Partial rule security information and event management concept in detecting cyber incidents

摘要

Information communication technologies are evolving rapidly and have huge impact on everyday life. This does not come without dangers, i.e., it is actively followed by wide range of malicious activities that impact the companies forcing them to protect their information at all costs. Cyber attacks today are usually consisting of multiple carefully planned hardly detectable steps causing severe damage to companies. This paper examines the capability of security information and event management (SIEM) system with applied partial rules in detecting the multi-step attacks. Fine tuning was focused on detecting partial attack patterns that were important and specific to environment and positive results were gained. The results show that when using the partial rule approach in SIEM for incident detection, the number of detected advanced multistage cyber attacks has increased, thereby contributing to the overall security in cyber space.