Identificación de amenazas informáticas aplicando arquitecturas de Big Data

The massive use of Information and Communication Technologies has caused the interdependence of society with respect to them; added to the absence of efficient and effective controls at a general level, they increase the exposure to attacks or computer threats, to vulnerabilities in the information assets of the organizations. In this context, this article proposes a data analysis architecture through Big Data tools using events or security logs, which allow to improve the identification, integration and correlation of events. The methodology of the supported research was characterized as exploratory and descriptive. For the development of the proposed solution, the phases of Big Data processing proposed by Labrinidis & Jagadish were used, allowing the identification of computer threats. The technological architecture designed was based on the integration of Elastic Stack and its main components (Elasticsearch, Logstash, Kibana), and technologies such as Filebeat and Wazuh Security Detection (NIPS / HIDS), managing security in information assets such as communications equipment, data and application servers, database engines, and end-user terminals. Its implementation would allow real-time and historical monitoring of an agile and effective response to security alerts and incident status reports.