D., Nieva, Patricia Hera A
Format: text
Language:English
Published: Animo Repository 2016
Subjects:
Online Access:https://animorepository.dlsu.edu.ph/etd_bachelors/6639
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: De La Salle University
Language: English
Description
Summary:Information security is a crucial element that should be prioritized in all organization today. With the fast-paced growth of security threats, there is a need to strengthen their defense. Security information and event managers (SIEM) systems are deployed into organizations as one of its lines of defense. It acts as a middlemen between devices monitoring if there are attacks that have been made into the network. Traditional SIEMs handle attacks by creating reports and by at most notifying the system administrator. This approach relies solely on the skills of the system administrator and resources in mitigating the attacks that have been detected. This being the case, there is a lack of proactive in the case of SIEM. Without implementing the proper mitigation technique immediately, the severity of the attack might heighten making the data of the organization susceptible to breach. This study aims to create a response automation system for security information and event managers. In order to verify the functionality of the system, several tests have been conducted. One of these include the classification of attacks, it categorizes the attacks based on the needed metrics like protocol used, priority of the victim, and attack rate. After which, the proper response for the attack will be imposed automatically. The implemented features together with the performance of the system shows the effectivity of the response automation for SIEMs.