Network Intrusion Detection: SIEM with Snort and Splunk

Network Intrusion Detection: SIEM with Snort and Splunk

Poster 225

In recent years, there has been a considerable uptick in various cyberattacks. In recent years, there has been an increasing trend for Distributed Denial of Service (DDoS), ransomware, botnets, and Advanced Persistent Threats (APTs), among other attacks. The there has also been an increase in peak size and frequency for DDoS attacks. Cyber threats are evolving to bypass traditional or legacy security systems. In past iterations, cyberattacks contain a malicious digital signature. Traditional systems would be trained to recognize these digital signatures, alert security analysts, log the threat, and block it from entering the system. This model was sufficient to protect business networks from external attacks. Cyberattacks have become more sophisticated, especially through the application of different Artificial Intelligence (AI) principles. Novel cyberattacks have the ability to mask digital signatures or have unknown signatures, allowing them to circumvent traditional security models. Traditional security devices are becoming obsolete with newer waves of cyberattacks. Newer devices are needed to protect networks from novel attacks. Security Information and Event Management (SIEM) devices are an advancement for cybersecurity to counter novel attacks. SIEMs give security analysts the ability to centralize security logs, generate system-wide alerts, and analyze anomalies within the network. SIEMs work in conjunction with security devices to create an overarching security network.