For companies around the world, cybercrime remains a prevalent threat. According to HelpNetSecurity, 73% of company security experts expect to experience a major security breach within a year. In fact, according to IT Governance, in June 2020 alone, European companies saw no fewer than 92 security incidents, which accounted for at least over seven million breached records.
With these numbers in mind, it’s easy to understand why former IBM CEO Ginni Rometty referred to cybercrime as ‘the greatest threat to every company in the world’.
So, what are companies doing to mitigate the threat? For starters, they’re spending a lot of money. According to a report by the International Data Corporation, spending on security, hardware, software, and services in Europe reached $27.3 billion (around EUR 23.2 billion) in 2019 – an increase of 8.3% over 2018. By 2022, European companies are expected to spend over EUR 35 billion on security solutions.
A lot of this money is being spent on security information and event management (SIEM) systems, which have emerged as the gold standard in cybersecurity.
“SIEM systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society,” says Alysson Bessani, associate professor at Faculdade de Ciências, University of Lisbon, and coordinator of the EU-funded DiSIEM project. “These systems use an array of sensors and tools to monitor infrastructures and discover possible threats to the organisation.”
The problem with SIEM systems is that they are extremely expensive to implement and operate in an effective way. To mitigate these shortcomings, the DiSIEM project set out to improve the SIEM systems already in production.
“The project aimed to make these SIEMs smarter by extending such systems in several directions,” adds Bessani. “By considering diverse sources of information and threat sensors, we aim to improve the cybersecurity capabilities of European organisations.”
Enhancing the effectiveness of SIEM systems
To accomplish its goal, the DiSIEM project focused on a number of core improvements. For example, using advanced machine learning techniques, researchers were able to give SIEMs the ability to filter collected data from Twitter and blogs, aggregate related information, inspect text, and create machine-readable information.
These techniques were supported by new visualisation tools that show the huge amount of collected information in a way that security analysts can easily get new insights from. The project also contributed to the development of new solutions for the secure storage of big data and analytical models for predicting threats.
“Ultimately, we developed new information processing, storage, and visualisation tools capable of enhancing the effectiveness of SIEM systems,” explains Bessani.
From research to real life
The DiSIEM solutions were successfully tested at the security operation centres of EDP and Amadeus, two major companies operating critical infrastructures. Since testing, both companies have continued to use several of the DiSIEM components.
“EDP is using our hierarchical risk assessment tool to provide global risk information to C-level managers,” concludes Bessani. “Thanks to our solutions, Amadeus has improved its ability to prevent internet robots from stealing their data – resulting in a significant cost savings for the company.”
Although the project is now over, its work continues. For example, the project launched a spin-off company to help commercialise its multi-cloud secure storage system. Called Vawlt, the start-up has already secured over a half a million euros in pre-seed funding from Armilar Venture Partners and currently employs five people (including three researchers from the DiSIEM project).