Security Event Management (SEM) with CEP (Part 6) – Realizing SEM with CEP

Security Event Management (SEM) with CEP (Part 6) – Realizing SEM with CEP

In Part 6 in this series, Security Event Management (SEM) with CEP, we look at how CEP can be used to help security experts meet the 5 principles of SEM. In my earlier tutorial series, What is Complex Event Processing?. we reviewed a functional reference architecture for CEP, illustrated below.

Event Processing Reference Architecture

From the discussion and the illustration above, we can summarize how CEP can easily be used as the framework for implementing SEM:

  1. ESB/Messaging Infrastructure – Many state-of-the-art CEP solutions use a secure, standards-based communications infrastructure for distributed event management. This is the most effective way to normalize and manage heterogenous events from many distributed SEM event sources;
  2. Strong Analytics – Many CEP implementations have extensible event-driven analytics to detect and refine threat-related situations using state-of-the-art techniques like rules-engines, Bayesian networks, neural networks and more;
  3. EDA – State-of-the-art CEP architectures use standard-compliant messaging, alerts and automated responses to kick off workflow, compliance and other remediation and BPM activities;
  4. Custom Reporting – Most CEP software applications ofter customizable dashboards. Reports are easily customized with a variety of state-of-the-art graphical studios, including AJAX-based user interfaces; and,
  5. Scaleable, Distributed Architecture – As illustrated in the CEP reference architecture, event-driven, cooperative agents can be configured to process to millions events in a heterogeneous, distributed architecture.

The recent FSA announcement by Mark Palmer and team at Apama that the FSA will be using Apama’s CEP platform for Sabre 2, their next-generation, real-time market surveillance and market abuse detection system, shows that the CEP vendors are heading in the right direction!

So, in closing, if you need to build a robust, state-of-the-art fraud, misuse, or intrusion detection system based on the 5 principles of SEM, CEP can help! Congratulations Apama!

Copyright © 2007 by Tim Bass, All Rights Reserved.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: