of information The first step to achieving the goal is collecting information for SIEM. The main sources are log files from various network infrastructure systems, from firewalls and switches to servers and user workstations. Generally speaking, absolutely any information can be loaded into SIEM, the main thing is that it can help you identify threats and prevent their implementation, so the question of choosing a set of sources is quite non-trivial and can be decided individually within a separate company. The basic set of sources consists of the following systems: IPS, IDS (Intrusion Detection System), network equipment, vulnerability scanners, server and workstation logs, access control systems, antiviruses.
Log processing of information
MAD concept of deterrence job function email database does not apply to cyber warfare
A new world war may have already begun, but we simply do not notice it. The reason may be that the essentially new military actions in cyberspace are unfolding beyond the limits of visibility in places that are accessible only to the initiated. But even the latter are not always clear who the participants in the war are.
The destruction that is the normal aftermath of warfare is just as dimly visible, and the only way to feel it is when that war spreads to the networks you use. You might just notice that your internet connection is slower than usual.
That was the main takeaway from a panel discussion at
Tthe Carnegie University Colloquium in Pittsburgh, Pennsylvania, on December 2. The stated theme of the conference, “The Future of the Internet: Power and Conflict,” was “cyber deterrence through denial and the vulnerability debate.” Despite the wordiness of the phrase, the panelists were, in fact, discussing a possible way to wage cyber war.
The question facing the experts was whether the idea of deterrence, which played a major role in preventing nuclear conflict do you need to protect your customer base and from what? after World War II, could work in the aero leads case of cyber warfare. The general consensus is that it no longer works, mainly because in cyber warfare it is difficult, if not impossible, to identify the specific person or organization responsible for a cyber attack.
