Abstract

In the current digital era, information security has become a primary focus for organizationsworldwide. Rapid technological advancements have brought significant benefits but alsointroduced increasingly sophisticated cyber threats and attacks. One approach to addressing thesechallenges is through Security Information and Event Management (SIEM). SIEM integratesSecurity Information Management (SIM) and Security Event Management (SEM) to collect,analyze, and report security data from various network sources, enabling more effective detection,response, and management of security incidents. This study focuses on handling server attacksusing Wazuh SIEM as an early warning system. The methodology involves setting up a networktopology to detect Distributed Denial of Service (DDoS) attacks using SIEM, collecting andanalyzing log data, correlating data to identify threats, and responding to detected threats. Theresults indicate that SIEM is crucial in modern cybersecurity, providing real-time threat detectionand response capabilities. The system successfully detected and blocked 42 attacks during thetrial. In conclusion, SIEM offers greater security visibility and control, enabling organizations todetect and respond to complex security threats efficiently and effectively. Modern SIEM systems,equipped with advanced analytics and machine learning, can identify anomaly patterns and newthreats, thus strengthening an organization's cybersecurity defenses.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.