Dynamic Multi-Method Allocation for Intent-based Security Orchestration

In today's dynamic cybersecurity landscape, static and deterministic services orchestration which does not consider security as part of the orchestration process are proving insufficient against the evolving threat landscape. Security must be an intrinsic part of the orchestration processes. In this regard, this paper introduces an innovative paradigm shift: Intent & AI-based Optimized Security Orchestration. On the one hand, leveraging the capabilities of an Intent-based solution, this approach enables proactive and reactive threat mitigation in next generation heterogenous environments of the computing continuum, abstracting and homogenizing the complexity of underlying technologies. On the other hand, leveraging the capabilities of a dynamic allocation approach that applies different techniques for selecting the most suitable enforcement point (hardware/software) as well as the most suitable allocation for deploying/configuring them, always considering security properties during decision stages. Thus, the solution allows organizations adaptively optimizing resource allocation considering intent-based security requirements. The implementation considers different algorithms to perform the allocation decision depending on a variety of parameters. The performance has been also provided for validating the proposed solution. The results show that combining the security orchestrator with a Dynamic Allocation Engine improves the efficiency of decision making due to the ability to dynamically choose which algorithm is the most appropriate to solve the assignment problem in the best possible way and in the shortest possible time.