Network security is an integral part of any modern IT -Infrastructure. Recent trends show an increasing frequency and complexity of attacks in corporate IT systems. This makes the protection of these computer networks more complicated. The analysis of a single system is often not enough to detect all weaknesses, since the majority of prevalent weaknesses result from the interaction of multiple systems. Additionally, attackers are harder to defend against because they are performing more targeted attacks and use ever more sophisticated methods and hacking tools. A modern security system must be prepared against these challenges and must fulfill stringent requirements for high security of its IT-Infrastructure.
The HPI Real-time Event Analysis and Monitoring System (REAMS) is an implementation of such a security system. It has a variety of Gatherers that together create a comprehensive and unified dataset of network and event information used for more complex calculations. The enormous amounts and complexity of gathered data have severely limited the development of such systems in the past. Now, by making use of in-memory databases, such as SAP HANA, and multi-core processing, the REAMS is capable of processing information in quantities previously not possible. On top, efficient analysis algorithms and modern visualization techniques on the dataset support IT-security experts in their difficult task of keeping companies’ networks safe from attackers.