Adaptive monitoring, detection, and response for agile digital service chains Author links open overlay panel

Modern business is increasingly adopting fully-digital workflows composed of complementary services (in terms of infrastructures, software, networks, data and devices) from different domains, hence giving rise to complex and heterogeneous digital chains. The substantial fragmentation in service operation and ownership between these domains impacts cybersecurity operations, by hindering a coherent and cooperative defense strategy for the entire chain. As a result, this situation gives attackers more opportunity to move laterally within the chain once they have found and compromised the weakest link. A ground-breaking evolution of legacy cybersecurity processes is necessary towards collaborative and adaptive models that fit the dynamic, agile, and heterogeneous nature of federated environments. In this paper, we elaborate on the necessary convergence between complementary workflows for response, analysis, and intelligence, by considering the peculiarity of these operations and the relevant threat scenario. Our analysis points out the main research challenges to fill the existing gap between management and protection practice for digital service chains. Moreover, we outline a reference architecture that combines such workflows. The objective is to foster researchers to broaden the scope of their work, in order to address open security issues for modern business and computing paradigms.