BIBLIOS

Tipo
Artigos em Conferência

Tipo de Documento
Artigo Completo

Título
A Cost-Effective Cloud Event Archival for SIEMs

Participantes na publicação
Adriano Serckumecka (Author)
Dep. Informática
LASIGE
Iberia Medeiros (Author)
Dep. Informática
LASIGE
Bernardo Ferreira (Author)
Dep. Informática
LASIGE
Alysson Neves Bessani (Author)
Dep. Informática
LASIGE

Resumo
Security Information and Event Management (SIEM) systems have been adopted by organizations to enable holistic monitoring of malicious activities in their IT infrastructures. SIEMs receive events from diverse devices of the organization's IT infrastructure (e.g., servers, firewalls, IDS), correlate these events, and present reports for security analysts. Given the large number of events collected by SIEMs, it is costly to store such data for long periods. Since organizations store a relatively limited time-frame of events, the forensic analysis capabilities severely become reduced. This concern limits the organizations' ability to store important information about the past cybersecurity-related activity, limiting forensic analysis. A possible solution for this issue is to leverage public cloud storage services, exploiting their low cost and "infinite" scalability. We present SLiCER an archival system for long-term storage that makes use of a multi-cloud-based storage system to guarantee data security and ensures cost-effectiveness by grouping events in blocks and using indexing techniques to recover them. The system was evaluated using a real dataset and the results show that it is significantly more cost-efficient than competing alternatives.


Instituição
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Evento
2019 38th International Symposium on Reliable Distributed Systems Workshops (SRDSW)

Identificadores da Publicação
ISBN - 9781728142555

Local
Lyon, France

Editora
IEEE

Identificadores do Documento
DOI - https://doi.org/10.1109/srdsw49218.2019.00013
URL - http://dx.doi.org/10.1109/srdsw49218.2019.00013