SOAR国外产品 IACD 集成自适应网络防护框架

yunniao789 · 2020年09月03日 · 956 次阅读

什么是 IACD?

集成式自适应网络防御(IACD)定义了一种策略和框架,以采用可扩展的,自适应的,基于商业现成(COTS)的方法。 我们的目标是通过集成,自动化,编排和共享机器可读的网络威胁信息来极大地改变网络防御的时间表和有效性。

What is IACD?

Integrated Adaptive Cyber Defense (IACD) defines a strategy and framework to adopt an extensible, adaptive, commercial off-the-shelf (COTS)-based approach. Our goal is to dramatically change the timeline and effectiveness of cyber defense via integration, automation, orchestration and sharing of machine-readable cyber threat information.

Integrated Adaptive Cyber Defense (IACD) is a strategy and framework to adopt an extensible, adaptive, commercial off-the-shelf (COTS)-based approach to cybersecurity operations.

IACD increases the speed and scale of cyber defenses by leveraging automation to enhance the effectiveness of human defenders, moving them outside the response loop into a response planning and approval role “on the loop” of cyber defense.

This effort is sponsored by the Department of Homeland Security (DHS) and the National Security Agency (NSA) in collaboration with the Johns Hopkins University Applied Physics Laboratory (JHU/APL). Through jointly sponsored research (in collaboration with the private sector), IACD defines a framework—including reference architectures, draft specifications for interoperability, use cases, and implementation examples—to adopt this extensible, adaptive approach to cybersecurity operations.

Our goal is to dramatically change the timeline and effectiveness of cyber defense via integration, automation, and information sharing. By executing a series of reference implementations through rapid iteration, IACD is able to explore different use cases. These use cases are used to provide insights to:

  • Prove concepts by integrating commercial products
  • Provide insights to potential challenges
  • Identify gaps in technology, available commercial solutions, policies, and standards
  • Gather requirements to facilitate appropriate standards development

集成式自适应网络防御(IACD)是一种策略和框架,可采用基于可扩展,自适应,商业现成(COTS)的方法来进行网络安全运营。

IACD 通过利用自动化来提高人类防御者的效率,将其从响应循环之外转移到网络防御 “响应循环” 中的响应计划和批准角色,从而提高了网络防御的速度和规模。

这项工作是由国土安全部(DHS)和国家安全局(NSA)与约翰霍普金斯大学应用物理实验室(JHU / APL)合作发起的。通过联合发起的研究(与私营部门合作),IACD 定义了一个框架(包括参考体系结构,互操作性规范草案,用例和实施示例),以将这种可扩展的自适应方法应用于网络安全运营。

我们的目标是通过集成,自动化和信息共享来显着改变网络防御的时间表和有效性。通过快速迭代执行一系列参考实现,IACD 能够探索不同的用例。这些用例用于提供以下方面的见解:

  • 通过集成商业产品证明概念
  • 提供对潜在挑战的见解
  • 找出技术,可用的商业解决方案,政策和标准方面的差距
  • 收集要求以促进适当的标准制定

KEY IACD TECHNOLOGY AREAS

Within the IACD framework, there are foundational technologies behind the framework that provides key insights into how one deploys and utilizes IACD in their own environment. We provide more detailed analysis into these areas:

  • Orchestration
  • Information Sharing
  • Playbooks

IACD 关键技术领域

在 IACD 框架内,该框架背后有一些基础技术,可提供有关在自己的环境中如何部署和利用 IACD 的关键见解。 我们提供以下方面的更详细分析:

  • 编排
  • 信息共享
  • 剧本

The IACD Readiness Framework breaks down the adoption process into a series of manageable stages that an organization can adapt to make its SOAR deployment more easily achievable.

IACD 就绪框架将采用过程分为一系列可管理的阶段,组织可以进行调整以使其更易于实现 SOAR 部署。

From:https://www.iacdautomate.org/aboutiacd

暂无回复。
需要 登录 后方可回复, 如果你还没有账号请点击这里 注册