Implementing an Integrated Network Defense Construct
Abstract
Traditional network architectures rely on boundary protection mechanisms to prevent malicious actors from gaining access to systems that host sensitive or mission critical data. Historical examples, however, demonstrate that a determined adversary with sufficient resources can establish footholds internal to the network. Leveraging these footholds, the adversary may maneuver within the network with impunity; largely due to the lack of network monitoring and alert correlation. To combat this threat, capability gaps must be addressed that provide enhanced situational awareness and allow evaluation of system security from the inside-out, as opposed to traditional penetration testing which uses outside-in techniques. Furthermore, advances in network defense must be integrated in a fashion that is complementary versus competitive in nature. Comparing network defense with a proven system that utilizes the attributes of collaboration and integration in a seamless manner provides valuable insight into addressing these deficiencies. This research examines the integrated air defense system construct and applies the command and control characteristics to network defense. Findings demonstrate that the improvements will provide unprecedented situational awareness and help mitigate an adversary's ability to maneuver throughout enterprise networks.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2013
- Accession Number
- ADA587999
Entities
People
- Jonathan W. Butts
- Robert F. Mills
- Ronald J. Clark
Organizations
- Air Force Institute of Technology