The first line of defence against any pathogens is the surface barrier. This barrier functions as a means to destroy any pathogen before it infiltrates the system. However the surface barrier is a very crude tool - anything that comes from the outside is considered hostile and must therefore be destroyed. This perfectly reflects the idea behind the first security measures, that utilize the general strategy of "Deny all that has not been allowed explicitly". This class of solutions includes all access control tools, perimeter defense tools (i.e. firewalls), connected devices control solutions and so forth.

Innate immune system operates on the inside and is purposed to counter the pathogens that succeded in penetrating the surface barrier. This immune system operates several signature databases: it has a general idea of what a pathogen 'looks' like (a blacklist that contains certain properties) and it also knows how to detect cells that belong to the body (a whiltelist). In the security world this role is taken by various signature-based detection and malicious activity response tools, such as: SIEM, IDS/IPS and antivirus solutions. CL DATAPK belongs to this class as well.

The final line of defense is the adaptive immune system - the most complex and the least explored, however the most powerful immune system, that is developed by the body throughout its life course. It is able to detect a previously unknown pathogen that has succeded in breaking in and has not been recognized as hostile and neutralized by the innate immune system. Two special cell types are required to detect such pathogen: M-cells - rapid response antibodies, that deliver a fast though somewhat innacurate and therefore inefficient immune response; and T-cells - specialized antibodies that act with a superior precision, as compared to M-cells, however their genesis requires a time period, that is used by the body to 'study' the pathogen. This approach is actively used in contemporary security solutions. A typical 'Security M-cells' are tools designed to detect non-specific changes in the protected system (anomaly detectors) - NTA, NAD, EDR and others. 'Security T-cell' solutions are far more advanced and capable of studying the protected system in order to create a model of the system operation that can be used to detect inconsistencies between the modeled and observed system operation. This solution class includes various behaviour analysis tools: UEBA, Industrial Behaviour Analytics and others. CyberLympha's innovative CL Thymus is a great example of this kind, providing the most accurate and precise malicious activity detection for industrial control applications.