Security vs Response (part 2)
Continues...
Intrusion response
One of the most vital elements in this process is the ability for a fully automated or semi-automated (decision-aided) response following an alert detection.
It is unreasonable to expect a large system like a CIS to be manned at all hours, or to have a human being examine and respond to every threat. Equally, it is not good enough to have an automated response that is too limited, simply quarantining a virus or shutting down the system is too generic a response.
In a world full of asymmetric, rapidly changing threats, the behaviour of system security must be more complex if it is to swiftly handle a wide range of incidents and respond appropriately.
Utilising Erudine’s Behaviour Engine technology, EADS has developed pioneering rapid reaction-decision components that can be integrated within existing systems or packaged with its own security solutions.
Building with the Behaviour Engine
The Behaviour Engine allows the rapid capture of the complex decision logic used to respond to incidents, contextualised to the customer’s specific environment. Once captured, this behaviour is used to determine the impact of attacks on business services, evaluate the relevant actions in response to an alert, and establish whether manual authorisation is required for the relevant response. In this way, the response component allows complex decision support and fully autonomous incident resolution.
In the face of frequently changing threats and increasingly dangerous computer viruses, Erudine’s Behaviour Engine can learn or be shown the responses to new types of incident. As soon as a new threat is identified and the correct response established, it is a quick and simple process to add the new behaviour and ensure systems are protected against the latest dangers.
And because customer’s communication systems are based on a huge variety of architectures and technologies, the Behaviour Engine decision module is designed to integrate seamlessly with almost any environment.
Interconnected Communication and Information Systems have allowed organisations to become far more agile and flexible in pursuit of their goals. The security that protects them to should be equally as flexible in its response to existing and emerging threats.
Flexible security solutions
The decision module developed using Erudine’s Behaviour Engine technology is currently being used as part of EADS’ suite of flexible security solutions for large projects.