One of the biggest challenges in network and application surveillance is how to deal with huge amount of sensor and scanning data generated from various devices, as more federal agencies and organizations are continuing expending their networks. The feed of the monitoring and scanning data often rely on the same network for delivery, so large amount of monitoring data could also cause network congestion if the surveillance tools and processes were not configured properly, especially for networks with limited capacity and bandwidth. In this SBIR research, D-Tech is proposing an innovative solution to address the data overflow problems between a CSIRT center and a network management node. We will leverage the latest cyber security standards, encoding/compression technologies, and industry best practices. We will investigate existing cybersecurity standards and data minimization technologies, and deliver an architecture design for a software tool called Security Content Transponder (SCT) for facilitating real-time security management and incident reporting, utilizing various data minimization techniques, and advanced data compression using the Efficient XML Interchange (EXI) standard. We will perform a comprehensive design of the SCT during base period, and implement a SCT prototype during option period as a proof of concepts for subsequent development in Phase II.
Keywords: Security Content Transponder, Security Content Transponder, Cybersecurity, Csirt, Vulnerability Assessment, Network Alert, Scap
