DISIEM - Diversity Enhancements for SIEMs

Date: 
01/09/2016 to 31/08/2019

Introduction

DiSIEM is an EU-funded IA project that aims to extend existing SIEMs with a set of diversity-related components to improve their capacities. This includes components for user behavior analysis, threat intelligence, processing security feeds from the internet, and advanced visualization and security metrics dashboards, among others.

These components make heavy use of data mining, deep learning, and cloud integration, substantially enhancing the capabilities of existing SIEMs. The project considers the design of these components, their integration with four SIEMs, and their validation in three test and production environments.

Who is the project designed for?

All Security Operating Centres (SOCs) and SIEM operators in all market areas. The project is especially relevant for stakeholders that manage and maintain a large IT infrastructure that must be kept secure. The components were designed to be SIEM-independent, i.e., they can, in principle, be integrated with all existing SIEMs that support some basic extensibility features.

How is your project benefitting the end-user?

The main benefit offered by DiSIEM is a "buffet" of components that can enhance the threat monitoring and analysis of current SOCs. These components can substantially enhance the capability to detect novel attacks and threats against the monitored infrastructure as well as to better understand the SOC capacity to investigate, resolve and communicate security incidents.

Please briefly describe the results your project achieved so far

The DiSIEM project just reached its midpoint, with the definition and development of a first version of the nine components considered in the architecture (see Deliverable 2.2, in the project website). Just to cite one example of a DiSIEM component, the consortium devised a service that collects and classifies security-related tweets, finding the ones that are potentially interesting for the SOC analysists, aggregating such information in Indicators of Compromise that are feed either to the SIEM, or to a threat intelligence platform like MISP.

What are the next steps for your project?

The components devised in the project will be integrated to SIEMs such as HP ArcSight, ATOS XL-SIEM, ElasticStack, and Splunk. After this integration, they will be validated in test and production environments provided by EDP, Amadeus, and ATOS, three industrial partners of the project.

 

Week: 
Monday, 19 March, 2018

News

Call for experts for a group on liability and new technologies

The European Commission has launched a call for experts for a group on liability and new technologies. The deadline for application is 30 April 2018.

New technologies such as artificial intelligence, advanced robotics and the Internet of Things bring enormous opportunities in various fields (transport, healthcare, agriculture, manufacturing). At the same time they could raise challenges related to liability, which is why the Commission wants to initiate a discussion on the way forward.

The main tasks of the Expert Group will be:

Events

26/04/2018
Brussels - Concertation Meeting, 26/04/2018

The registration is open for the first Cyberwatching.eu Concertation meeting, Brussels, 26 April 2018.

08/05/2018
Free and Safe in Cyber Space conference

Free and Safe in Cyber Space conference aims at building a constructive dialogue and a critical mass of suitable actors around new dual-use cybersecurity standards and certifications and complaint open technologies and ecosystems.