DISIEM - Diversity Enhancements for SIEMs

Date: 
01/09/2016 to 31/08/2019

Introduction

DiSIEM is an EU-funded IA project that aims to extend existing SIEMs with a set of diversity-related components to improve their capacities. This includes components for user behavior analysis, threat intelligence, processing security feeds from the internet, and advanced visualization and security metrics dashboards, among others.

These components make heavy use of data mining, deep learning, and cloud integration, substantially enhancing the capabilities of existing SIEMs. The project considers the design of these components, their integration with four SIEMs, and their validation in three test and production environments.

Who is the project designed for?

All Security Operating Centres (SOCs) and SIEM operators in all market areas. The project is especially relevant for stakeholders that manage and maintain a large IT infrastructure that must be kept secure. The components were designed to be SIEM-independent, i.e., they can, in principle, be integrated with all existing SIEMs that support some basic extensibility features.

How is your project benefitting the end-user?

The main benefit offered by DiSIEM is a "buffet" of components that can enhance the threat monitoring and analysis of current SOCs. These components can substantially enhance the capability to detect novel attacks and threats against the monitored infrastructure as well as to better understand the SOC capacity to investigate, resolve and communicate security incidents.

Please briefly describe the results your project achieved so far

The DiSIEM project just reached its midpoint, with the definition and development of a first version of the nine components considered in the architecture (see Deliverable 2.2, in the project website). Just to cite one example of a DiSIEM component, the consortium devised a service that collects and classifies security-related tweets, finding the ones that are potentially interesting for the SOC analysists, aggregating such information in Indicators of Compromise that are feed either to the SIEM, or to a threat intelligence platform like MISP.

What are the next steps for your project?

The components devised in the project will be integrated to SIEMs such as HP ArcSight, ATOS XL-SIEM, ElasticStack, and Splunk. After this integration, they will be validated in test and production environments provided by EDP, Amadeus, and ATOS, three industrial partners of the project.

 

Week: 
Monday, 19 March, 2018

News

Share your view to identify EU-US priorities on cybersecurity and privacy R&I

The AEGIS project is working to promote cybersecurity and privacy dialogue and cooperation between the US and the EU.

As part of its activities AEGIS is conducting an online survey to identify R&I priorities for EU-US cooperation in cybersecurity and privacy.

Events

28/06/2018
Free Live Cybersecurity Webinar – Cyberwatching.eu: opportunities for CS&P clusters

Cyberwatching.eu launch the first webinar for clusters that are actively working in Cybersecurity and Privacy, in order to share experiences and information on how they can help their members to keep up to date in these sectors.

One of the main goals of cyberwatching.eu project is to take advantage of the results of previous European R&D projects to build new product and services, fostering synergies among different European clusters. In this webinar we will give you an overview of:

10/10/2018 to 11/10/2018
Transatlantic ICT Forum 2018