Main goal of the SIMU-project was the development of a system, similar to SIEM, which significantly improves IT security in a corporate network without making great effort. In addition to its easy integration into IT infrastructures of small and medium sized enterprises (SME) and its easy traceability of relevant events and processes in the network, it can be realized without great effort of configuration, operation and maintenance. On the functional level SIMU works like SIEM systems which means it monitors processes and events within the corporate network and automatically initiates proactive real-time measures to improve security.
The target SIMU system was to be built on standardized languages and models as far as possible. Thereby, modular tools were used for the collection and analysis of events and for rule management. The core of SIMU has been built by the following elements:
- IF-MAP-Clients as collectors with uniform and standardized transport
- Standardized metadata models for modelling respective networks
- Comprehensible IF-MAP graph to support an intuitive rule creation process
The IF-MAP specification is disseminated on a continuously greater scale due to rapid growth of the Trusted Computing Group (TCG). Meanwhile giants of the network and IT industry can be found among its members e.g. Microsoft, Cisco Systems, Enterasys and Juniper. This growth panders to reach a critical mass which facilitates the use of the IF-MAP protocol substantially in practice. IF-MAP Clients are not only designed for network components by their providers but they are also already available for several additional services (DHCP, RADIUS, Snort, Nagios, Android etc.). In order to be able to use the advantages of the homogeneous transport of events for a SIEM system in SME without great effort the remaining gap of IF-MAP Clients to be implemented needs to be closed.
The following Use-Case Demonstration video shows how the SIMU components were implemented into the testbed. For further information, please visit www.simu-project.de