Herramientas para la seguridad de la información. Sistemas SIEM. ESM McAfee

Sánchez García, Sergio (2021). Herramientas para la seguridad de la información. Sistemas SIEM. ESM McAfee. Proyecto Fin de Carrera / Trabajo Fin de Grado, E.T.S.I. de Sistemas Informáticos (UPM), Madrid.

Description

Title: Herramientas para la seguridad de la información. Sistemas SIEM. ESM McAfee
Author/s:
  • Sánchez García, Sergio
Contributor/s:
  • Sánchez López, Jesús
Item Type: Final Project
Degree: Grado en Ingeniería de Computadores
Date: July 2021
Subjects:
Freetext Keywords: Sistemas SIEM; Seguridad informática
Faculty: E.T.S.I. de Sistemas Informáticos (UPM)
Department: Sistemas Informáticos
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

[img] PDF - Users in campus UPM only - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (910kB)

Abstract

La seguridad ante posibles ataques y comportamientos maliciosos es uno de los aspectos más importantes que se debe de tener en cuenta en una empresa. Los ataques informáticos no dejan de aumentar día a día y cada vez son más potentes y peligrosos. Por esta razón, además de prepararse y protegerse de estos tipos de amenazas, es de gran importancia ser capaz de anticiparse a ellas. Para prevenir estas amenazas y protegerse de ellas, existen herramientas como los sistemas SIEM los cuáles son de gran ayuda para la seguridad informática de las organizaciones. Estos sistemas SIEM, dan soluciones para la detección inteligente de amenazas de seguridad que puedan aparecer dentro de la red de una organización. El objetivo de estos sistemas es que las empresas sean capaces de analizar los incidentes y responder con rapidez a ellos. Para ello, son necesarias herramientas capaces de realizar análisis continuos y en tiempo real de lo que está ocurriendo en los equipos y en la red para poder proteger a las empresas de riesgos o vulnerabilidades de seguridad. En el proyecto se ha realizado una introducción sobre la historia y el “Estado del Arte”. Se ha analizado el funcionamiento de los sistemas SIEM y se realiza una demostración de un caso de uso real para una empresa, para así conocer de primera mano como funciona un sistema SIEM ante un incidente o peligro detectado. Por último, se ha realizado un estudio comparativo de diferentes herramientas SIEM. Abstract: Security against possible attacks and malicious behavior is one of the most important aspects that must be taken into account in a company. Computer attacks continue to increase day by day and are becoming more powerful and dangerous. For this reason, in addition to preparing for and protecting from these types of hreats, it is of great importance to be able to anticipate them. To prevent these threats and protect against them, there are tools such as SIEM systems which are of great help for the IT security of organizations. These SIEM systems provide solutions for the intelligent detection of security threats that may appear within an organization's network. The objective of these systems is for companies to be able to analyze incidents and respond quickly to them. To do this, tools capable of conducting continuous and real-time analysis of what is happening on the equipment and on the network are necessary in order to protect companies from security risks or vulnerabilities. In the project an introduction has been made about history and the "State of the Art". The operation of SIEM systems has been analyzed and a demonstration of a real use case for a company is carried out, in order to know first-hand how a SIEM system works in the event of a detected incident or danger. Finally, a comparative study of different SIEM tools has been carried out. Security against possible attacks and malicious behavior is one of the most important aspects that must be taken into account in a company. Computer attacks continue to increase day by day and are becoming more powerful and dangerous. For this reason, in addition to preparing for and protecting from these types of threats, it is of great importance to be able to anticipate them. To prevent these threats and protect against them, there are tools such as SIEM systems which are of great help for the IT security of organizations. These SIEM systems provide solutions for the intelligent detection of security threats that may appear within an organization's network. The objective of these systems is for companies to be able to analyze incidents and respond quickly to them. To do this, tools capable of conducting continuous and real-time analysis of what is happening on the equipment and on the network are necessary in order to protect companies from security risks or vulnerabilities. In the project an introduction has been made about history and the "State of the Art". The operation of SIEM systems has been analyzed and a demonstration of a real use case for a company is carried out, in order to know first-hand how a SIEM system works in the event of a detected incident or danger. Finally, a comparative study of different SIEM tools has been carried out.

More information

Item ID: 68233
DC Identifier: https://oa.upm.es/68233/
OAI Identifier: oai:oa.upm.es:68233
Deposited by: Biblioteca Universitaria Campus Sur
Deposited on: 19 Aug 2021 15:21
Last Modified: 18 Nov 2022 11:16
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM