The CISO´s Multitool Knife

In this article we present a security tool that aims to help Chief Information Security Officers (CISO) and their staffs accomplishing their jobs. A CISO and its staff identify, develop, implement processes in order to respond and mitigate threats against the information system of their employers company. Nowadays, the information systems are so complex that it becomes hard to analyze what is going on these systems and consequently hard to react in real-time and in an adequate way to the potentially- malicious events that may occur. The tool described in this article is especially designed to react in real time to various threats and challenges occurring, this mechanism is distributed and fully automated, no human intervention is required. This tool is composed of two distinct parts: the immune system and its memory. The immune system has agents that collect data on various different entities infrastructure review, analyze and deduce the Security Assurance values of these entities and commits an immune response (reconfiguration, isolation of the compromised parts, etc) upon detection of anomalies or threats. The memory securely logs the information on the events considered as potentially malicious by the immune system and the corresponding immune responses. These logs could be used by the CISO and its staff to perform digital forensics and readapt its security policies. The immune system and the memory are also able to react to and tolerate failures or attacks since they are deployed over a resilient overlay network called ROSA. Our tool is the perfect "Multitool Knife" for the CISO.