Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Use of generic security event data for specific threat monitoring

 
: Elsner, T.; Meier, M.

Thoma, K. (Ed.); Häring, I. (Ed.); Leismann, T. (Ed.) ; Fraunhofer-Institut für Kurzzeitdynamik, Ernst-Mach-Institut -EMI-, Freiburg/Brsg.:
9th Future Security 2014. Security Research Conference : September 16 – 18, 2014, Berlin; Proceedings
Stuttgart: Fraunhofer Verlag, 2014
ISBN: 978-3-8396-0778-7
ISBN: 3-8396-0778-7
S.453-460
Security Research Conference "Future Security" <9, 2014, Berlin>
Englisch
Konferenzbeitrag
Fraunhofer FKIE

Abstract
Interconnected networks face a broad variety of threats, some – especially when targeting valuable enterprise networks – highly specialized and sophisticated. To counter those threats, enterprise network operators rely on security equipment to monitor network traffic for anomalies that may indicate attacks or other security violations. However, as new kinds of threats emerge continuously, keeping the network’s line of defense up-to-date requires increasing amounts of both technical and human resources, as these new threats often defy existing monitoring capabilities. In this paper, we present our approach for distributed and cooperative threat monitoring based on monitoring equipment available in corporate networks, with detection capabilities far beyond the scopes of the utilized monitoring equipment. We discuss the suitability of our approach even for the detection of fast-evolving threats and how the seamless integration into and a more efficient use of existing security infrastructures helps increasing the protection level at low operational costs.

: http://publica.fraunhofer.de/dokumente/N-360565.html