Cheryl Ann Alexander^1,, Lidong Wang²

Today, with technology exploding in every organization, massive amounts of data are being generated, thus, approaches to processing such huge amounts of data are necessary and key to threat detection and cybersecurity. Currently, artificial intelligence (AI)/machine learning (ML), and cyber automation help to process these huge amounts of data, however, much of the data is unstructured and unlabeled and can be a considerable challenge for off-the-shelf AI/ML. This paper introduces cybersecurity data sources; the functions, features, limitations, and future trends of security information and event management (SIEM); potential enhancements of future SIEM; offense data and defense data; and data sources and AI for SIEM. Cybersecurity data sources and practices are also discussed in a large medical center as a case study. Data sources in healthcare can be internal or external. Offensive and defensive strategies must include where the data comes from and how the data is used. A future enhancement of SIEM is beneficial such as improving prediction, detection, correlation, and reaction capabilities. Networks are the platform of cyber data sources and practices (such as data storage and transfer), networked medical equipment, health monitoring, SIEM, and even malicious attacks. A key to robust cybersecurity is to enhance the security of computer networks.

cybersecurity, network, offense data, defense data, Internet of things (IoT), Internet of medical things (IoMT), artificial intelligence (AI), machine learning (ML), healthcare