Information technology has grown rapidly in complexity, capability, and affordability, making IT one of the largest data generators within an organization.   This data must be parsed, related, consolidated, and evaluated to provide continuous monitoring and allow for the identification of potential threats; as the amount of data increases so do cost and labor to perform these activities.  This data is often initially designed to only inform but increasingly, via the growing adoption of artificial intelligence, to take action.  While the connected enterprise can leverage numerous tools that promote cyber resiliency, the closed, restricted networks of aerospace industry labs and platforms that must operate in remote environments (aka the “edge”) are constrained either technically or financially.  The networks, disconnected from the Internet and the global information grid, are essential to the operation of our critical infrastructure and national defense, but their disconnected nature does not remove the need for continuous monitoring and cyber resiliency.  This can lead to a false sense of security from both insider and external threats when the risk is falsely perceived as relatively low.  The need for continuous monitoring and cyber resiliency has led to the decrease in waivers in defense.  Critical infrastructure (CI [i.e., energy grid, supply chain, etc.]) is an active target for adversaries and threats within the homeland.  Cyber resiliency and continuous monitoring at the “edge” are essential to ensure that our services and capabilities are available where and when we need them.  The authors are applying their experience in tools, compliance, and threat hunting to enterprise-level CI and defense networks.  Our paper will present a literature survey of methods and limitations for deploying cyber resiliency to the edge.  It will describe our methods and contributions to provide edgeresiliency - for continuous monitoring and remediation of vulnerabilities to threats, both internal and external.

Keywords
CYBER, MACHINE LEARNING

Additional Keywords
Cybersecurity, Continuous Monitoring, Endpoint Monitoring