Architecture overview
Airlock Anomaly Shield runs alongside but asynchronously to Airlock Gateway Security Gate request processing.
The following drawing gives a simplified overview of the most important components and their function:
Description:
- The Machine Learning Service of Airlock Anomaly Shield requires request attributes to calculate session metrics. The request attributes are extracted by the Security Gate Service and stored in the HotDB (1). This requires that Training Data Collection is enabled.
- The Machine Learning Service uses the HotDB (1) information to create session aggregates and stores them persistently in the ColdDB (2).
- Model training (3) uses the ColdDB (2) information to train models (4). Enforcing the models will activate them in the Machine Learning Service (5).
- The CLI tools may be used for dry runs (9) to test the effectiveness of the trained Machine Learning Model Parameters (4).
- If Anomaly Detection is enabled, the Machine Learning Service will use the Machine Learning Models (5) to assess the session information from the HotDB (1). The results are stored (6) in the HotDB (1).
- The Enforcement Logic (7) uses the results (6) from the Machine Learning Models (5) and applies the Triggers and Rules configuration to determine if and which actions need to be executed.
- The Security Gate's Enforcement Logic (7) rules are strengthened by Airlock Anomaly Shield's machine learning service for best application protection (8).
Further information and links
- See Application detail page to learn how to configure Training Data Collection and Anomaly Detection.
- See Trigger and Pattern detail pageto learn how to configure Triggers.
- See Rule detail page to learn how to configure Rules.