Milestone 1 - Research Questions

[neil-unomaha]

Research Questions

Palo Alto

• What is Palo Alto?
• Why is Palo Alto so popular?
  • Stateful inspection
    • Why is stateful inspection more appropriate than static filtering?
    • What lead to the emergence of stateful inspection?
    • Any data/research on limitations of stateful inspection?
• Limitations of Palo Alto
  • Sounds like it is both an IDS and IPS, but it is not an automated processes to convert threats within IDS to IPS.
  • Administrator needs to manually inspect the notifications, and those IPs that are deemed a threat are added to the firewall.

Potential research topics:

• emergence of static inspection firewalls
• emergence of “next gen” firewalls, or “stateful inspection” firewalls
• Data on the success of stateful inspection vs static firewalls

Collective Intelligence Framework

• What is a CIF?
• Emergence of CIF, history
• What are the components of a successful CIF
• How can a CIF be integrated into an agencies cyber security landscape?
• What are the limitations/boundaries of a CIF?
• How have other agencies integrated “Next Gen” firewalls with CIF?

Feature:

• By adding push/pull mechanics within CIF to the Palo Alto API, can further bridge the gap between IDS and IPS.