Automatic security reaction in a virtualized environment

In the realm of network security management, a significant shift is underway from manual systems to advanced automated methods. This transition, vital in the complex cybersecurity landscape, leads to quicker responses and reduced human error. Central to the study is the VEREFOO framework, a tool for automating the placement and configuration of packet filtering firewalls in virtualized networks. This is achieved by treating the challenge of firewall configuration as a MaxSMT problem. The research primarily focuses on developing a process capable of utilizing Intrusion Detection System alerts as real-time input for VEREFOO to dynamically combat cyber threats. A specialized parser processes these alerts, transforming them into Network Security Requirements in a format that VEREFOO can interpret. A key component in this process is the integration of the virtual network translator module within VEREFOO. This module interprets VEREFOO-generated Firewall Allocation Schemes and translates them into actionable files for initializing the virtual network. The research also includes integrating the React-VEREFOO module into the system. This integration allows the network to be reconfigured with minimal redundancy, preserving computational resources while maintaining efficiency. The culmination of this work is the development of the VEREFOO Log Integrator, which continuously monitors IDS logs. When an alert is detected, it coordinates with the previous components to update the network configuration effectively, addressing the identified threat.