The Formosan Workflow Suite
The core of the Bear Platform revolves around a series of workflow engines that define distinct units of action. Bear is creating its VDM product to provide policy control tools that are being built to aid in what we call “actionable visualization”. This effort will start with the graphic display of device health data from the Kodiak and Koala clients – aggregated up via customer-created rules to reduce overall complexity. The goal of the visualization system is to provide a global overview of an enterprise that enables an administrator to quickly dive into a target subsystem and, as needed, specific devices. At each level, overall system health – device utilization, performance metrics, and configuration – will be provided along with user-defined alerts.
Of course simply viewing a group of devices is only half of the goal and the Formosan Suite is being built to enable direct actions on target problems. For example, if a given network of devices has an unwanted intruder, the policies of the other devices can set to exclude the unwanted device. If a primary device, say a valve, is not performing properly, policies can be changed to turn off the primary and turn on a secondary valve. The goal of this effort is to quickly identify and resolve problems at scale without manual intervention at the endpoints.
Even with the best visualization tools and response capabilities, the task of managing these systems at scale could prove to be too overwhelming if every alert has to be responded to individually. To that end, the Formosan Bear Suite is being built to enable custom workflows. A workflow is defined first by creating a type of device – akin to a group type in active directory – and then creating any number of actions based on that type. For each action, a series of custom steps can be created that determine how a given scenario should be handled – from simple steps such as send a text message to a given phone number to generating an audit trail to steps such as turning off the device.
These workflows enable best practices which empower less experienced people to manage more complex systems based on predefined decision trees. Instead of a monitoring system sending a text to a given number asking for a maintenance person to turn off a device, that device can be turned off/the data flow routed around said device through a change in the policies of the impacted devices within that local system. Once a pattern of responses has been created, administrators will be able to apply those patterns to any number of response scenarios.
The Formosan Suite is will eventually provide human-directed AI workflows. Current AI systems use pure machine learning algorithms but often lack human input to adjust their models. The Bear AI approach is to provide suggested action steps and to incorporate the response of the admin to customize the model for each organization and, where possible, to provide additional cross-company workflow model adjustments. These workflows will focus more of predictive analyses to anticipate possible threat vectors as well as potential compliance issues and device configuration problems found in similar device types.
Kodiak clients can use workflow commands to invoke resources on other Bear clients in order to apply grid computing principles to edge processing. In this way, data can be processed efficiently on the fly, and automated responses such as reconfiguration of corrupt devices, data flow optimizations, and intrusion responses can occur at the extremes of a system while still interacting with higher-level enterprise systems as needed. In this manner, Bear combined traditional and edge computing into one larger, distributed, workflow system.