Detecting insider threats in virtual environments

NGA seeks insider threat detection tech for virtual networks

The National Geospatial Intelligence Agency is looking for information on how it can log activity from privileged users in an virtual environment to identify insider threats.  

The highly detailed, forensic-quality streaming of audit information that NGA is seeking addresses the gap that native VMware logs have, the agency said in a sources sought notice for what it calls Virtual Environment Insider Threat/Two Person Integrity/Two Stage Control and Encryption. The system NGA describes must record behavior of users and virtual administrators and alert if the behavior deviates from established controls.  The audit data must be human readable and exportable through the security information and event management tools used at NGA. 

NGA also wants audit information on attempted actions that are denied, so that it can correct accidental behavior and identify potential malicious behavior.  Risk-based control measures are also a big requirement in the notice, which requires monitoring and risk mitigation of system configuration and security controls to the virtual infrastructure as well as “two-person integrity” controls and role-based access systems for sensitive actions that may affect NGA’s information systems.

And as the intelligence community at large continues its move to cloud environments, NGA is requiring that potential partners encrypt NGA’s workload prior to moving into one of the community cloud offerings, as well as encrypt the workloads of organizations within NGA.  This will maintain data security and operational integrity. 

Additionally, tokens such as common access cards must be supported, which enables another layer of security when accessing government systems.   

Responses are due Oct. 23.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected