Cyber Security Monitoring And Network Intrusion Detection Systems

970 Words4 Pages
Implementation Cyber Security Monitoring To perform adaptive cyber-security analytics using a computer implemented method that includes receiving a report on a network activity, It works as follows, a scoring method is used wherein a score responsive to the network activity is calculated. The score indicates a likelihood of security breach. The score is validated and the scoring model is automatically updated responsive to results of the validating. If the score falls within a threshold value of a security violation rule, the network activity is reported as suspicious. This basically relates generally to cyber-security monitoring, and more particularly to monitoring incoming security events to determine if any activity is violating…show more content…
(Amini et al., 2015) Security Information and Event Management (SIEM) SIEM provides services which can be broadly categorized in two parts: 1. Security event Management (SEM): Incident management and real time monitoring for all the security related events ranging from networks, and other devices and applications. 2. Security Information Management (SIM): It includes compliance reporting and management of logs. SEM and SIM together serves 3 primary use cases i.e. Compliance, Threat management and the deployment of mixture of both. Source: SIEM capabilities includes the following: • Data aggregation: aggregating data from various sources like, networks, servers, databases etc. provides ability to consolidate monitored data which might help in avoiding crucial events. • Correlating Data: SIEM is also used to co- relate data from various source to deduce a meaningful information from it. • Alerting: It is also used to alert or notify recipients of immediate issues pertaining to correlated events. • Dashboards creation: Tools used for SIEM, take event data and transforms that part to charts and graphs, which is used to identify and then detect any abnormal patterns. • Compliance: It is also capable to generate reports used for auditing processes, by gathering data related to compliance. • Data Retention: SIEM also includes employing storage of long-term,
Open Document