Building intelligence into security tools

Federal agencies and enterprises could have a more accurate profile of the applications and systems on their networks that need protection from cyberattacks by year's end when Sourcefire Inc. rolls out extensions to its intrusion-management system.

The company plans to unveil the Realtime Network Awareness (RNA) appliance, which can help information technology managers better understand what assets and services are vulnerable to attack and, as a result, could put the network at risk.

The appliance is designed to fix a flaw in traditional network-based intrusion-detection systems. Although designed to alert IT managers to suspicious activity on the network, such systems often "run without any context about the network they are protecting," said Martin Roesch, chief technology officer and founder of Columbia, Md.-based Sourcefire.

For instance, if an attack such as the Code Red computer worm is spreading to servers in an organization's network and servers are running the Linux operating system, then those servers are not as susceptible to the attack because the malicious code affects Microsoft Corp. Windows-based servers, Roesch said.

Unless an intrusion-detection system is aware of the system it is monitoring, it might generate false alarms about attacks or miss attacks altogether. RNA is geared to add another layer of intelligence to threat protection.

RNA "sniffs" or monitors the network like an intrusion-detection sensor, but it has a different mission, Roesch said. The appliance passively monitors — meaning in a nonintrusive manner — network traffic to detect network assets such as IP addresses, operating systems and versions, services and ports, as well as potential vulnerabilities. It also monitors for traffic pattern changes and security policy violations.

The Sourcefire Management Console then integrates information about network changes from RNA sensors and Sourcefire network sensors with the latest vulnerability information to determine if an attack poses a threat. IT operators can then accurately prioritize their response, Roesch said.

IT managers at the National Institutes of Health's Federal Credit Union plan to evaluate the appliance when it is ready for beta testing this summer.

RNA sounds like a good product that can help agencies address the problem of information overload generated by intrusion-detection systems, said Kirk Drake, vice president of technology at NIH's Federal Credit Union.

"If it can accurately detect systems and match vulnerabilities to systems, it will help [the agency] clean up [network] traffic," he said.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.