Computer Network Defense Framework

Sentar designed, developed and deployed its Computer Network Defense Framework, an advanced system of systems utilizing Sentar's patented Agent-based, Knowledge-design Assistant technology. Sentar's CND Framework incorporates knowledge situation awareness, decision-support systems, sensors and agents to provide effective, flexible cyber-defense capabilities that can be quickly purpose-designed to solve the most advanced cyber challenges.

WCI-CND, SABOR, and AKA-CND are designed to provide intelligent situation awareness for network security managers, using a multi-agent framework for sensor integration, information fusion, correlation, and decision support; the AKA-CND provides runtime knowledge authoring for WCI-CND; and the SABOR project extends Sentar's KnoWeb® framework with technologies to support the continued optimal operation of distributed applications in the presence of changing resource demands and availability.

WCI-CND | Work Centered Interface for Computer Network Defense

wcicndapplargeWCI-CND is a highly evolved Computer Network Defense situation awareness and decision-support system. This effective, flexible cyber-defense capability is built upon an extensible technology for integrating best-of-breed network defense sensors and performing intelligent information fusion, correlation, and policy-based decision support. WCI-CND implements and monitors security policy compliance and enforcement, correlates data from vulnerability, seamless surveillance sensors, security policy and other inputs to synthesize high-level security knowledge to provide the security manager with an integrated situation awareness of the security posture of a network.

The use of easily adaptive model processing enables the system to implement evolving policies and technological capabilities. The WCI-CND intelligent agents understand the cyber defense concepts they implement through an advanced internal language system utilizing highly evolved artificial intelligence. The system and agents emulate the thought process of a security manager enabling system-advanced capabilities for accomplishing automated correlation and decision support. This is unlike other systems that are built upon sets of rules and/or algorithms with capabilities for particular sets of issues, but actually do not have an internal language comprehending the security concepts in cyber-defense.

WCI-CND is sensor-independent with a standardized approach for sensor interfaces, enabling it to consume data from any input easily. WCI-CND is hardware platform independent and can be deployed anywhere and/or everywhere across the network and was designed for continuous evolution to easily incorporate changes in technologies or priorities, including the introduction of any new technology, whether it is a new response capability, a new type of sensor or information-generating source, irrespective of the OS, interface or type of data generated.

SAB-CND | Secure Agent-Based Platform for Computer Network Defense
SABOR | Secure Agent-Based Operations Reconstitution

sabsmallSAB-CND & SABOR are part of Sentar's Computer Network Defense Framework. The SAB-CND Platform integrates conventional security measures with innovative intelligent analysis and response measures based on IBM's concepts of autonomic computing. SABOR provides operational reconstitution. In the SABOR environment, software will automatically rebuild and continue operating after being attacked. Opportunities for SAB-CND and SABOR deployment include military CND applications as well as any mission critical system network. In addition to CND applications, the general secure agent-based platform is applicable to such areas as Network Centric Warfare (NCW), emergency management, electronic market places, and the semantic web.

These technologies secure Computer Network Operations (CNO) applications by using both conventional security measures and a set of innovative intelligent measures that employ Autonomic Computing defensive concepts. Specifically, SAB-CND has the ability to detect malicious activities and attacks based on unexpected behaviors, as well as performance degradation, and takes appropriate action to ensure continued CNO operations.

AKA-CND | Agent-based Knowledge-design Assistant for Computer Network Defense

akacndAgent-based Knowledge-design Assistant technology for Computer Network Defense (AKA-CND) provides security managers with a powerful tool that will allow them to respond rapidly and flexibly to changing hostile network conditions. Security managers can adapt the system to maintain continuity of operations, even in the face of extreme circumstances, and perform post-attack forensics quickly and easily. AKA-CND also provides rapid response to security policy revisions and provides its users with greater autonomy in adapting the CND capability to new and evolving requirements in areas such as post-attack forensics and continuity of operations. By enabling security systems to adapt and evolve the CND capability to new and unforeseen conditions, AKA-CND will enhance the ability of mission critical systems to withstand advanced persistent cyber-attacks.

SCAND | Security Configuration Auditing for Network Defense

scandlargeSentar's SCAND technology automatically monitors and audits system security configurations; assuring compliance with established security policies. SCAND uses multiple, distributed, intelligent software agents, which may be mobile, to compare the security configurations of network devices and software with established security policy. The agents will either notify the security manager before proceeding, or automatically implement the necessary configuration changes to the system found in violation of the policies. It is based upon an agent platform that provides secure execution and host migration and is another part of Sentar's Computer Network Defense Framework that supports responsive decision making by network security managers.