Idoia Aguirre , CEMITEC, Noain
Sergio Alonso , CEMITEC, Noain
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.153
Many preventive security measures have been proposed to protect network from cyber intrusions. Many of the adopted measures generate a large amount of information that should be stored and analyzed to enable response actions to detected attacks. A Security Information and Event Manager (SIEM) has become an indispensable tool to collect all of a system´s security-related information in a central repository. This can then be used for trend analysis and adoption of appropriate actions. In this article, we present a collaborative work approach between SIEMs of different trusted domains that share alarms and the consequent adopted countermeasures. These have been based on traffic patterns related to offered online services. The concept of sharing alarms and adopted measures in domains with similar profiles, intends to enhance a global view of the security and, by this way, facilitate decision-making for security domain administrators.
C.2.0.f Network-level security and protection, K.6.m.b Security, K.6.5 Security and Protection, K.4.4.f Security, D.4.6 Security and Privacy Protection, H.5.3.c Computer-supported cooperative work, I.2.1.c Decision support, H.3.5.b Data sharing
Idoia Aguirre, Sergio Alonso, "Improving the Automation of Security Information Management Tools. A Collaborative Approach.", IEEE Security & Privacy, , no. 1, pp. , PrePrints PrePrints, doi:10.1109/MSP.2011.153