Technological platform for the implementation of the cybersecurity network concept ("Cybersecurity Mesh")

An analytical review of methods and modern means of countering computer attacks on distributed information infrastructure shows that one of the promising solutions to this problem is the practical implementation of the concept of "Cybersecurity Mesh" (cybersecurity networks"). It involves the application of such an approach that will eliminate specific threats associated with the actual "blurring" of the physical boundaries of the corporate information system by switching to point protection of any remote object. To provide the necessary functionality for such a reliable and secure connection of critical information infrastructure (CII) objects, it is proposed to use a single cloud platform combining several well-known and already used solutions as the technological basis of a cybersecurity network. These include: 5G standard mobile communications, Secure Access Border Service (SASE) and Advanced Detection and Response Service (XDR). This paper analyzes the features of these main elements of such a platform in relation to the implementation of the concept of a distributed CII cybersecurity network in terms of the implementation of its functionality. Further, the issues of the necessary software restructuring of the corporate segment of the Internet in the conditions of the impossibility of full control of its physical infrastructure are considered. Such a task is solved by creating an appropriate cyber level on top of the traditional Internet infrastructure, technologically implemented on the basis of its three main components: cyber control, cyber node and trust node. Functional requirements for these components are described in detail, as well as technological modular solutions for the transition to point protection of each CII object. The obtained results of the conducted research can become a methodological basis for the transition to the design stage of a specific corporate cybersecurity network after the mandatory feasibility study based on risk analysis, since the practical implementation of the analyzed proposals is a complex and expensive process, especially if the necessary restructuring of existing network security systems

Cybersecurity of the network perimeter of the critical information infrastructure object

The purpose of this paper is an analytical pre-project study of possible technological aspects of countering external computer attacks on critical network infrastructure. This will make it possible to specify the tasks for further resolving this problem in the aspect of developing the necessary software and hardware. The practical implementation of such tasks is an urgent and rather unconventional problem due to various factors of change in the classical concept of the network perimeter as a physical boundary of the information infrastructure, which becomes virtual and, therefore, requires the use of new approaches to the development of technical solutions. Based on statistical data on the number and quality of computer incidents, the study provides a justification for the relevance of the above problem, and gives an overview of widely used technical means for protecting the classic network perimeter, such as firewalls and systems for detecting attacks and intrusions. A comparative analysis of modern technological trends in their development, referred to in publications as «Threat Detection and Response», «Extended Detection and Response», is carried out. However, despite the powerful software and hardware functionality of these solutions, their common drawback is indicated as the lack of adequate counteraction to computer attacks with a remote mode of the user work. In this regard, the latest concept of virtual network perimeter protection, referred to by the authors as «Cybersecurity Mesh» («cybersecurity network»), is detailed. It is this methodology that seems to be the most promising for the development of appropriate technological solutions to ensure the cybersecurity of the perimeter of the critical information infrastructure. The paper might be useful to specialists working on the security of critical information infrastructure facilities, as well as to employees of educational classes in the implementation of appropriate training, retraining and advanced training programs for such specialists