| Summary: |
In an information systems security perspective, tools for monitoring, detecting and mitigating vulnerabilities and identifying abnormal behaviors have been developed in a context of traditional monobloc architectures, presenting a relatively high level of maturity, with a variety of existing solutions in the market. Despite this, there are no "one size fits all" tools, requiring the development of specialized tools for the different layers of the application architectures, as well as the need for these tools to be customized for different usage scenarios.
When migrating the applications to a container-based micro-services architecture, there is a great loss with regard to the available tools and their maturity. This is due to the fact that the existing security tools, with evidence already provided in traditional architectures, are too complex and cumbersome, or do not apply or do not present the same results in a micro-service architecture. From an external point of view, the cyber threats that affect these companies are also constantly evolving.
Combining these factors, the risk that these companies face today is very real, so it is essential to find effective solutions to reduce this risk.
The objective of this project is thus to research and identify a system (or set of systems) that we designate by "ISS - Integrated Security System", composed by an architecture of safety frameworks for micro-services in containers, as well as metrics and tools that will allow us to achieve a high level of security in real environments and can be effectively deployed in cloud environments. |