an approach to an elastic platform for security events analisys and prediction
TRANSCRIPT
Autores: { José Lucas | Marco Teixeira | Rui Teixeira }
Email: { a59499 | a36878 | a59619 }@alunos.uminho.pt
UC: Infraestruturas de Tecnologias de Informação
Docente: Henrique Santos - [email protected]
An approach to an elastic platform for security events analisys and prediction
Valoriza-te!!!
Business Intelligence Services – Can be replicatedacross several geographic locations, providing instantdisaster recovery capabilities and on-demand humananalysts outsourcing
Security devices – No theorical limit for the number of devicessecured. That’s the idea behind the word “elastic”. Supportingedge security devices, software daemons and virtually any kindof system that can send messages about security events
An elastic block storage cluster without the need for ametadata coordinator. Every single system on the clusteris able to provide storage services. Performance andresilience is assured by the distributed file system.Capacity for dynamic growing volumes allows for realtime volume elasticity and disaster recovery capabilities.
The DB CLUSTER olds all the databases needed formessage storage, data-wharehousing, OLAP data andrealtime ETL via stored-procedures amoung othertechnologies. Like all the other clusters it’s self adaptivetrigering new instances as load requires it. Storage of thedatabase files are done via a local driver that exports thedatabase volume from the BLOCK STORAGE CLUSTER.
The SYSLOGD CLUSTER faces the publicinternet where it receives messages fromsecurtity devices. The cluster is self adaptivetrigering new instances as load requires it.Cluster systems can be geo-distributed or usedin an anycast configuration for load balancing ofincoming traffic. Messages are stored on theDB CLUSTER via an SQL data connection