[ISN] DISA seeks input on insider threat tools

InfoSec News isn at c4i.org
Mon Jun 5 04:26:55 EDT 2006


By Bob Brewin
June 2, 2006 

The Defense Information Systems Agency wants industry input on tools 
that could counter insider threats to Defense Department information 

DISA said traditional efforts to secure networks focus on outside 
threats, but insiders pose an equally damaging threat. And they can 
access DOD networks without detection by the security systems.

DISA, in a request for information released June 1 [1], said it is
looking for an insider threat focused observation tool that could be
deployed on selected host DOD machines to aggressively gather and
analyze data on inside threats.

DISA said the insider threat tools would enhance the network security 
of DOD information systems. 

The agency would install the host machines on network end points and 
could be servers, desktop PCs or laptop PCs equipped with agent-based 
tools that can monitor insider network activity. The tool would 
collect data such as user IDs, computer type and the processes - 
e-mail clients, Web browsers, office management tools, database access 
- that monitored computers run.

DISA said it wants tools that can then conduct user analysis on the 
collected data and warn of anomalies based on user profiles and 
behavior patterns.

DISA envisions that the host machines would connect to a central 
manager that can handle as many as 250 hosts at a time, with hosts 
located within an enclave, such as local-area or base network. 

The insider threat tools should also include a console, which is the 
central display and action point for collected user data and will 
provide the operator with real-time insight into user activity, the 
RFI states. 

DISA said it wants a tool capable of working with a wide range of 
operating systems including Microsoft Windows 2000, Windows XP, 
Windows NT4, Sun Microsystems Solaris, Unix and Linux.

The due date for RFI responses is July 5.

[1] http://www.fbo.gov/spg/DISA/D4AD/DITCO/RFI418/listing.html

More information about the ISN mailing list