Summary
Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and correlate the obtained events to discover possible threats (attacks, vulnerabilities, etc.) to the organization. The DiSIEM project aims to enhance existing SIEM systems with diversity-related technology. More specifically, we want to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open-source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.
Unfold all
/
Fold all
More information & hyperlinks
| Web resources: | https://cordis.europa.eu/project/id/700692 |
| Start date: | 01-09-2016 |
| End date: | 31-08-2019 |
| Total budget - Public funding: | 4 020 018,75 Euro - 3 445 875,00 Euro |
Cordis data
Original description
Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and correlate the obtained events to discover possible threats (attacks, vulnerabilities, etc.) to the organization. The DiSIEM project aims to enhance existing SIEM systems with diversity-related technology. More specifically, we want to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open-source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.Status
CLOSEDCall topic
DS-04-2015Update Date
27-10-2022
Images
No images available.
Geographical location(s)
Structured mapping
Search
Organisations
-
| FCIENCIAS.ID - ASSOCIACAO PARA A INVESTIGACAO E DESENVOLVIMENTO DE CIENCIAS (Coördinator)
-
| AMADEUS IT GROUP SA
-
| ATOS SPAIN SA
-
| CITY UNIVERSITY OF LONDON (CITY)
-
| DIGITALMR LIMITED
-
| EDP - ENERGIAS DE PORTUGAL SA
-
| FACULDADE DE CIENCIAS DA UNIVERSIDADE DE LISBOA
-
| FRAUNHOFER GESELLSCHAFT ZUR FOERDERUNG DER ANGEWANDTEN FORSCHUNG E.V.
-
| FUNDACAO DA FACULDADE DE CIENCIAS DA UNIVERSIDADE DE LISBOA FP