This research effort identifies attributes of distributed event
correlation which make it desirable for security event detection,
and evaluates those attributes in a comparison with a centralized
alternative. Event correlation is an effective means of detecting
complex situations encountered in information technology
environments. Centralized, database-driven log event correlation is
more commonly implemented, but suffers from flaws such as high
network bandwidth utilization, significant requirements for system
resources, and difficulty in detecting certain suspicious
behaviors. This analysis measures the value in distributed event
correlation by considering network bandwidth utilization, detection
capability and database query efficiency, as well as through the
implementation of remote configuration scripts and correlation of
multiple log sources. These capabilities produce a configuration
which allows a 99% reduction of network syslog traffic in the
low-accountability case, and a significant decrease in database
execution time through context-addition in the high-accountability
case.
General
Imprint: |
Biblioscholar
|
Country of origin: |
United States |
Release date: |
October 2012 |
First published: |
October 2012 |
Authors: |
Justin Myers
|
Dimensions: |
246 x 189 x 12mm (L x W x T) |
Format: |
Paperback - Trade
|
Pages: |
216 |
ISBN-13: |
978-1-249-58687-6 |
Categories: |
Books >
Social sciences >
Education >
General
|
LSN: |
1-249-58687-9 |
Barcode: |
9781249586876 |
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!