New approach for threat classification and security risk estimations based on security event management

Abstract

Security Information and Event Management (SIEM) systems are essential for identifying cyber attacks, being an extended practice in organizations to detect threats, vulnerabilities and to estimate security risks. The management of events and information related to security is done through systems that provide all the information, processing different data sources. The developing of alternative models that provide complementary information to commercial solutions, based on the same data sources, is presented as a novel and interesting challenge, not only for organizations, but also for the scientific community. This paper presents a new system to classify security threats, computing their criticality according to the Bug Bar technique, with the aim of addressing threats in order of priority. High correlations were achieved between severity risk values achieved from commercial systems and results computed by the new approach. Accordingly, the new proposal could complement the information of SIEM systems, and help in the prediction of criticalities of future threats.