New computing paradigms are emerging in ICT that boost new design, deployment and operation patterns for digital services. The legacy monolithic design is already giving way to service-oriented architectures that combine together loosely-coupled microservices, often deployed and operated by different providers. This brings unprecedented agility in the creation, modification, and disposal of even complex digital services, but also results in unpredictable and partially unknown topologies, lack of visibility, vulnerable or weak links in the chain, and most of all the substantial powerlessness to perform quick remediation and mitigation actions in case something goes wrong. Following similar models to what already available for control and management interfaces, security capabilities must be natively embedded into digital components and made available through as-a-Service paradigms to allow the implementation of distributed and cross-domain cybersecurity monitoring, detection and enforcement processes.
The session “Building Detection and Analytics Pipelines for Digital Service Chains” hosted by the IoT Solutions World Congress and Industrial IoT Consortium on April 5th 2022, provided a brief overview of this evolutionary process, by reviewing different interfaces and models for cyber-security models for cyber-security capabilities and by describing how GUARD builds on this concept to assist security operators in the creation and management of analytics pipelines for digital service chains.
In the second part, a use case for the GUARD framework was presented in the smart mobility domain. The use case considers a fleet management service built for the city of Wolfsburg in Germany made of multiple digital services: an application, a cloud infrastructure, a backbone network, a LoRaWAN network, IoT and devices. The Use Case will show how security agents can be embedded in different digital services (cloud, LoRaWAN gateways, Kakfa brokers) and how their capabilities are orchestrated by the GUARD platform to define custom analytics pipelines at run-time to collect relevant data, events, and measurements from heterogeneous domains and infrastructures.