Devices, things, and mobility options demanding access have been increasing significantly. Their surface to the external world is expanding, exposing their assets to a variety of attack possibilities. The IT system goes through millions of operating situations. One out of these situations may compromise security. On the other hand, there is a multi-fold rise in motivated attacks. The attack ecosystem is scalable, advanced, and persistent. We are in an age of continual compromises. The arrangement for prevention is falling short and struggling to cope with the scale and complexity of challenges. The system should have the capability to monitor itself to identify a potential variance from its standard behavior. It should validate the degree of confidence in the current state, check for possible weaknesses and vulnerabilities, reconfigure to harden itself to counter the attacks, quickly search for patches or updates. While doing so, it should try to limit damage in case of compromises and resume normal operations in the shortest possible time without disrupting business. The challenge is to ensure that all this happens without human intervention, in automated fashion, and on a real-time basis. Preventive security measures, procedural arrangements deployed for protection, and human intervention are likely to fail to identify an incident and act in time to recover from it. Hence, it is essential to have a security solution that offers self-healing capability.
After-thought security measures are increasingly getting challenged by the volume, scale, complexity, and velocity requirements. Reliance on human intervention is likely to introduce delays. Relevant contexts, situational awareness, historical facts, and current state are likely to get missed while taking a security decision. Deliberate efforts of identifying vulnerabilities, identifying weaknesses, finding solutions, and applying corrective measures or patches often go in favor of the attacker as they are time taking and not complete. Conventional security techniques that are human dependent and non-regenerative may lack automated reasoning abilities and thus may not evolve in line with the scalable attack ecosystem. Hence, it's essential to think of a solution that offers self-monitoring, self-diagnosis, self-testing, self-adapting, and self-healing capabilities to the IT systems. It should monitor the behavior continually, automate the detection of vulnerabilities, and automate the corrective actions such as applying patches. It should identify and isolate security compromising instances from millions of operating situations, limit the damage, and return to normalcy in the shortest possible time. It might require going to the level of hardware, firmware, and memory to ensure thorough monitoring and checking up the legitimate running conditions. A secure environment may be required to be created for the execution of embedded task processing, which can adapt to the changing situations in real-time. It might have deployed behavioral analysis at the network level to detect suspicious behavior and identify malware attacks. Fundamental security processes, hardening, and patching may require overhauling to remove human intervention. As it would rely on automated decision making, the reasoning behind each of the decisions may warrant specific technology attention and strong mathematical foundations.
Possible Target: Any of the following, combination of them, but not limited to:
Industry Use Cases: