To meet the high demands on infrastructure and information technology from both an organizational and regulatory perspective, the focus today must be on much more than just the availability of digital systems, assets and data centers. While the classic SOC (Security Operation Center) remains an important building block for the operation and management of electronic system components, today’s requirements go far beyond device and continuity management. SIEM (Security Information and Event Management) and IDS (Intrusion Detection System) are also no longer the only security areas to protect the infrastructure being managed.

A machine-centric approach is formulated for a holistic view of requirements.

Machine-centric approach

For compliance, a machine-centric approach is preferred at this point, as this view is best suited to realize both legal requirements and company-wide guidelines for systems in both technical and organizational terms. Many compliance regulations work with device and protection classes. Both external and internal regulations for all managed computer systems can be managed and monitored for compliance from a central location.

Widely distributed networks can be permanently and centrally monitored for vulnerabilities, bottlenecks in system resources, missing or outdated virus protection, missing patches, unstable system states, etc., with minimal effort for roll-out as well as minimal manpower for operation. Deviations from compliance requirements – here, of course, multiple definitions for different machine classes and/or regions are possible – are reported immediately. As a reaction to deviations from the defined compliance requirements, automated responses are also possible to close the gaps instantaneously.

In the example shown here, which is intended to illustrate the methodology of requirements presentation and analysis, the use case deals with a network in the central office, several servers in the DMZ, another network of a remote office, and a data center.

The C2C server (Compliance to Code Server) in the central office monitors the resources available in the same network (servers, clients, printers, routers, switches, etc.) and manages them via the Management Console. The respective resources in the network can be scanned with minimal effort, and without installing an agent, integrated and, if desired, assigned to device and protection classes. For these device and protection classes, sets of rules can be applied to monitor the respective compliance requirements.

Resources in remote networks or network segments are reached via satellite systems. These take over the task of agent-free monitoring and management of device and protection classes there and are connected to the central C2C server.
As shown here, it does not matter whether the remote network comprises a second office or a data center. In each case, only one satellite system is required, which is connected to the C2C server. The systems in the DMZ can also be managed with only a single satellite system.

The enormous advantage for a machine-centric approach at this point is the possibility of applying the superposition principle. Multiple, individually formulated use cases can be superimposed. Individual rules can be formulated in isolation to fit into a larger and more complex whole.

This superposition principle, known from physics, is used for linear problems in many areas (forces in classical mechanics, optics, but also states in quantum mechanics). The framework used also avoids overlapping or contradictory rules.