Security Gate enforcement logic

The enforcement logic configuration of the Security Gate process is part of the Airlock Anomaly Shield configuration. The Airlock Anomaly Shied machine learning service (ML-Service) is the active part in the computation of anomaly indicator values – the machine learning output. The Security Gate process needs to be configured to use this output to determine if and what actions are to be applied.

Session-based anomaly detection processes individual sessions.
Virtual-session-based anomaly detection aggregates and computes incoming traffic from one IP address instead of a specific session.

Description:

Calculated session anomaly indicator values are compared to the configured anomaly indicator thresholds.
The resulting anomaly indicator pattern is applied against the configured Triggers.
If a Trigger matches, the corresponding Rules are processed, and the configured actions are executed.
This determines which actions are to be executed.
Configured exceptions are applied to the actions and may prevent actions from being executed. This may be useful to protect e.g. an internal monitoring system from being blocked by the Airlock Anomaly Shield.
The Security Gate enforces the decisions of the Airlock Anomaly Shield about the anomaly state of a session for each request in the session.

Notice

Enforcement is part of regular request processing in the Security Gate. The enforcement logic always uses the most recent available session anomaly indicator values to avoid latency issues.