A Study on the Methods for Establishing Security Information Event Management

摘要

There has recently been emerging a global threat caused by the attack through multi-hacking technologies against the national infrastructure, industrial control system and enterprises, what's called cyber-hacking and cyber-attack on the cyber space like cyber war, for the sake of the nation and organization. Besides, APT (Advanced Persistent Threat) attack utilizing complex types of attack in order to attack a certain target brings about a tremendous chaos on a national and social level. Under such a situation, a necessity for ESM (Enterprise Security Management) is emphasized to establish multi-network enterprise security systems for a defense against an attack from outside and an efficient management. However, ESM analyzed and collected data, with the main focus on information security system-based security event and network sensor-based harmful traffic event without carrying out a function to analyze a general system and application log-based event. As far as an effective security detection is concerned, strategies for a systemic preparation and execution to actively solve the security issue are necessary by utilizing enormous big data occurring throughout the enterprise IT infrastructure sectors. In this regard, this study is to present a security log analysis system utilizing SIEM (Security Information & Event Management) system to cope with an advanced attack that the existing ESM can hardly detect. SIEM is going to analyze an association between data and security event occurring in major IT infrastructure facility network, system, applied services and a great deal of information security systems, and then to present the methods for identifying, in advance, potential security threat.