DISIEM - Diversity Enhancements for SIEMs

Date: 
01/09/2016 to 31/08/2019

Introduction

DiSIEM is an EU-funded IA project that aims to extend existing SIEMs with a set of diversity-related components to improve their capacities. This includes components for user behavior analysis, threat intelligence, processing security feeds from the internet, and advanced visualization and security metrics dashboards, among others.

These components make heavy use of data mining, deep learning, and cloud integration, substantially enhancing the capabilities of existing SIEMs. The project considers the design of these components, their integration with four SIEMs, and their validation in three test and production environments.

Who is the project designed for?

All Security Operating Centres (SOCs) and SIEM operators in all market areas. The project is especially relevant for stakeholders that manage and maintain a large IT infrastructure that must be kept secure. The components were designed to be SIEM-independent, i.e., they can, in principle, be integrated with all existing SIEMs that support some basic extensibility features.

How is your project benefitting the end-user?

The main benefit offered by DiSIEM is a "buffet" of components that can enhance the threat monitoring and analysis of current SOCs. These components can substantially enhance the capability to detect novel attacks and threats against the monitored infrastructure as well as to better understand the SOC capacity to investigate, resolve and communicate security incidents.

Please briefly describe the results your project achieved so far

The DiSIEM project just reached its midpoint, with the definition and development of a first version of the nine components considered in the architecture (see Deliverable 2.2, in the project website). Just to cite one example of a DiSIEM component, the consortium devised a service that collects and classifies security-related tweets, finding the ones that are potentially interesting for the SOC analysists, aggregating such information in Indicators of Compromise that are feed either to the SIEM, or to a threat intelligence platform like MISP.

What are the next steps for your project?

The components devised in the project will be integrated to SIEMs such as HP ArcSight, ATOS XL-SIEM, ElasticStack, and Splunk. After this integration, they will be validated in test and production environments provided by EDP, Amadeus, and ATOS, three industrial partners of the project.

 

News

A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework
27/06/2019
Image:

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019
Image:

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.

 

Visit the OFFICIAL EVENT WEBSITE.