SIEM approach for a higher level of IT security in enterprise networks

The threat of cyber-attacks grows up, as one can see by several negative security-news from companies and private persons. [7] Especially small-and-medium-sized enterprises (SME) are in focus of external attackers because they have not implemented sufficient security strategies and components for their networks yet. Additionally, tablets, smartphones, and netbooks changed the requirements of IT security rapidly. Today, there are several security components (e.g. anti-virus-system, firewall, and intrusion detection system) available to protect enterprise networks; unfortunately, they work independently from each other — isolated. But many attacks can only be recognized if logs and events of different security components are combined and correlated with each other. This possibility is offered by a security information and event management (SIEM) system. But nowadays these systems are very complex and expensive in deployment and maintenance ([12]). The SIMU project, funded by the BMBF [6] and presented in this paper, offers several features of a SIEM system with better handling and more efficient use in the SME environment.