The disclosure pertains to the field of computer networking. The asymmetrical threat posed by cyber-attacks and the persistent vulnerabilities of cyberspace have become an increasing concern to governments and critical national infrastructure operators. Intelligent adversaries in cyberspace today, especially nation-state sponsored actors, can externally co-opt legitimate systems from any locations over the globe to coordinate intrusion attempts. Cyber-attacks provide the ability to cause considerable damages from a remote location with relatively few resources, resulting in the disruption of supply, economic impact, or even a catastrophic event. The global nature of the cyber threat impedes attempts at defining boundaries of cyberspace. Of particular national security concern is the threat of disruption to telecommunications, electrical power, energy pipelines, refineries, financial networks, health systems, and other essential services.
Hypothetical approaches for analyzing these threats become increasingly complex as the communication technologies (data rates and protocol) continue to evolve. The fact is that more smart devices are being connected to the Internet and more traffic is being generated every day. Furthermore, these signal flows across today's networks are frequently changing due to the advances of mobile devices and technologies. As a result, the visibility of analysts can become quickly limited with respect to the network configuration.
A complete situational awareness approach is needed for a comprehensive analytic in order to identify precisely and react quickly to cyber threats. A multi-dimensional methodology requires continual information collection about cyber threats occurring at different geographically diverse locations and the characterization of intelligence across multiple analytic domains. Therefore, analysts are not only presented with the challenge of an unprecedented amount of raw data but also the requirements for integrating different analytic tools. Added to these challenges is the fact that hypothetical solutions would rely on a set of equipment hard-wired to signal processors, resulting in a rigid network that could only handle a small number of signals at a time. When signals are dynamically changing or need to be collected or processed at a different location with new equipment, network operators must re-map the existing processing capacities.
In order to truly implement a comprehensive effort to thwart modern cyber-attacks, analysts require an automated and interoperable solution that is capable of addressing the aforementioned challenges. Automated analytics can increase the speed of action, optimize the decision making process, and ease adoption of new cyber security solutions. What is needed is an infrastructure capable of integrating new tools and software with minimal disruption and effort, to broaden and strengthen the capabilities of current analytic tools, to create new intelligence, and to improve situational awareness.