[ISN] Therminator to watch for cyberattacks

From: InfoSec News (isnat_private)
Date: Fri Dec 13 2002 - 02:53:18 PST

  • Next message: InfoSec News: "[ISN] New Language Assesses Software Flaws"

    By Dan Caterinicchia 
    Dec. 13, 2002
    To create better protection for the nation's computer networks, the 
    National Security Agency and the Defense Department have signed an 
    agreement with Lancope Inc. to build Therminator, an advanced 
    information security tool. 
    Therminator will produce a graphical representation of network traffic 
    that allows information security workers and network administrators to 
    recognize the impact of cyberattacks in real time.
    This data will help government agencies and private businesses provide 
    more proactive protection of sensitive and classified data, said John 
    Copeland, Lancope's founder and chairman. 
    One of Therminator's main components is Lancope's flagship product, 
    StealthWatch, a behavior-based intrusion detection system that 
    * Intelligent alarming.
    * Network surveillance.
    * Gigabit operating speeds.
    * Recognition of unknown threats.
    * A forensic trail of network activity. 
    "The Therminator technology has many fathers, but none of them want 
    anything more than to see it in place in time to mitigate a 
    nation-scale cyberattack, when and if one should occur," Copeland 
    said. "There is pressure to move quickly because of the uncertainty 
    over how much time is left before it's needed."
    Army Maj. Gen. James Bryan, commander of the Joint Task Force for 
    Computer Network Operations (JTF-CNO), agreed and said threats to 
    computerized networks are growing and script-based intrusion detection 
    systems are effective and will continue to be used, but "the problem 
    is that we must also expect the threat to know this and to do the 
    "We must carefully script our systems to look for the unexpected 
    because [our enemies] are going to camouflage their malicious activity 
    as otherwise normal activity," Bryan said. "Therminator is one very 
    promising approach to this challenge." 
    The JTF-CNO is in charge of defending all DOD networks from attack and 
    also can initiate cyberattacks when instructed by the president or 
    Defense secretary.
    Therminator will integrate StealthWatch's high-speed data flow 
    architecture with NSA and DOD's data reduction and data visualization 
    technology, Copeland said.
    Therminator technology watches the data stream and illustrates 
    categories of data as colored bars that are proportional in height to 
    the quantity of data at a given time. The process is repeated to form 
    a stacked bar graph that moves across a computer screen to show 
    current and past data traffic composition. The tool then goes one step 
    further to represent the many possible states of a data stream by 
    selected variables, and those parameters are displayed on a 
    multicolored stacked bar chart.
    "Currently, StealthWatch already stores available local information on 
    the attacking host, Copeland said. "Since IP addresses can be spoofed, 
    actual 'tracking down' requires investigating log information from 
    routers and switches along the path of the attack. Once StealthWatch 
    is combined with the Therminator technology, an attack would be seen 
    all along its path throughout the network."
    The technology transfer licensing and cooperative research and 
    development agreement was signed Nov. 12, and all three stakeholders 
    are making investments in the project in terms of time and resources. 
    Financial terms were not disclosed. The project is under way and the 
    government and vendor project teams are meeting this week at Lancope's 
    Alpharetta, Ga., headquarters to map out the Therminator development 
    The tool is expected to be ready in about six months, and Lancope will 
    offer the Therminator technology as part of its commercial product 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 05:22:14 PST