The main results emanating from this project will be the design and implementation of several components:
- Techniques and tools for analysing, evaluating and guiding the optimal deployment of diverse security mechanisms in the managed infrastructure, including multi-level risk-based metrics.
- An OSINT-based security threat predictor.
- A rich set of enhanced interactive visualisations for improving the quality of the decision support of security analysts operating a SIEM.
- A framework for deploying diverse and redundant sensors.
- A novel application-based anomaly detector for complementing other sensors and detect fraud in application servers.
- Components that allow for long-term event archival in diverse clouds.
By choosing the extension approach instead of developing a new SIEM (or expecting vendors to change their systems to accommodate our enhancements), we expect to foster innovation much faster, and maximize the impact and business potential of the project results.