DISA seeks input on insider threat tools
Eyes use DOD-wide
- By Bob Brewin
- Jun 02, 2006
The Defense Information Systems Agency (DISA) wants industry input on tools that could be used to counter insider threats to Defense Department information systems.
DISA said traditional efforts to secure networks have been focused on outside threats, but there is an equally damaging threat posed by insiders whose access to DOD network security systems would not normally detect such threats.
DISA, in a request for information (RFI) released June 1, said it is looking for an Insider Threat Focused Observation Tool that could be deployed on selected host machines throughout DOD which could be 'aggressive' in data gathering and analysis of inside threats.
DISA said the insider threat tools will enhance the network posture of DOD information systems.
The host machines would be installed at network end points and could be servers, desktops or laptops equipped with agent-based tools capable of monitoring insider network activity. Data collected by the tool would include user ID, type of computer and the kind of process ' e-mail, Web, office management tools, database access ' being run on monitored computers.
DISA said it wants tools that can then conduct user analysis on the collected data and warn of anomalies based on user profiles and behavior patterns.
DISA envisions that these host machines will be connected to a central manager that can handle up to 250 hosts at a time, with hosts located within an enclave, such as local area or base network.
The inside threat tools should also include a console, which is the central display and action point for collected user data and will provide the operator with real time insight into user activity, the RFI said.
DISA said it wants a tool capable of working with a wide range of operating systems including Windows 2000, Windows XP, Windows NT4, Solaris, UNIX and Linux.
Due date for response to the RFI is July 5.