When intrusion detection systems were first being developed in the 1980s and early 1990s (1) actual attacks were extremely rare, (2) only a small number of vulnerabilities were typically known at any given time, (3) few important systems were connected to open networks, (4) the variety of interactions and interdependencies between processes and systems were limited and (5) the largest open network, the Internet, was relatively small. Today, all this has changed, and because of the change, we should reconsider the role of monitoring in our information systems. We propose a radical system design that repositions sensors from the role of detecting and responding to attacks to the role of predicting and preparing for attacks. Furthermore, by integrating information on control surfaces, system dependencies, a unifying ontology, and identifying power-law properties in the network, we can dramatically increase the inherent security of a site. Our proposed Environment-Aware Security System changes the role of monitoring from a detect and respond role to a predict and prepare role. The end result is that the entire network is significantly more robust to attacks from outsiders, insiders, and automated attacks such as worms. Since securing a system is much less expensive than recovering from an attack, such an approach is considerably more cost effective for an organization. And since the entire system is considerably more robust, the probability that an attack will affect mission critical operations is dramatically reduced.
Keywords: Intrusion Detection, Power-Law, Threat Analysis, Network Control Surfaces, Vulnerabilities, Kuang, Ontology
