Employing Replay Connectors for SIEM Operator Education

Abstract

Security Information and Event Management (SIEM) solutions are a critical information systems security control for monitoring, assessing, and reacting to cyber threats in near real-time. A given SIEM solution, however, is not a simple plug-and-play, drop-in, security device. On the contrary, a successful implementation requires configuration tailored to the specifics of a target network, as well as operators who are very knowledgeable of both the SIEM's functionality and the characteristics of network/data-center events. This thesis will lay the framework for SIEM operator education via use of pre-captured network/data-center events (i.e., network traffic and device log information). The desired outcome is a repeatable framework that can be utilized by organizations interested in deploying more technically savvy SIEM operators. The framework will be empirically demonstrated with a SIEM learning lab developed for HP's ArcSight SIEM.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2013
Accession Number
ADA589469

Entities

People

  • Wong W. Keat

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computer Networks
  • Computers
  • Cyber Threats
  • Cyberattacks
  • Data Centers
  • Databases
  • Detection
  • Education
  • Graphical User Interface
  • Infrastructure
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Architecture
  • Network Topology
  • Operating Systems
  • Personal Computers
  • Security

Readers

  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber