A Framework for Resilient Remote Monitoring

Abstract

Today's activities in cyber space are more connected than ever before, driven by the ability to dynamically interact and share information with a changing set of partners over a wide variety of networks. To support dynamic sharing, computer systems and network are stood up on a continuous basis to support changing mission critical functionality. However, configuration of these systems remains a manual activity, with misconfigurations staying undetected for extended periods, unneeded systems remaining in place long after they are needed, and systems not getting updated to include the latest protections against vulnerabilities. This environment provides a rich environment for targeted cyber attacks that remain undetected for weeks to months and pose a serious national security threat. To counter this threat, technologies have started to emerge to provide continuous monitoring across any network-attached device for the purpose of increasing resiliency by virtue of identifying and then mitigating targeted attacks. For these technologies to be effective it is of utmost importance to avoid any inadvertent increase in the attack surface of the monitored system. This paper describes the security architecture of Gestalt, a next-generation cyber information management platform that aims to increase resiliency by providing ready and secure access to granular cyber event data available across a network. Gestalt's federated monitoring architecture is based on the principles of strong isolation, least privilege policies, defense-in-depth, crypto-strong authentication and encryption, and self-regeneration. Remote monitoring functionality is achieved through an orchestrated workflow across a distributed set of components, linked via a specialized secure communication protocol, that together enable unified access to cyber observables in a secure and resilient way.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2014
Accession Number
ADA610309

Entities

People

  • Aaron Adler
  • Michael Atighetchi

Organizations

  • RTX

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Application Protocols
  • Authentication
  • Computer Networks
  • Computer Programming
  • Computers
  • Cyberattacks
  • Denial Of Service Attack
  • Environment
  • Information Operations
  • Infrastructure
  • Language
  • Monitoring
  • Network Protocols
  • Networks
  • Operating Systems
  • Security
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Joint Military Operations and Doctrine.

Technology Areas

  • Cyber
  • Space