Government // Cybersecurity
News
1/23/2014
12:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Homeland Security Makes Cybersecurity A Managed Service

Einstein 3 intrusion prevention system analyzes traffic to and from executive-branch agencies to block threats at the ISP level.

The Department of Homeland Security's Einstein 3 intrusion prevention system, launched last summer, raised the bar for security technology capable of operating at carrier-grade network levels, rather than just within the enterprise.

Einstein is a managed security service delivered through Internet service providers that serve executive-branch civilian agencies. Through a public-private collaboration, DHS provides custom signatures to federal agencies' ISPs to block malicious traffic, both incoming and outgoing.

Moving analysis of government Internet traffic to ISPs for security purposes was controversial when Einstein 1 was deployed in 2004, but it was merely an early step in what Tim Sullivan, CEO of security firm nPulse Technologies, said is the inevitable move of cybersecurity to a managed service.

"It's all going to move to the cloud," Sullivan said. The ability to centralize data analysis and other security resources is necessary in a threat environment that is increasingly complex and fast-moving, he said. "The reality is, malware will penetrate perimeter defenses," and incident response cannot afford to be constrained by local availability of tools and manpower.

[Advanced security measures don't address responses if breaches occur. Read Feds Get Mixed Report Card On Data Breaches.]

The result is that security technology has to operate on carrier grade, or large scale, networks, with a high level of availability at multi-gigabit speeds. The latest release of nPulse's Capture Probe eXtreme (CPX), a high-speed packet-capture appliance that operates at a full duplex rate of 20 Gbps, is being used by ISPs to support Einstein 3 with high-speed searching and session reassembly and analysis.

DHS's Privacy Impact Statement says, "under the direction of DHS, ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian executive branch agency networks," or .gov traffic.

Initially deployed in 2004, Einstein 1 analyzed network flow records. In 2008, Einstein 2 added passive intrusion detection technology using custom signatures from federal networks to detect and report malicious traffic. The third iteration adds intrusion prevention capabilities, enabling ISPs, under the direction of DHS, to block threats. Einstein 3 began operating within DHS last July, and other departments began using the managed service throughout the summer, as ISPs were ready to offer it.

ISPs providing intrusion prevention services must segregate .gov traffic on their networks for analysis. For blocking traffic, ISPs will use domain name service (DNS) sinkholing to keep outgoing .gov traffic from communication with known or suspected bad domains by redirecting traffic to safe, sinkhole servers. Email filtering will scan incoming messages addressed to .gov networks, looking for malicious attachments, URLs, and other malicious content. Infected emails can be quarantined or redirected for further inspection and analysis by DHS.

The ability to inspect and analyze suspected malware requires high-speed capture and search capabilities, which is provided by nPulse's CPX 4.0. A fully saturated 10-Gbp/s link, (although no carrier operates at full saturation) would produce 200 terabytes of data in 24 hours. Searching this amount of captured data would take a little more than 8 minutes with the tool.

CPX was not developed for Einstein, Sullivan said, but reflects the growing requirement for carrier-grade security, both in and out of government.

William Jackson is a technology writer based in Washington, D.C., who specializes in telecommunications, networking, and cybersecurity in the public sector.

Mobile, the cloud, and BYOD blur the lines between work and home, forcing IT to envision a new identity and access management strategy. Also in the The Future Of Identity issue of InformationWeek: Threats to smart grids are far worse than generally believed, but tools and resources are available to protect them (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
norris1231
50%
50%
norris1231,
User Rank: Apprentice
1/27/2014 | 11:29:15 PM
Re: Background
Thank you for sharing such a powerful website regarding Einstein from a Federal governement standpoint.  The website gave me a more complexed understanding of the Itrusion Detection that the Einstein system targets. 
norris1231
50%
50%
norris1231,
User Rank: Apprentice
1/27/2014 | 11:23:20 PM
Re: Mobile Decies, CLoud, and BOYD
Technology has true increased the ability to work faster than ever, but it has also caused a nightmare for Security and IT specialists.  These professionals must create new ways to stay one step ahead of the Hackers and their plans to break or compromise various security systems.
WKash
100%
0%
WKash,
User Rank: Author
1/23/2014 | 8:47:32 PM
Background
For those looking for more information on why Einstein was created and what data it collects and analyzes, here's a good reference doc:

http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_einstein2.pdf

 

 
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.