The CGS™ management capabilities are delivered by an integrated suite of technical capabilities:
Security Model Engine
The CGS™ Security Model Engine provides the definition of the security strategy and all related components and relationships such as
Its design ensures that security knowledge can be re-used and leveraged across the enterprise from one single picture of truth. Common security definitions are provided out of the box and can be configured and extended on the fly to represent the client environment accurately. This significantly reduces implementation time and increases flexibility. The model's design allows for elements to be incrementally deployed, lowering implementation risk, controlling cost and delivering value sooner.
The Security Model Engine makes all model components visible and interactive through an intuitive Graphical User Interface. It provides users with context-based decision support based on comprehensive security information through their individual role-based cockpits. The cockpits have embedded analytical capabilities and tasking mechanisms, which support PDCA (Plan-Do-Check-Act) and OODA loop (Observe-Orient-Decide-Act) decision support methodologies.
Like the Security Model Engine, the Data Engine is an object-oriented data model that enables all security data to be captured, stored and referenced with all relevant relationships. This enables security teams to see the correlation between any objects to provide full context for analysis and decisions. The data engine continuously monitors and alerts for security conditions and trending data with rules based on a business context.
The Data Engine encompasses all data management and analytical capabilities. Its analytical stack provides full BI, data mining and On-Line Analytical Processing (OLAP) capabilities. Where normally these tools need programming, this work is taken over by the Security Model Engine. Changes in the Security Model Engine are directly and automatically translated to the Data Engine. This allows security domain experts to make relevant changes independently of IT so that security and business needs can be addressed quickly.
An API layer (SOAP and REST) enables common sources of security data to be ingested using standard integration protocols. High performance solutions that leverage Microsoft Parallel Data Warehousing and Big Data Analytics are implemented to meet high data volume and velocity requirements. Specialist Big Data capabilities are also available depending on client requirements.
The Execution Engine provides a scalable and flexible workflow engine that supports business process execution within the security environment. It is fully integrated with the Security Model Engine and the Data Engine so that process-related data can be shared seamlessly across the models and presented in context to users. This provides unique insights and analysis into how processes are driving the delivery of security posture. The process engine accommodates rapid changes in response to changing priorities and security conditions.
The Execution Engine also supports task and data transaction automation within the model:
- Coordination of internal management tasks - such as creation of task lists
- Configuration of management parameters in response to user inputs – such as target setting and risk rating
- Automated data integration and loading tasks, including the automated population of the Data Model based on analytical or user inputs
- Automated management of the Security Model based on business rules and source data continually synchronizes the model with the real world.
- Service integration and event flows to support real-time information