DHS buys information assurance
- By Dibya Sarkar
- Dec 26, 2004
Northrop Grumman and Q1 Labs, a network security company, have won a contract from the Homeland Security Department for a system that performs surveillance, analysis and mitigation of cyberattacks and other security violations. The cyberprotection system will use Q1 Labs' QRadar software.
Brendan Hannigan, Q1 Labs' executive vice president of marketing and product engineering, could not discuss that specific contract, but he said QRadar, which stands for Real-time Anomaly Detection and Resolution, collects cybersecurity information across an organization and feeds it into a centralized analytics engine.
The software identifies normal behaviors and detects deviations from them, Hannigan said. "It could be a very insidious low and slow scan coming from the other side," he said. "It could be a machine internally that has been infected with a worm. It could be a rogue server that has been set up in a portion of the network where it is a violation of policy."
To mitigate such threats, the system sends network and security administrators recommendations for countermeasures such as quarantining a PC within a particular subnetwork to keep a virus from spreading or shutting down an application that violates the organization's security policy.
The software is capable of blocking specific switches in a network infrastructure or stopping particular users from accessing the network, Hannigan said.
Northrop Grumman has a partnership agreement with Q1 Labs to resell the QRadar software.
A DHS spokesman did not have information about the contract and could not comment.