NetSecOps : Network Security Operations
University campus infrastructures count among the most complex and sophisticated information technology (IT) deployments; often combining a mix of enterprise, academic, research, and healthcare environments, each having their own distinct security, privacy, and priority policies. Dealing with the security of this complex and highly dynamic environment is extremely challenging, particularly since Campus IT infrastructures are increasingly under attack both from external Internet sources, and often unknowingly, from internal campus devices. Different segments of the campus have very different policies and regulations that govern its treatment of sensitive data (e.g., private student/employee information, health care data, financial transactions etc.). Further, the unique requirements of data-intensive scientific research traffic often require exceptions to conventional IT policies, which typically result in ad-hoc solutions that bypass standard operational methods and procedures, thus leaving both the scientific workflow and the campus as a whole vulnerable to attack. In short, state-of-the-art campus security operations still heavily rely on human domain experts to interpret high level policy documents, attempt to implement those policies through low level mechanisms, manually implement exceptions to these policies to accommodate scientific workflow requirements, interpret reports and alerts from a variety of security point solutions, and be able to react to security events in near real time on a 24-by-7 basis.
In this project we address these challenges through a collaborative research effort, called NetSecOps (Network Security Operations), that attempts to assist IT security teams by automating many of the operational steps that are tedious, error-prone, and otherwise problematic in current campus networks. NetSecOps is policy-driven in that the proposed framework encodes high level human readable policies into systematic policy specifications that drive the actual configuration and operation of the IT infrastructure. NetSecOps is knowledge-centric in that the proposed framework will capture data, information, and knowledge about the infrastructure, and, maintain this data in a central knowledge store, allowing the framework to realize IT operational tasks, and the knowledge-store to inform and guide those tasks.