Architecture for an innovative, knowledge-based, and collaborative, security and dynamic response system

Facebooktwitterredditlinkedinmail

The CyberSANE System intends to be an innovative, knowledge-based, collaborative security and response dynamic system. Its main goal is to implement all phases of the Cyber incident handling lifecycle, increasing the agility of the security professionals and encourage continuous learning.

Based on the Microservices Architecture pattern, CyberSANE architecture is similar to Services Oriented Architectures (SOA) without the web service specification (WS-*) and an Enterprise Service Bus (ESB), for implementing the integrated service logic. Towards this, CyberSANE platform will:

  • Favour simpler, lightweight protocols such as REST, rather than WS-*

  • Avoid using ESBs, but instead it will implement ESB-like functionality in the core CyberSANE component

In this respect, CybeSANE architecture (Figure 8) will implement several generic architectural layers:

  • the CyberSANE Apps layer, in which the web applications reside
  • the Core CyberSANE System, which is actually the central core component
  • the CyberSANE Ecosystem, in which all available on the project existing tools reside
  • the 3rd Party Apps layer, in which 3rd party outside the CyberSANE application and/or system integrate with the platform itself

The following paragraphs introduced one-by-one the main components, applications and services in each one of the generic architectural Layers described previously.

CyberSANE System Architecture Overview

The CyberSANE Apps layer hosts the web applications, which will be split into the main dashboard and the already implemented dashboards within the existing tools to be integrated. This will facilitate the deployment of distinct experiences for all CyberSANE user types, devices, or specialized use cases that may require support during the project.

The core CyberSANE platform implements the horizontal business logic, since most of the business logic of the individual services is implemented on the existing tools that will be integrated. However, additional business services (i.e. advanced reports, notifications, etc.) are required in order to build upon these existing services and provide them to the different users in a unified and similar way. Therefore, this horizontal business logic defines several services, domain objects, and events required for the realization of the CyberSANE platform.

Surrounding the core are adapters (i.e. Orchestration module & API, Policy Enforcement module) that interface with the other building blocks and modules of the core system. The Data & Service Registry component does not only store the data required internal the Core CyberSANE System, but also the business data acquired from the integrated tools and services and is necessary to be further processed and produce specific reports.

The proper enhancement of the trust relationship between all the involved CyberSANE entities is achieved through the Identity Management & Access Control component.

In order to extend message queueing services that allow CyberSANE platform to provide an asynchronous communications protocol, putting messages onto a message queue and not requiring an immediate response to continuing processing, the system implements the Messsage Brokering & Queuing component.

One of the most important and custom modules of the CyberSANE architecture is the architectural layer CyberSANE Adapter, which is responsible for distributing, controlling, and analysing the various APIs, enabling the interoperation of the various CyberSANE applications and data across the whole platform.

This centralized element is a componentized and as previously mentioned custom module, built specifically and individually for properly enabling the interoperation of the core CyberSANE platform with every specific tool, required to be implemented in the platform. It consists of 5 concrete and customs sub-modules:

Each one of the aforementioned sub-modules serves as a broker middleware, ensuring that:

  • Each available tool from the CyberSANE Ecosystem side is successfully integrated with the CyberSANE core component

  • All received messages will be properly transformed (if required) and forwarded to other internal CyberSANE core modules for further processing. This is achieved by invoking multiple internal modules and aggregating the results.

  • Routing functionalities (from and to the CyberSANE core component) is properly executed.

CyberSANE Adapter allows loose coupling between the core platform and the integrated systems, as well as the integration configuration to be accomplished within a central repository, which means less repetitive configuration.

The bottom layer of the Core CyberSANE system implements Infrastructure and Support services such as Logging and Auditing, Monitoring, Caching, etc.

The CyberSANE Ecosystem currently hosts all 11 tools that are utilized and provide a significant set of services and features for each of the main CyberSANE components such as the LiveNet, DarkNet, HybridNet, ShareNet and the PrivacyNet. Each functional area of these tools is integrated separately.

Last but not least, the CyberSANE architecture recognizes a separate architectural layer, in which all 3rd party applications and tools, excluding those that provide core services for the CyberSANE main components described above, reside and integrate with the CyberSANE services.


Leave a Reply

Your email address will not be published.