SIMU project – using IF-MAP Clients

Main goal of the SIMU-project was the development of a system, similar to SIEM, which significantly improves IT security in a corporate network without making great effort. In addition to its easy integration into IT infrastructures of small and medium sized enterprises (SME) and its easy traceability of relevant events and processes in the network, it can be realized without great effort of configuration, operation and maintenance. On the functional level SIMU works like SIEM systems which means it monitors processes and events within the corporate network and automatically initiates proactive real-time measures to improve security.

The target SIMU system was to be built on standardized languages and models as far as possible. Thereby, modular tools were used for the collection and analysis of events and for rule management. The core of SIMU has been built by the following elements:

  • IF-MAP-Clients as collectors with uniform and standardized transport
  • Standardized metadata models for modelling respective networks
  • Comprehensible IF-MAP graph to support an intuitive rule creation process

The IF-MAP specification is disseminated on a continuously greater scale due to rapid growth of the Trusted Computing Group (TCG). Meanwhile giants of the network and IT industry can be found among its members e.g. Microsoft, Cisco Systems, Enterasys and Juniper. This growth panders to reach a critical mass which facilitates the use of the IF-MAP protocol substantially in practice. IF-MAP Clients are not only designed for network components by their providers but they are also already available for several additional services (DHCP, RADIUS, Snort, Nagios, Android etc.). In order to be able to use the advantages of the homogeneous transport of events for a SIEM system in SME without great effort the remaining gap of IF-MAP Clients to be implemented needs to be closed.

The following Use-Case Demonstration video shows how the SIMU components were implemented into the testbed. For further information, please visit www.simu-project.de

DECOIT GmbH

Open Source. Open Solutions. Open Strategies.
We are a German IT solution provider that optimizes, secures and maintains IT infrastructure for small and medium sized enterprises. Being specialized in Open Source software we offer our customers manufacturer-neutral IT consulting, conception, and implementation of system management solutions and software consulting and development. Two further significant fields of activity are research in the area of IT security and product development.
We are highly experienced in developing security concepts and policies for enterprises and providing innovative security solutions for network and application layer. These include security components like firewalls, proxies, virtual private networks, intrusion detection systems, log-tools, encryption, security information and event management, and trusted computing. Additionally, we develop new innovative security solutions in different R&D projects based on Open Source technology. Several case studies in different security areas have also been worked on.

Newsletter Subscribe