DISA looks to better manage database, security info
- By Brad Grimes, Dawn S. Onley
- Jun 01, 2005
'It's not clear that we're buying nearly as much security as it's costing us.'
'DISA's Richard Hale
The Defense Information Systems Agency, in separate efforts, is looking for software to boost database monitoring and the management of security information.
DISA's Computing Services division issued a request for information last month, seeking industry feedback on enterprise database monitoring software for both mainframe and distributed environments.
Current database monitoring processes at DISA Computing Services do not adhere to a consistent architecture, according to the RFI. The Database Monitoring project seeks a single integrated solution that can be accessed worldwide by Computing Services and its customers. DISA plans to replace department- wide manual or disparate automated systems.
'This inconsistency adversely impacts the cost of operations and maintenance, the ability for technical staff to receive timely and accurate information, and the ability of the technical staff to quickly and accurately respond to performance issues,' the RFI states.
The new system, which would provide access to performance data from multiple vendor databases, would serve as a master monitor for all existing DISA Computing Services databases.
DISA also is preparing to collect information from industry on security information management software.
The agency collects hundreds of terabytes of security-related data from its various firewalls, intrusion detection systems and other network defense mechanisms.
Richard Hale, DISA's executive for information assurance, said the agency is in the market for enterprise tools to sift through the data, organize it and use it to identify potential vulnerabilities in the Defense Department's networks.
Hale recently told industry representatives at TechNet International 2005 in Washington that DISA was preparing enterprisewide procurements for security information management software.
'Based on our experience, we think we can write a pretty good spec,' Hale said.
DISA has been using ArcSight Enterprise Security Manager from ArcSight Inc. of Cupertino, Calif., to analyze security information and help mitigate risk. ArcSight's other government customers include the IRS and the departments of Energy and Health and Human Services.
ArcSight's system collects thousands of security events per second from disparate infrastructure components. The ArcSight Manager collects the data, and can be set up to trigger alerts and perform other functions. The product is currently undergoing Common Criteria certification, according to the company.
Hale also said DISA would be on the lookout for products that can perform automated certification and accreditation of computer systems.
'A lot of the money spent in the security business is spent for certification and accreditation. That's our quality control process,' Hale said. 'It's very expensive and painful in DOD right now. And it's not clear that we're buying nearly as much security as it's costing us. So there's a movement there to perhaps procure some tools to do this more easily, maybe more effectively.'
The Defense Department is currently rewriting its instructions for performing certification and accreditation. Hale said that, depending on the outcome of that process, DISA could put out a request for information in fiscal 2006.