Phen has been integrated and educated on security application monitoring. Phen makes running system scans more efficient and reduces “run away” security processing.
Phen has a variety of methods he has been taught or learned. This self gained knowledge is utilized to make the system security processing more efficient, avoid extensive unnecessary network noise and minimizing the effects on a system’s mission. Phen is structured to eliminate CanSecure from inadvertently creating a DDoS scenario. Mission First is one of the primary factors in driving Phen’s choices about the security profile configuration for a system.
One of the first and only things Phen is told when CanSecure has been installed, is what networks Phen should care about. This are entered in by an IP address or CIDR address. And any number of combinations may be added.
Phen will then use this target address space to actively monitor and gather what systems have been added, removed or changed within the area of concern. When paired with NeTERS, Phen utilizes the passive monitoring strengths of NeTERS to detect these same changes in real time.
While detecting a new system, Phen will investigate and discover what applications are in use. Normal default scanning processes that Pen Testers will use, is to scan nearly 65,000 UDP and 65,000 TCP ports. Phen will identify the average 8-12 services in use and only target these. So Phen reduces the target ports from nearly 120,000 to around 10. This results in reduced network traffic, imagine the efficiency of network traffic gained in a network of 10,000 systems. Also remember that these scans are run in on a regular basis in a well protected environment.
Phen is managing the removal of devices / ports in the environment. This helps Phen to stop or pause various systems or services on any given system. Phen uses the history, as well as, being able to log into and investigate the state of a system. Phen will use his knowledge of Power Shell, Bash and even Cisco IOS or Nexus to develop an understanding of any changes, when they happened and why. Phen uses this in order to make accurate choices about the scanning configuration of that system.
As the security processes are run over time, Phen will gain an understanding of how long processing takes on a specific system, as well as, how long processing takes on similar systems. In defining a runaway process, Phen develops, writes and utilizes complex mathematical computations. Phen leverages advanced calculus to create formulas to limit a running security process.
On a given system, Phen considers both external and internal security additions. During the security analysis, Phen tracks the resources in use and can throttle the tests to provide a least impact effect on target systems. This again maximizes mission.
To summarize, Phen will do the following:
- Active and Passive monitoring to detect computer and application additions, removals or changes.
- Manage the Time-To-Scan and ensure a scan doesn’t run away on a target and effect mission.
- Derive when a system is the least busy and target scans for these opportune window. This is done to minimize any possible effects on running mission.
- Throttle the speed and depth of the scan (internal and external) based on system impact.
The complexity of managing individual systems and developing intimate understanding of each system does not allow for a programmatic solution. There is just too much knowledge comprehension needed to make the changes and decisions needed in large environments. This is what gives Phen the ability to do this and the edge above and beyond a programming solution. And humans have too much tedious data and other responsibilities to effectively manage these large environments. New services are undetected for far too long by current administrators.