Closing the loop of SIEM analysis to Secure Critical Infrastructures
This addresses security challenges for critical infrastructure operators, but appears incremental as it builds on existing SIEM systems.
The paper tackles limitations in Security Information and Event Management (SIEM) systems for critical infrastructure protection by proposing an enhanced system with novel components for multi-layer data analysis, conflict resolution, and network reconfiguration, and includes a Resilient Event Storage to ensure event integrity and unforgeability.
Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.