Detecting insider threats in virtual environments

NGA seeks insider threat detection tech for virtual networks

The National Geospatial Intelligence Agency is looking for information on how it can log activity from privileged users in an virtual environment to identify insider threats.  

The highly detailed, forensic-quality streaming of audit information that NGA is seeking addresses the gap that native VMware logs have, the agency said in a sources sought notice for what it calls Virtual Environment Insider Threat/Two Person Integrity/Two Stage Control and Encryption. The system NGA describes must record behavior of users and virtual administrators and alert if the behavior deviates from established controls.  The audit data must be human readable and exportable through the security information and event management tools used at NGA. 

NGA also wants audit information on attempted actions that are denied, so that it can correct accidental behavior and identify potential malicious behavior.  Risk-based control measures are also a big requirement in the notice, which requires monitoring and risk mitigation of system configuration and security controls to the virtual infrastructure as well as “two-person integrity” controls and role-based access systems for sensitive actions that may affect NGA’s information systems.

And as the intelligence community at large continues its move to cloud environments, NGA is requiring that potential partners encrypt NGA’s workload prior to moving into one of the community cloud offerings, as well as encrypt the workloads of organizations within NGA.  This will maintain data security and operational integrity. 

Additionally, tokens such as common access cards must be supported, which enables another layer of security when accessing government systems.   

Responses are due Oct. 23.

Featured

  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected