PRC's Information Security Officer's Assistant (ISOA)
jtruitt@dw3f.ess.harris.com
Fri, 05 Aug 94 12:03:03 -0400
PRC's Information Security Officer's Assistant (ISOA) is a state-of-the-art
system for monitoring security#030#relevant behavior in computer networks. The
ISOA serves as the central point for real-time collection and analysis of audit
information. When an anomalous situation is identified, associated indicators
are triggered. The ISOA automates analysis of audit trails, allowing
indications and warnings of security threats to be generated in a timely manner
such that threats can be countered. The ISOA reduces massive amounts of audit
records into a form which is meaningful and readily comprehended. After
receipt and normalization of audit records, the ISOA performs analysis in a
number of dimensions, including: detection of specified events and/or
situations, threshold exceptions, statistical checks, and expert system threat
evaluation.
ISOA allows a single designated workstation to perform automated security
monitoring, analysis, and warning. Without requiring constant interaction, the
ISOA user interface alerts the security officer to a variety of security
situations. The security status of the monitored network is represented in
graphical and textual form. When unusual or anomalous situations are detected,
they are brought to the attention of the security officer who can obtain
further information, initiate more involved analysis, and optionally intervene
or terminate the situation. Automated responses may be defined, including
terminating user sessions, locking user accounts, forcing biometric
identification, and shutting down hosts.
While ISOA is not a commercial product, it is a fully functional research
product which requires configuration for new environments. This system was
developed by PRC under an approved and formally reviewed IR&D program.