As the volume of malicious traffic continues to rise and new threats emerge every day, cyberattacks are becoming increasingly dangerous and sophisticated. When organisations want effective and simple tools to monitor and protect their systems from being hacked, various cybersecurity technologies come to the rescue. In the case of the Edge-Cloud environment that forms the basis of the Pledger architecture, its dynamic, service-oriented nature creates additional challenges, as the environment is prone to frequent change.
To that extent, Pledger is proposing a big data architecture that is capable of collecting threat information from multiple tenants and across multiple instances of security services. In our first demo, we deploy two instances of the Suricata Intrusion Detection System, configured for intrusion detection as well as a “honeypot” instance. These instances stream their data through INTRA’s Streamhandler platform (Figure 1). An ELK (Elastic, Logstash, Kibana) stack is utilized to aggregate, index and visualize the threat information. The use of Streamhandler makes this architecture highly scalable in terms of data volume and allows an infrastructure operator to have a “bird’s eye” view of the threats across their clients.
Our demo is available on YouTube, and illustrates the basic architecture, as well as the variety of threat information and related statistics. The data illustrated in the demo represent real attacks to our infrastructure, detected by the Suricata instances over a period of time.