Principles of Adaptive Corporate Network Security Management

Abstract

The problems of realizing attack detection processes in real time justify the use of a set of software and hardware that acts as an attack detection system (ADS) in a corporate computer network. Recently, the traditional individual approach to protecting a corporate network, based on the processing of its network traffic, is increasingly being improved by collective protection methods. In this case, the prevention and counteraction to unauthorized intrusions is based on active reconnaissance, processing large amounts of information stored and circulating on the Internet, creating of industry and national cyber security centers. This article considers the approach to the establishment of ADS, which use Internet resources of social networks, information from DB of international and national defense centers and also prehistory of computer corporative network attacks. It allows making forecasts of the danger state of the external environment relatively to the corporate computer network on the basis of which it is proposed to use the principles of adaptive security management of a computer network. The effective using of adaptive management, reducing the time for detecting threats, increasing productivity and optimizing the load of ADS components requires the selection of operational management procedures and tuning procedures for ADS analyzers that must operate at various computing capacities. This gives an opportunity to justify the functionality of the protection centers of corporate computer networks that can take on the tasks of configuring ADS analyzers of subordinate corporate networks connected by an integration information bus.