DISIEM - Diversity Enhancements for SIEMs

Date: 
01/09/2016 to 31/08/2019

Introduction

DiSIEM is an EU-funded IA project that aims to extend existing SIEMs with a set of diversity-related components to improve their capacities. This includes components for user behavior analysis, threat intelligence, processing security feeds from the internet, and advanced visualization and security metrics dashboards, among others.

These components make heavy use of data mining, deep learning, and cloud integration, substantially enhancing the capabilities of existing SIEMs. The project considers the design of these components, their integration with four SIEMs, and their validation in three test and production environments.

Who is the project designed for?

All Security Operating Centres (SOCs) and SIEM operators in all market areas. The project is especially relevant for stakeholders that manage and maintain a large IT infrastructure that must be kept secure. The components were designed to be SIEM-independent, i.e., they can, in principle, be integrated with all existing SIEMs that support some basic extensibility features.

How is your project benefitting the end-user?

The main benefit offered by DiSIEM is a "buffet" of components that can enhance the threat monitoring and analysis of current SOCs. These components can substantially enhance the capability to detect novel attacks and threats against the monitored infrastructure as well as to better understand the SOC capacity to investigate, resolve and communicate security incidents.

Please briefly describe the results your project achieved so far

The DiSIEM project just reached its midpoint, with the definition and development of a first version of the nine components considered in the architecture (see Deliverable 2.2, in the project website). Just to cite one example of a DiSIEM component, the consortium devised a service that collects and classifies security-related tweets, finding the ones that are potentially interesting for the SOC analysists, aggregating such information in Indicators of Compromise that are feed either to the SIEM, or to a threat intelligence platform like MISP.

What are the next steps for your project?

The components devised in the project will be integrated to SIEMs such as HP ArcSight, ATOS XL-SIEM, ElasticStack, and Splunk. After this integration, they will be validated in test and production environments provided by EDP, Amadeus, and ATOS, three industrial partners of the project.

 

Week: 
Monday, 19 March, 2018

Project type:

Events

27/11/2018 to 28/11/2018
Cyber Investor Days

On 27th and 28th November in Berlin, Germany, ECSO is organizing in collaboration with Secunet and TeleTrusT, the Cyber Investor Days.

The most promising European cyber security start-ups and SMEs will have an opportunity to pitch their solution and meet the influential German and international investors during strategic business matchmaking sessions.

CYBER INVESTOR DAYS will be officially opened by Andreas Koenen, Director General of the Cyber and Information Security Directorate at the German Ministry of Interior, and Clemens Kabel, Investment Director at IBB Investment.

13/12/2018 to 14/12/2018
Call for Papers: Halfway Through the Digital Single Market Strategy: “Bedrock of Trust” or illusion?

Call for Papers

The Law Faculty of the University of Lille cordially invites junior and senior researchers to participate in a conference held as part of the Horizon 2020 project “TRUESSEC.eu”, on the 13th and 14th December 2018. The conference will be hosted by the Law Faculty.