Although a fundamental tool in modern Security Operations Centres, current SIEMs have many limitations on the methods and means they use to collect events, store data and report information.
The cornerstone of the DiSIEM project is the use of scalable information extraction and machine learning algorithms and tools to extract information from multiple big data sources (sensors in the monitored infrastructures, open-source intelligence, social networks, security news feeds, advisory organisations, etc.) and feed SIEMs with it for threat prediction and enhanced risk assessment, aided by probabilistic methods and advanced visualisation tools.
DiSIEM wants also to equip existing SIEM systems with the capability of evaluating diverse configurations of monitoring and protection devices, novel application-based misuse detection and secure cloud-backed long-term archival of selected events.
The DiSIEM components can be applied to any existing SIEM that supports custom connectors and provides access to the event store.
DiSIEM components can be used either individually or together, broadening the scope in which the project results can have impact.
DiSIEM components will be validated in production environment for three large organisations: an electricity utility company (EDP), a large travel services company (Amadeus) and a SIEM and security provider (Atos).
The DiSIEM exploitation business model considers components that will be supported by partners offering services to SIEM operators (DigitalMR, Atos), internally by partners operating large SIEM (Amadeus, EDP) and startup initiatives created primarily from the research and development partners (FFCUL, CITY, FHG).
The project is organised in 6 technical work packages and 3 additional work packages for ethics, dissemination, exploitation and management activities.
The project will run for three years, starting in September 2016, with an overall budget of around four million euros.
The consortium will be assisted and advised by an advisory board including representatives from public and private sectors.