VSOC - A Virtual Security Operating Center

Falk, Eric; Fiz Pontiveros, Beltran; Repcek, Stefan; Hommes, Stefan; State, Radu; Sasnauskas, Raimondas

Reference : VSOC - A Virtual Security Operating Center


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Computational Sciences
	To cite this reference:	http://hdl.handle.net/10993/33764

Title :	VSOC - A Virtual Security Operating Center
Language :	English
Author, co-author :	Falk, Eric [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Fiz Pontiveros, Beltran [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Repcek, Stefan []
	Hommes, Stefan [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	State, Radu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Sasnauskas, Raimondas [SES Engineering]
Publication date :	7-Dec-2017
Journal title :	Global Communications
Publisher :	IEEE
Peer reviewed :	Yes
Audience :	International
Abstract :	[en] Security in virtualised environments is becoming increasingly important for institutions, not only for a firm’s own on-site servers and network but also for data and sites that are hosted in the cloud. Today, security is either handled globally by the cloud provider, or each customer needs to invest in its own security infrastructure. This paper proposes a Virtual Security Operation Center (VSOC) that allows to collect, analyse and visualize security related data from multiple sources. For instance, a user can forward log data from its firewalls, applications and routers in order to check for anomalies and other suspicious activities. The security analytics provided by the VSOC are comparable to those of commercial security incident and event management (SIEM) solutions, but are deployed as a cloud-based solution with the additional benefit of using big data processing tools to handle large volumes of data. This allows us to detect more complex attacks that cannot be detected with todays signature-based (i.e. rules) SIEM solutions.
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/33764

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	vsoc-preprint.pdf		Author preprint	909.04 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices