Architecture overview

Description:

• The Machine Learning Service of Airlock Anomaly Shield requires request attributes to calculate session metrics. The request attributes are extracted by the Security Gate Service and stored in the HotDB (1). This requires that Training Data Collection is enabled.
• The Machine Learning Service uses the HotDB (1) information to create session aggregates and stores them persistently in the ColdDB (2).
• Model training (3) uses the ColdDB (2) information to train models (4). Enforcing the models will activate them in the Machine Learning Service (5).
• The CLI tools may be used for dry runs (9) to test the effectiveness of the trained Machine Learning Model Parameters (4).
• If Anomaly Detection is enabled, the Machine Learning Service will load the Machine Learning Models (5). The models will read session information from the HotDB (1) and write the evaluation results back to the HotDB (6a). Where applicable, the results are also used to update the IP Reputation DB (6b).
• The Enforcement Logic (7) reads this information (6a & 6b) from the Machine Learning Models (5) and applies the configured Triggers and Rules to determine if and which actions must be executed.
• The Security Gate's Enforcement Logic (7) rules are strengthened by Airlock Anomaly Shield's machine learning service for best application protection (8).

• See Application detail page to learn how to configure Training Data Collection and Anomaly Detection.
• See Trigger and Pattern detail pageto learn how to configure Triggers.
• See Rule detail page to learn how to configure Rules.