JBISoft: Engineering solutions for the 21st century.

Cyberwar Analyst Response Director


The Cyberwar Analyst Response Director (CARD) defines a new operational concept in assimilating and evaluating Intrusion Detection Sensor (IDS) events, reducing false-positives, identifying and categorizing incident types, establishing special expert teams to review unusual events, recommending appropriate Courses of Actions (COA), and documenting and archiving results.

CARD Desktop

Features

  • Assimilate IDS events from multiple vendor-unique IDSs, normalize the event data, and store results in a data base of choosing.
  • Apply IDS events to a rule-based engine to minimize false positives and duplicates.
  • Evaluate IDS events with a neural engine to determine "best estimate" recommendations regarding validity of positives.
  • After event reduction, determine which ones are most likely valid intrusion incidents.
  • Determine intrusion incident type, recommend "top three" most likely response courses of action (COA), and allow Cyber Warrior to select the most appropriate COA.
  • Publish the selected COA and verify implementation.
  • If COA is unknown, invoke a team of known Subject Matter Experts to analyze the data and determine a new COA.
  • If desired, automatically establish a virtual collaborative workspace.
  • After the COA is validated, link it to an incident type for application to similar, future incident occurrences.
  • Automatically generate DOD-6510 and other incident reports.
  • Portal style web access with analyst and command views from the same set of underlying data.
  • API access to events, incidents, and COAs for forensics.
  • Extensible architecture.

CARD Framework