Spyros, Arnolnt; Rantos, Konstantinos; Papanikolaou, Alexandros; Ilioudis, Christos
Organisations nowadays devote many resources in maintaining a robust security posture against emerging cyber-threats. This typically requires rapid response against newly identified or shared threat information so that appropriate countermeasures are immediately deployed to eliminate these threats or reduce the associated risks. For many shared indicators, like malicious IPs or URLs, such a response might only require minor modifications to the configuration of security appliances. Self-Healing systems are the mechanism that allows a system to discover any misconfigurations and apply the necessary corrections in an automated or semi-automated manner. This paper proposes such a mechanism that can be deployed within large organisations that either do not have the resources to devote in security and therefore automation is one of their main priorities, or they outsource their infrastructure’s protection. The use of such a mechanism can relax the increased need for human resources and can also reduce response times in confronting emerging threats. The architecture and the details of a reference implementation for local public administrations is also provided.