DISIEM - Diversity Enhancements for SIEMs

Date: 
01/09/2016 to 31/08/2019

Introduction

DiSIEM is an EU-funded IA project that aims to extend existing SIEMs with a set of diversity-related components to improve their capacities. This includes components for user behavior analysis, threat intelligence, processing security feeds from the internet, and advanced visualization and security metrics dashboards, among others.

These components make heavy use of data mining, deep learning, and cloud integration, substantially enhancing the capabilities of existing SIEMs. The project considers the design of these components, their integration with four SIEMs, and their validation in three test and production environments.

Who is the project designed for?

All Security Operating Centres (SOCs) and SIEM operators in all market areas. The project is especially relevant for stakeholders that manage and maintain a large IT infrastructure that must be kept secure. The components were designed to be SIEM-independent, i.e., they can, in principle, be integrated with all existing SIEMs that support some basic extensibility features.

How is your project benefitting the end-user?

The main benefit offered by DiSIEM is a "buffet" of components that can enhance the threat monitoring and analysis of current SOCs. These components can substantially enhance the capability to detect novel attacks and threats against the monitored infrastructure as well as to better understand the SOC capacity to investigate, resolve and communicate security incidents.

Please briefly describe the results your project achieved so far

The DiSIEM project just reached its midpoint, with the definition and development of a first version of the nine components considered in the architecture (see Deliverable 2.2, in the project website). Just to cite one example of a DiSIEM component, the consortium devised a service that collects and classifies security-related tweets, finding the ones that are potentially interesting for the SOC analysists, aggregating such information in Indicators of Compromise that are feed either to the SIEM, or to a threat intelligence platform like MISP.

What are the next steps for your project?

The components devised in the project will be integrated to SIEMs such as HP ArcSight, ATOS XL-SIEM, ElasticStack, and Splunk. After this integration, they will be validated in test and production environments provided by EDP, Amadeus, and ATOS, three industrial partners of the project.

 

Week: 
Monday, 19 March, 2018

Project type:

News

EU to strenghten its expertise in cybersecurity research, technology and industrial developmen

Europe is stepping up its protection against cybersecurity threats, and is discussing a new structure of pool of expertise which will help secure the digital single market and increase the EU’s autonomy in the area of cybersecurity.

Europe is currently working on the establishment of a top knowledge base for cybersecurity and a network of national cybersecurity coordination centres called the European Cybersecurity Industrial, Technology and Research Centre and the Network of National Coordination Centres.

Future Events

Cyber Insurance and its Contribution to Cyber Risk Mitigation - Leiden March 25-29
25/03/2019 to 29/03/2019
Image:

The rise in both the scale and severity of recent cyberattacks demands new thinking about cybersecurity risk and the mitigation and transfer of that risk. Cyber insurance is one potential way to manage risk by transferring damage liability, but the cyber insurance market is immature and the understanding and actuarial knowledge of cyber-risk is currently underdeveloped.

e-SIDES workshop 2019
02/04/2019
Image:

e-SIDES workshop: Towards Value-Centric Big Data: Connect People, Processes and Technology

BRUSSELS

2 April 2019

10am to 4pm

 

e-SIDES is a research project funded by European Commission H2020 Programme that deals with the ethical, legal, social and economic implications of privacy-preserving technologies in different big data context.