Abstract:

Threat Management embodies the operational activities organizations undertake to minimize the damage from attacks targeting their enterprise. These activities include protection, discovery, assessment, detection, response and early warning. Most organizations currently perform these activities to some degree. However, typically they are performed as disjointed processes, which results in an ineffective Threat Management program. In the current paper we present new design for threat management support systems based on correlation of security event collected from different sensors produced by different vendors. The advantage of this system, is of being vendor independent in which it operates with any current “known” software and hardware alert products.