Phen has been integrated and educated on security application monitoring. Phen makes running system scans more efficient and reduces “runaway” security processing.
Phen has a variety of methods both taught and learned. This self-gained knowledge is used to make the system security processing more efficient, avoid extensive, unnecessary network noise, and minimize the effects on a system’s mission. Phen is structured to eliminate CanSecure from inadvertently creating a DDoS scenario.
Mission First is one of the primary factors in driving Phen’s choices about the security profile configuration for any given system.
One of the first and only things Phen is told when CanSecure has been installed is what networks Phen should care about. These networks are entered in by an IP address or CIDR address.
Any number of combinations can be added.
Phen then uses targeted address space to actively monitor and gather what systems have been added, removed, or changed within the area of concern. When paired with NeTERS, Phen utilizes the passive monitoring strengths of NeTERS to detect these same changes in real-time.
When detecting a new system, Phen investigates and discovers what applications are in use. Normal default scanning processes that Pen Testers use involves scanning nearly 65,000 UDP and 65,000 TCP ports. Phen identifies and targets only the average 8-12 services in use.
Simply put, Phen reduces the target ports from nearly 120,000 to around 10, resulting in significantly reduced network traffic.
- Imagine the incredible efficiency of network traffic gained in a network of 10,000 systems, especially considering these scans are run on a regular basis in a well-protected environment.
Phen is managing the removal of devices/ports in the environment. This helps Phen to stop or pause various systems or services within a given system at any given time.
Phen uses history while being able to log into and investigate the state of a system. Phen uses his knowledge of Power Shell, Bash, and even Cisco IOS or Nexus to develop an understanding of any changes – when these changes happened and why these changes happened. Phen uses all of this information to make accurate choices about the scanning configuration of that particular system.
As the security processes are run over time, Phen gains an understanding of how long processing takes on a specific system and how long processing takes on similar systems. In defining a runaway process, Phen develops, writes, and utilizes complex mathematical computations. Phen leverages advanced calculus to create formulas to limit a running security process.
On a given system, Phen considers both external and internal security additions. During the security analysis, Phen tracks the resources in use and can throttle the tests to provide a least-impact effect on target systems. This again maximizes mission.
To summarize, Phen does the following:
- Active and Passive monitoring to detect computer and application additions, removals, or changes.
- Manage the Time-To-Scan and ensure a scan does not run away on a target and effect mission.
- Derive when a system is the least busy and target scans for this opportune window. This is done to minimize any possible effects on running missions.
- Throttle the speed and depth of the scan (internal and external) based on system impact.
The complexity of managing individual systems and developing an intimate understanding of each system does not allow for a programmatic solution. There is simply too much knowledge comprehension required to make the changes and decisions needed in large environments.
This is what gives Phen the edge above and beyond a typical programming solution. Humans have too much tedious data and other responsibilities to effectively manage these large environments. New services are undetected for far too long by current administrators.