The massive use of Information and Communication Technologies has led to the interdependence of society with respect to them; added to the absence of efficient and effective controls at a general level, increases the exposure to cyberattacks or threats, to vulnerabilities in the information assets of organizations.
In this context, this article proposes a data analysis architecture using Big Data tools and security events or logs to improve event identification, integration, and correlation. The research methodology employed was exploratory and descriptive.
The proposed solution was developed using the Big Data processing phases proposed by Labrinidis and Jagadish, which enable the identification of cyber threats. The designed technological architecture was based on the integration of the Elastic Stack and its main components (Elasticsearch, Logstash, Kibana), and technologies such as Filebeat and Wazuh Security Detection (NIPS/HIDS), managing security across information assets such as communications equipment, data and application servers, database engines, and end-user terminals.
Its implementation would allow for real-time and historical monitoring of an agile and effective response to security alerts and status reports in the event of incidents.
Although some time has passed, I am sharing with you an abstract of my Master's Thesis (TFM) condensed into an academic paper, published in November 2021 along with professors from the Universidad Tecnológica ECOTEC, proposing a model for identifying threats by applying Big Data architectures.
INNOVA Research Journal, Universidad Internacional del Ecuador
November 2021, Published scientific article.
https://orcid.org/0000-0002-7994-3890
https://revistas.uide.edu.ec/index.php/innova/article/view/1860
Top comments (0)