Abstract :
[en] Security in virtualised environments is becoming
increasingly important for institutions, not only for a firm’s
own on-site servers and network but also for data and sites
that are hosted in the cloud. Today, security is either handled
globally by the cloud provider, or each customer needs to
invest in its own security infrastructure. This paper proposes a
Virtual Security Operation Center (VSOC) that allows to collect,
analyse and visualize security related data from multiple sources.
For instance, a user can forward log data from its firewalls,
applications and routers in order to check for anomalies and
other suspicious activities. The security analytics provided by the
VSOC are comparable to those of commercial security incident
and event management (SIEM) solutions, but are deployed as
a cloud-based solution with the additional benefit of using big
data processing tools to handle large volumes of data. This allows
us to detect more complex attacks that cannot be detected with
todays signature-based (i.e. rules) SIEM solutions.
Scopus citations®
without self-citations
1
