IDUNN´s third newsletter released! Introducing HEIMDAL
HEIMDAL, presented under the IDUNN project, is a dynamic threat detection tool composed of microservices that process real-time events in both the OT environment and externally to detect incidents or threats. These events encompass abnormal and suspicious activities in the network and host, leveraging external databases for discovered vulnerabilities and exploits.
Highlighted Features of HEIMDAL:
Communication and System Monitoring: Monitors traffic using various tools, including communication, system status, device monitoring status, and policy/firmware updates. Data from AMORA aids in identifying potential threats, enabling visibility from system to hardware/device levels.
Vulnerability Intelligence: Offers a runtime exploits-vulnerabilities search engine to identify vulnerabilities and exploits, facilitating measures to mitigate potential or ongoing attacks.
Source Code Analysis: Involves code analysis, license checking, security levels, software license violations, and identification of known vulnerable versions.
Human in the Loop: Detects human misuse or actions within the system.
Tasks Involved in HEIMDAL’s Development:
Identifying Data and Sources for Global Threat Discovery: Establishes an architecture for dynamic threat discovery, allowing the incorporation of new threat sources without data loss.
Design of Trusted Network Connect Architecture for Endpoints: Incorporates dynamic threat discovery architecture within the framework of the Trusted Network Connect Architecture to build control, detection, and response endpoints.
Development of Threat Detection System: Defines an AI-based federated architecture for threat detection, focusing on mathematical models and technology-dependent layers.
Data Digestion and Preparation for Forecast Detection: Adds statistical and machine learning models for long-term predictions, applying time-series models with explicit and implicit variables.
Verification of Threat Analysis Systems (HEIMDAL): Designs and develops a threat analysis engine with a validation plan to assess the capability to automate the deployment of cybersecurity policies under various circumstances.
HEIMDAL stands as a comprehensive toolset designed to address cybersecurity challenges, offering real-time threat detection and analysis capabilities across diverse environments.