Building intelligence into security tools

Federal agencies and enterprises could have a more accurate profile of the applications and systems on their networks that need protection from cyberattacks by year's end when Sourcefire Inc. rolls out extensions to its intrusion-management system.

The company plans to unveil the Realtime Network Awareness (RNA) appliance, which can help information technology managers better understand what assets and services are vulnerable to attack and, as a result, could put the network at risk.

The appliance is designed to fix a flaw in traditional network-based intrusion-detection systems. Although designed to alert IT managers to suspicious activity on the network, such systems often "run without any context about the network they are protecting," said Martin Roesch, chief technology officer and founder of Columbia, Md.-based Sourcefire.

For instance, if an attack such as the Code Red computer worm is spreading to servers in an organization's network and servers are running the Linux operating system, then those servers are not as susceptible to the attack because the malicious code affects Microsoft Corp. Windows-based servers, Roesch said.

Unless an intrusion-detection system is aware of the system it is monitoring, it might generate false alarms about attacks or miss attacks altogether. RNA is geared to add another layer of intelligence to threat protection.

RNA "sniffs" or monitors the network like an intrusion-detection sensor, but it has a different mission, Roesch said. The appliance passively monitors — meaning in a nonintrusive manner — network traffic to detect network assets such as IP addresses, operating systems and versions, services and ports, as well as potential vulnerabilities. It also monitors for traffic pattern changes and security policy violations.

The Sourcefire Management Console then integrates information about network changes from RNA sensors and Sourcefire network sensors with the latest vulnerability information to determine if an attack poses a threat. IT operators can then accurately prioritize their response, Roesch said.

IT managers at the National Institutes of Health's Federal Credit Union plan to evaluate the appliance when it is ready for beta testing this summer.

RNA sounds like a good product that can help agencies address the problem of information overload generated by intrusion-detection systems, said Kirk Drake, vice president of technology at NIH's Federal Credit Union.

"If it can accurately detect systems and match vulnerabilities to systems, it will help [the agency] clean up [network] traffic," he said.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.