Systems Threat Event Monitoring & Correlation [2007]

As computer network systems used by military, government, and business organizations become more vital to the organizational mission, they also grow larger, faster, more complex, more heterogeneous, and more difficult to protect.  Nowhere is the nation’s reliance on network systems more critical than in network-centric warfare (NCW). Successful conduct of NCW requires information sharing across a span of information domains and networks. Among the many challenges to successful NCW is the requirement for the networks to be robust and secure.  Necessary to securing these networks is the provision of a technology for active network management.

Sentar's Active Resource Manager (ARM), provides intelligent monitoring and control for networked systems, enabling network security personnel to respond rapidly and effectively to cyber threats. ARM will integrate data from an extensible set of network management resources, cyber-defense components, and executable policies. Near real-time reasoning agents aggregate and correlate network events and generate response recommendations. An integrated enterprise management system is used to execute responses as directed by the security manager. ARM was developed under sponsorship by the US Office of the Secretary of Defense and managed by the Air Force Research Labs in Rome, New York.

ARM is a piece of Sentar’s comprehensive technology for cyber defense, fitting within its integrated information management and assurance solutions.  Of the many Sentar initiatives underway, the most relevant to ARM is the Multi-agent Computer Network Defense Framework.

ARM provides a central location to understand and react, often automatically using pre-scripted responses, to cyber attackes and intrusions occuring on systems protected and monitored under this Framework.