“As an industry, our goal should be to drive down MTTR (mean time to recover), controlling and limiting the impact of the event. The scale of this problem is all post-human. Our systems have grown so complex that no one human has the capacity to fully understand let alone defend them. We need to consider new models of trust and new models of operations that maximize visibility and improve system resiliency in the face of uncertainty.”
Justin Wilder of In-Q-Tel
https://www.iqt.org/cyber-investing-for-national-security-key-perspectives/
Secure by Default
All current cybersecurity and information management technologies, including AI, operate off-line at Audit-Time (post execution) to decide if an anomaly has occurred.
DADA X monitors the stream of events at the input side, as it attempts to pass through the message bus into the system. Proactive Security must work in the present moment, observing, understanding, responding and controlling the live stream of complex events passing into the system.
Decentralized security provides greater resilience
DADA X uses event patterns to monitor and mediate authorized process events, preventing process violations. DADA-X monitors the message bus for the correct order of operations to detect and remediate. This is a departure from the current historical approach to business and security management, where millions of permutation causes are first modeled and monitored inside databases for compromises.
Root cause analysis can detect and prevent security breaches and ensure correctness of operations. Run-time monitoring for correctness of operation provides security by default. Cybersecurity is not an add-on to our platform. It is at the core of the model-driven approach we use. DADA X monitors both inputs to the system from external sources and system outputs to provide real-time security, which is impossible to achieve with batch processing.
Instantaneous Threat Response
With ever increasing systemic management and security issues the decision making transformation from audit time to run-time is mandatory. Anomalous messages can instantly trigger remediation applications to prevent catastrophes. This sense and response capability is critical. The time to act against a threat is in milliseconds and at high accuracy. It also allows the source of threats to be pinpointed, solving the attribution problem in cybercrime.
DADA X offers a proactive approach to system security, monitoring only authorized process event patterns to prevent process violations before they occur. Instead of monitoring everything that happens in the system, it focuses only on specific patterns of events that are authorized. If any events occur that don’t fit those patterns, they are considered violations and the system takes action to prevent them from causing harm. The monitoring, detection and remediation all happens before the data enters the system. This approach is superior to reacting after an attack has already happened because it is proactive and can stop an attack before it causes damage. Another advantage is that it is easier to manage because it only requires monitoring a smaller number of authorized event patterns. By monitoring the business logic end-to-end, an entire network of events / devices can be secured and managed for instant response and remediation.