http://www.eweek.com/article2/0,3959,717180,00.asp By Dennis Fisher November 20, 2002 While many agencies are still licking their wounds from once again failing their annual information security test, the Department of Defense and the National Security Agency on Thursday will announce a new partnership that could go a long way toward shoring up the security of the government's networks. The new agreement is a joint research and development initiative with Lancope Inc., to build an advanced intrusion-detection appliance for use both inside the government and in the private sector. Code-named the Therminator, the appliance will incorporate Lancope's StealthWatch, behavior-based IDS system with a new data-reduction and visualization technology developed by the government. Perhaps indicating the government's current emphasis on information security, the organizations have set forth an aggressive development schedule and are hoping to deploy a prototype appliance within six months. A key component of the box is the visualization technology developed at the Naval War College by Dave Ford, special assistant to the Secure Network Technology Office at the NSA, in Fort Meade, Md. The technology uses some advanced math related to the temperature of matter to represent the incoming data flow on a network. The data flow is shown in a series of bar graphs plotted by time and colored to show anomalies. "It allows you to see the characteristics of a data stream. Events like Code Red cause visual changes in the color display," said John Copeland, co-founder and chief scientist at Lancope, based in Atlanta. "The main problem with all of this incoming data is there's so much of it, how do you reduce it to something that's usable?" The government's main goal with this initiative is to develop a technology that's capable of identifying and repelling attacks that don't adhere to known patterns or signatures. Conventional IDS systems rely on signature files, much like anti-virus products do, and are essentially blind to new attack techniques. Several top officials in the Bush administration have said repeatedly that they believe terrorists and hostile nations will soon begin using the Internet as a key attack platform, if they're not already doing so. "The DoD is expecting non-patterned attacks," Copeland said. "If they recognize that it's taking place, then they can use other tools to investigate what's happening. The military wants to be prepared." Lancope plans to integrate the Therminator's core technology into its commercial offerings at some point, as well. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 22 2002 - 02:09:16 PST