Products‎ > ‎

Yannis™

Quis custodiet ipsos custodies? - Juvenal in Satire VI

Yannis, the Roman God of Gateways

He had two faces, to guard both the interior and the exterior. A singularly appropriate name for a system that stands on the boundary between the secure and the un-secure and monitors for internal or external cyber threats.

Overview

Problem Statement

Cyber systems of all types are under constant attack from both external and internal sources. In an enterprise situation, there is too much data for human security operators to sift through. A system that can respond correctly to zero day attacks and review raw data, statistics, IDS and other indicators of network health is necessary. Ideally, the system could react faster than a human operator to mitigate an attack and / or serve as a cognitive aid within a SOC.

The system is designed for enterprise and cloud installations.

Detectors -  as setup for DHS independent testing (Enterprise Setup)

Phase I test detectors were:

  • SOM - variation of AiSense (FnnTEK's next step Self Organizing Map) to detect network anomalies
    • Video of SOM and FFT inputs HERE
Phase II detectors added:
  • IDS - IDS Logging interface
  • System Logs
  • Computed Packet / Network Statistics
Phase III detectors are:
  • 2d FFTs
  • Sophisticated SOM Controls
  • Elaborated Statistics
Phase IV detectors will include:
  • 3rd Gen SOM w/ multiple filter capability
  • Unstructured data sources
    • Plain Text sources - US-CERT, SANS newsletters, etc.
    • Video / Audio security seminar recordings
  • Non intrusive biometric user identification

Effector Determination

Phase I effectors was:

  • Human Operator SOM Interface (Human was the cognitive agent)
Phase II effectors were:
  • Stubbed Firewall Interface
Phase III are:
  • Abstract Firewall Interface, first backend firewalls are:
    • Linux IPTABLES
    • Cisco ASA Appliances
Phase IV effectors will include:
  • Abstract Router Interface
  • Abstract Switch Interface

Hardware

The system hardware is partially dependent upon the network the system is designed for - minimum production core system specs are: 2 12 core Xeon processors, 768GB memory, 8 Nvidia Tesla K80 GPU boards, 8TB SSD storage in Raid 6 w/ 2 stand by drives
Yannis - Roman God of Gateways