Securing computer networks using cyber analytics

Abstract

Cyber threat environment has changed drastically over the past few years. Attacks are increasing in sophistication. Organizations use various security tools for keeping them secure. Still, many organizations face data breaches. To keep up with changing landscape of the threats there is a need to have a well-equipped Security Operation Centre (SOC). SOC contains people, processes and technology. Organizations invest a lot in security devices (technology). Inadequacy of the tools makes them suffer through huge losses. There are various independent security tools available for securing networks. These tools are area specific and generate alerts for few specific attack scenarios. For detecting widespread attack scenarios, there is a need of correlation of alerts generated by various tools. SIEM addresses the need of central management and correlation of alerts. This thesis provides the evaluation criteria for selecting the best suitable SIEM solution according to organization’s needs. Also, it tests SIEM for various context-aware and behavioral analysis test cases which highlights its incapability of handling advance cyber-attacks. Furthermore, it proposes a solution for handling advance cyber-attacks based on their contextual information and behavior. The proposed solution once integrated with SIEM would help in central management of alerts for known signature based attacks and would generate alerts for advance cyber-attacks.