Interface To Security Functions: An Overview And Comparison Of I2nsf And Openc2

Recent management paradigms for software-defined infrastructures bring more agility to the creation and operation of digital services, but also introduce new cyber-security issues due to fast-changing environments, dynamic topologies, and wider attack surfaces. Rigid and statically-configured architectures are no longer suitable for the detection of cyber-attacks in mixed cloud/6G/IoT environments, hence new frameworks must be designed that are more flexible and adaptable to become cognitive. A fundamental step in this direction is represented by the adoption of common interfaces to orchestrate heterogeneous and multi-vendor security functions in a homogeneous way. In this article, we consider two recent interfaces to security functions that are representative of different approaches and industrial domains, namely I2NSF and OpenC2. We briefly review the latest advances in their definition, provide a deep comparison, and outline major limitations and research challenges for concrete application scenarios. The main purpose of our work is to make an unbiased evaluation of the current status of these standards and to encourage researchers to actively contribute to the development of the standards by adopting them and proposing further extensions and refinements.