Airlock Anomaly Shield runs alongside but asynchronously to Airlock Gateway Security Gate request processing.
The following drawing gives a simplified overview of the most important components and their function:
- Description:
- The Machine Learning Service of Airlock Anomaly Shield requires initial baseline training on user session metrics to detect session anomalies. The initial training data are looped from the Security Gate Service through the HotDB (1) into the ColdDB (2), where the session metrics are stored persistently.
- Once a sufficient number of user sessions has been collected in the ColdDB (2), the session metrics need to be trained on the Anomaly Shield Model Management page (3).
- After training, the derived Machine Learning Model Parameters (4) can be applied to the Machine Learning Models (5) of the Machine Learning Service.
- Note that the CLI tools can also be used for dry runs (9 in order to test the effectiveness of the trained Machine Learning Model Parameters (4).
- Once the Airlock Anomaly Shield has been enabled, the Security Gate Service sends session live data to the HotDB (1). New HotDB data are automatically being analyzed by the Machine Learning Service, based upon the trained Machine Learning Models (5).
- After computing, the resulting anomaly analysis of the live session data is fed back (6) to the Security Gate Service process through the HotDB (1).
- The Security Gate's Enforcement Logic (7) rules are strengthened by Airlock Anomaly Shield 's machine learning service for best application protection (8).