Author_Institution :
Lyle Sch. of Eng., Southern Methodist Univ., Dallas, TX, USA
Abstract :
Computer system log analysis should proactively support information security decisions of all types. These security decisions will likely include whether to update configurations, close ports, block access, patch systems, maneuver the system elements, or to do nothing because the risk is acceptable. In a world with Big Data, and a heterogeneous, distributed enterprise, log analysis can be difficult at best. There is so much data from a multitude of logs (e.g. event, application, and security) within the enterprise. On top of that, enterprises have varying configurations based on hardware, software, current patch level, and operating systems. Logs must track all of this data on all of these devices. The authors suggest that semantic technologies hold one key to providing a capability for proactive, and more meaningful, log analysis.
Keywords :
business data processing; data analysis; security of data; Big Data; block access decision; close port decision; computer system log analysis; distributed enterprise; information security decision; patch system decision; semantic hedgehog; semantic technology; update configuration decision; Correlation; Engines; Security; proactive defense; semantic web; syslog; triples;
