The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The number of attacks that use sophisticated and complex methods increased lately. The main objective of these attacks is to largely infiltrate the target network and to stay undetected. Therefore, the attackers often use valid credentials and standard administrative tools to hide between legitimate user actions and to hinder detection. Most existing security systems, which use standard signature-based...
Advanced persistent threats (APTs) pose a significant risk to nearly every infrastructure. Due to the sophistication of these attacks, they are able to bypass existing security systems and largely infiltrate the target network. The prevention and detection of APT campaigns is also challenging, because of the fact that the attackers constantly change and evolve their advanced techniques and methods...
When looking at media reports nowadays, major security breaches of big companies and governments seem to be a normal situation. An important step for the investigation or even prevention of these breaches is to normalize and analyze security-related log events from various systems in the target network. However, the number of log events produced in big IT landscapes can grow up to multiple billions...
Looking at recent cyber-attacks in the news, a growing complexity and sophistication of attack techniques can be observed. Many of these attacks are performed in multiple steps to reach the core of the targeted network. Existing signature detection solutions are focused on the detection of a single step of an attack, but they do not see the big picture. Furthermore, current signature languages cannot...
Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine...
Understanding events produced by IT systems is a vital part of effectively managing and maintaining medium and large sized computer networks. As a result, Security Information and Management (SIEM) systems have become an indispensable part of modern networks. One of the main challenges facing SIEM systems is the ability to parse and extract relevant information from the processed events in near real-time...
Such information as system and application logs as well as the output from the deployed security measures, e.g., IDS alerts, firewall logs, scanning reports, etc., is important for the administrators or security operators to be aware at first time of the running state of the system and take efforts if necessary. In this context, high performance security analytics is proposed to address the challenges...
Looking at current IDS and SIEM systems, we observe heavy processing power dedicated solely to answering a simple question, What is the format of the log line that the IDS (or SIEM) system should process next? Due to the apparent difficulties of uniquely identifying a log line at run-time, most systems today do little or no normalisation of the events they receive. Indeed these systems often rely...
The current state of affairs regarding the way events are logged by IT systems is the source of many problems for the developers of Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) systems. These problems stand in the way of the development of more accurate security solutions that draw their results from the data included within the logs they process. This is...
A huge amount of information about real-time events are being generated in every second in a running IT-Infrastructure and recorded by the system logs, application logs, as well as the output from the deployed security or management methods, e.g., IDS alerts, firewall logs, scanning reports, etc. To rapidly gather, process, correlate, and analyze the massive event information is a challenging task...
The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilization within existing solutions for security management. In our paper, we reveal the reasons for this limitation. We show disadvantages of existing...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.