Cybersecurity

Sandia supercharges the honeypot

secure network (vs148/Shutterstock.com) 

Sandia National Laboratory is working with Splunk to sharpen its virtual cybersecurity sandbox environment and evaluate how it might be used in both the federal government and industry to blunt attacks.

HADES -- short for High-Fidelity Adaptive Deception & Emulation System -- is a supercharged "honeypot" system that attracts would-be cyber attackers by creating an entire virtual environment and tricks the intruders into sticking around so their actions can be monitored. The project won a 2018 Government Innovation Award.

Sandia, a National Nuclear Security Administration research and development lab, develops, engineers and tests non-nuclear parts of nuclear weapons. The lab's IT infrastructure is a magnet for cyber bad actors. The lab has been working with Splunk's Enterprise system to widen and deepen the program's ecosystem, said Vincent Urias, distinguished member of the technical staff at Sandia.

HADES is ultimately aimed at "changing the conversation with the adversary," Urias told FCW. That shift is particularly important as threat information is being commoditized by security companies that crunch their own threat intelligence, he said. The system offers the ability to develop unique streams of threat intelligence by observing actual attackers and developing responses at machine speed.

Current cybersecurity practices, such as post-attack forensics and assuming compromise "are not the entire story" for federal and industry IT security managers, he said. HADES can fill in details in the here and now, such as what tools are being used, what time the attack infiltrated the network, where it got in and other details that can be hard to pin down afterwards.

First deployed in 2017, HADES has grown to develop better and better data analytic capabilities, Urias said. "The hopes are to help cross-sectional .gov and commercial networks."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.