Friday, September 22, 2006

The Art of Digital War - [Part 3] Abstract Data Types in the Security Domain

Abstract Data Types in the Security Domain
The objective of this section is to identify the key abstract data types required to handle any type of security related data to identify the Digital Intrusions / Extrusions and take necessary remediation process to mitigate those attacks.



Handling of millions of network events (generated by Routers, Firewalls, IDS/IPS etc) per day is one of the key elements of all the Security Management solutions. Other set of information collected for processing and mining the attack pattern involves OS logs, vulnerability information of an asset, network topology, Asset Database, Identity Management systems and Application Logs. So you end up having lot of different data types. One of the biggest challenges is to normalize this information across the vendors. However, before the normalization process the key element is to identify and classify the data types.
So, let me start with two fundamental data types and let us see how these data fits into all the data sources available from different vendors and creates Digital ‘Conversations’. 

To find out more about this, read more in my blog