new mutation step
This building block represents the new Mutation step in the Cybersecurity framework cyclic process. The technologies will supervise that the used defence methods are producing the expected results. To do so, it is necessary first to define the metrics that describe the performance of the deployed tools, secondly, to analyse those metrics along time, and third make the proper adjustments of the deployed tools.
To achieve this, the Mutation function defines the appropriate policies towards the mutation of the systems following the safe recovery of capabilities and services impaired by a cybersecurity event. The block is composed of the following enabling layers of technology:
Mutation logic
The mutation logic layer connects the data collection and AI (THOR) and the Resilience actions (ODIN) enabling an AI-based decision support system.
Adversarial Intelligence and machine learning models
will be trained on data patterns resulting from large scale simulated cybersecurity events (AMORA). This layer will rely on efficient data provenance and technical data lineage that will be fed into the analytics pipeline and used to enable tracing or errors. The data pipeline will help us build warning systems trained on past synthetic historical data considering the origin and transformation journey of data in the system.
Interactive visualization widgets in conjunction with the Mutation logic and the ML analytics
will allow users to retrain various threat hunting models (Entity, Event, TTP and IOC) using appropriate algorithms like Aggregations, Anomaly Detection, Behavioural deviations and detection. This layer is also incorporating the automation of rules imposed by ODIN.