An Analysis of Information Security Event Managers

2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) Pub Date : 2016-06-25 DOI:10.1109/CSCloud.2016.19

Kutub Thakur, Sandra Kopecky, Moath Nuseir, M. Ali, Meikang Qiu

{"title":"An Analysis of Information Security Event Managers","authors":"Kutub Thakur, Sandra Kopecky, Moath Nuseir, M. Ali, Meikang Qiu","doi":"10.1109/CSCloud.2016.19","DOIUrl":null,"url":null,"abstract":"The most effective security starts with real time visibility into all activity on all systems, networks, database and applications. In this paper the focus in on structured data however, some semi-structured and unstructured data is also explored. Whether the source is from network traffic, user activity, or the application user, any variation from normal of abnormal activity could indicate that a threat is imminent and that your data or infrastructure is at risk. In the last several years, there has been a disturbing trend in which attackers are innovating much faster than the defenders. There has been a commercialization of malware with attack kits available through underground forums for anyone who wants to perpetrate any variety of attacks. Large botnets are available for rent, allowing attackers to send spam or launch DDos (distributed denial-of-service) attacks. Many attackers reuse malware and command and control (C & C) and methods, adapting their products over time to keep ahead of the anti malware industry and security professionals. This paper surveys ESMs (Enterprise Security Managers) and cyber-attack case studies.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"2007 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2016.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

The most effective security starts with real time visibility into all activity on all systems, networks, database and applications. In this paper the focus in on structured data however, some semi-structured and unstructured data is also explored. Whether the source is from network traffic, user activity, or the application user, any variation from normal of abnormal activity could indicate that a threat is imminent and that your data or infrastructure is at risk. In the last several years, there has been a disturbing trend in which attackers are innovating much faster than the defenders. There has been a commercialization of malware with attack kits available through underground forums for anyone who wants to perpetrate any variety of attacks. Large botnets are available for rent, allowing attackers to send spam or launch DDos (distributed denial-of-service) attacks. Many attackers reuse malware and command and control (C & C) and methods, adapting their products over time to keep ahead of the anti malware industry and security professionals. This paper surveys ESMs (Enterprise Security Managers) and cyber-attack case studies.

查看原文本刊更多论文

信息安全事件管理器分析

最有效的安全始于对所有系统、网络、数据库和应用程序上的所有活动的实时可见性。本文的重点是结构化数据，但也探讨了一些半结构化和非结构化数据。无论来源是来自网络流量、用户活动还是应用程序用户，正常或异常活动的任何变化都可能表明威胁迫在眉睫，您的数据或基础设施处于危险之中。在过去的几年里，出现了一个令人不安的趋势，即攻击者的创新速度比防御者快得多。恶意软件已经商业化，其攻击工具包可以通过地下论坛获得，任何人都可以进行各种攻击。大型僵尸网络可供租用，允许攻击者发送垃圾邮件或发起DDos(分布式拒绝服务)攻击。许多攻击者重用恶意软件、命令和控制(c&c)和方法，随着时间的推移调整他们的产品，以保持领先于反恶意软件行业和安全专业人员。本文调查了esm(企业安全管理)和网络攻击案例研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)

自引率

0.00%

发文量