The D3Events provides situational awareness to the network gateway, in order for it to appropriately respond to real or perceived threats.
D3Events will provide appropriate secure and interoperable interfaces for, publishing real-time and historical security metadata pertaining to devices attached to or communication through the network.
Interfaces are defined so that the decision making method can be logically and physically separate from the gateway
The following use cases are to be supported buy the D3Events interface
The principle use of the D3Events interface is a Smart Security Agent (SSA) which can take meaningful security related actions based on presented information
- Response: D3Events should provide sufficient real-time (or close to real-time) security relevant information about connected devices in order for the SSA to make meaningful security decisions.
- Profiling: D3Events should provide sufficient historical data about connected devices in order for SSA to maintain a profile about any specific device.
- Analysis: D3Events should provide sufficient historical data about all connected devices in order for SSA to perform longitudinal analysis on behaviours
- Forensics: (optional) D3Events may provide information to assist with forensic analysis of security events.
In developing a solution, we should consider the following real world scenarios
- Multiple routers: the network that needs protecting (in the widest scope) may consist of many physical routers or gateway devices. The
- Heterogenous network types: IOT networks can consider of many different network flavours. The initial focus is IP based gateways. However, LoRa, Zibgee, BT and Zwave are all examples of networks, with distinct respective gateway devices.
The design of the D3Events system should allow for the aggregation of meaningful security network data, from multiple gateway devices and from multiple network types.