The Study of Big Data on the Security Information Event Management （SIEM） for Safety of Enterprise Cloud Services

• Main Authors: WENG, WEI-CHIAN, 翁維謙
• Other Authors: CHIU, JIAN-JUNG
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/15742966615480082216

碩士 === 輔仁大學 === 科技管理學程碩士在職專班 === 104 === Security Information and Event Management (SIEM) is a new technology that integrates three sub-technologies: Log Management (LM), Security Information Management (SIM), and Security Event Management (SEM) with all their advantages. This study will start from the development of SIEM and go through the new technology which is traditional SIEM combines with big data architecture. The benefited to protect the security of enterprise cloud servier in current internet environment is also discussed. The relevant reports and literatures were collected, the development and definition of SIEM will be discussed in order to analyze how the big data architecture features the SIEM technology. Then the development of enterprise cloud service and the attacks from the internet were analyzed based on the the history of information security events as well as the financial loss for a company. After that, two different topics: the system developers and real enterprise applications for different conditions were discussed in this study. Based on the expert in-depth interviews to understand the position of information security and the strength or weakness of SIEM functions. Finally, a real case was described here to analysize the process of SIEM implement and the improvement of the information security on enterprise cloud service. Based on the results in this study, the SIEM implementation can be integrated with current information security system in the enterprise effectively. It is also easy to protect different platforms with other systems, applications programs, and cloud services. All data log files are normalized and managed by unique SIEM platform. The information security in the enterprise is improved effectively to detect the attack from the internet. The attack can be blocked by the configuration file automatically. Moreover, the threat can also be dig out by analyzing the dependence in the records. The SIEM can shorten the response time when there is an attack or threat in the system and reduce the financial loss for an enterprise.