Homeland Security Makes Cybersecurity A Managed Service - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Homeland Security Makes Cybersecurity A Managed Service

Einstein 3 intrusion prevention system analyzes traffic to and from executive-branch agencies to block threats at the ISP level.

The Department of Homeland Security's Einstein 3 intrusion prevention system, launched last summer, raised the bar for security technology capable of operating at carrier-grade network levels, rather than just within the enterprise.

Einstein is a managed security service delivered through Internet service providers that serve executive-branch civilian agencies. Through a public-private collaboration, DHS provides custom signatures to federal agencies' ISPs to block malicious traffic, both incoming and outgoing.

Moving analysis of government Internet traffic to ISPs for security purposes was controversial when Einstein 1 was deployed in 2004, but it was merely an early step in what Tim Sullivan, CEO of security firm nPulse Technologies, said is the inevitable move of cybersecurity to a managed service.

"It's all going to move to the cloud," Sullivan said. The ability to centralize data analysis and other security resources is necessary in a threat environment that is increasingly complex and fast-moving, he said. "The reality is, malware will penetrate perimeter defenses," and incident response cannot afford to be constrained by local availability of tools and manpower.

[Advanced security measures don't address responses if breaches occur. Read Feds Get Mixed Report Card On Data Breaches.]

The result is that security technology has to operate on carrier grade, or large scale, networks, with a high level of availability at multi-gigabit speeds. The latest release of nPulse's Capture Probe eXtreme (CPX), a high-speed packet-capture appliance that operates at a full duplex rate of 20 Gbps, is being used by ISPs to support Einstein 3 with high-speed searching and session reassembly and analysis.

DHS's Privacy Impact Statement says, "under the direction of DHS, ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian executive branch agency networks," or .gov traffic.

Initially deployed in 2004, Einstein 1 analyzed network flow records. In 2008, Einstein 2 added passive intrusion detection technology using custom signatures from federal networks to detect and report malicious traffic. The third iteration adds intrusion prevention capabilities, enabling ISPs, under the direction of DHS, to block threats. Einstein 3 began operating within DHS last July, and other departments began using the managed service throughout the summer, as ISPs were ready to offer it.

ISPs providing intrusion prevention services must segregate .gov traffic on their networks for analysis. For blocking traffic, ISPs will use domain name service (DNS) sinkholing to keep outgoing .gov traffic from communication with known or suspected bad domains by redirecting traffic to safe, sinkhole servers. Email filtering will scan incoming messages addressed to .gov networks, looking for malicious attachments, URLs, and other malicious content. Infected emails can be quarantined or redirected for further inspection and analysis by DHS.

The ability to inspect and analyze suspected malware requires high-speed capture and search capabilities, which is provided by nPulse's CPX 4.0. A fully saturated 10-Gbp/s link, (although no carrier operates at full saturation) would produce 200 terabytes of data in 24 hours. Searching this amount of captured data would take a little more than 8 minutes with the tool.

CPX was not developed for Einstein, Sullivan said, but reflects the growing requirement for carrier-grade security, both in and out of government.

William Jackson is a technology writer based in Washington, D.C., who specializes in telecommunications, networking, and cybersecurity in the public sector.

Mobile, the cloud, and BYOD blur the lines between work and home, forcing IT to envision a new identity and access management strategy. Also in the The Future Of Identity issue of InformationWeek: Threats to smart grids are far worse than generally believed, but tools and resources are available to protect them (free registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/27/2014 | 11:29:15 PM
Re: Background
Thank you for sharing such a powerful website regarding Einstein from a Federal governement standpoint.  The website gave me a more complexed understanding of the Itrusion Detection that the Einstein system targets. 
User Rank: Apprentice
1/27/2014 | 11:23:20 PM
Re: Mobile Decies, CLoud, and BOYD
Technology has true increased the ability to work faster than ever, but it has also caused a nightmare for Security and IT specialists.  These professionals must create new ways to stay one step ahead of the Hackers and their plans to break or compromise various security systems.
User Rank: Author
1/23/2014 | 8:47:32 PM
For those looking for more information on why Einstein was created and what data it collects and analyzes, here's a good reference doc:



10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll