[ISN] DISA seeks input on insider threat tools
isn at c4i.org
Mon Jun 5 04:26:55 EDT 2006
By Bob Brewin
June 2, 2006
The Defense Information Systems Agency wants industry input on tools
that could counter insider threats to Defense Department information
DISA said traditional efforts to secure networks focus on outside
threats, but insiders pose an equally damaging threat. And they can
access DOD networks without detection by the security systems.
DISA, in a request for information released June 1 , said it is
looking for an insider threat focused observation tool that could be
deployed on selected host DOD machines to aggressively gather and
analyze data on inside threats.
DISA said the insider threat tools would enhance the network security
of DOD information systems.
The agency would install the host machines on network end points and
could be servers, desktop PCs or laptop PCs equipped with agent-based
tools that can monitor insider network activity. The tool would
collect data such as user IDs, computer type and the processes -
e-mail clients, Web browsers, office management tools, database access
- that monitored computers run.
DISA said it wants tools that can then conduct user analysis on the
collected data and warn of anomalies based on user profiles and
DISA envisions that the host machines would connect to a central
manager that can handle as many as 250 hosts at a time, with hosts
located within an enclave, such as local-area or base network.
The insider threat tools should also include a console, which is the
central display and action point for collected user data and will
provide the operator with real-time insight into user activity, the
DISA said it wants a tool capable of working with a wide range of
operating systems including Microsoft Windows 2000, Windows XP,
Windows NT4, Sun Microsystems Solaris, Unix and Linux.
The due date for RFI responses is July 5.
More information about the ISN