http://www.fcw.com/fcw/articles/2002/1209/web-nsa-12-13-02.asp

By Dan Caterinicchia
Dec. 13, 2002

To create better protection for the nation's computer networks, the
National Security Agency and the Defense Department have signed an
agreement with Lancope Inc. to build Therminator, an advanced
information security tool.

Therminator will produce a graphical representation of network traffic
that allows information security workers and network administrators to
recognize the impact of cyberattacks in real time.

This data will help government agencies and private businesses provide
more proactive protection of sensitive and classified data, said John
Copeland, Lancope's founder and chairman.

One of Therminator's main components is Lancope's flagship product,
StealthWatch, a behavior-based intrusion detection system that
features:

* Intelligent alarming.

* Network surveillance.

* Gigabit operating speeds.

* Recognition of unknown threats.

* A forensic trail of network activity.

"The Therminator technology has many fathers, but none of them want
anything more than to see it in place in time to mitigate a
nation-scale cyberattack, when and if one should occur," Copeland
said. "There is pressure to move quickly because of the uncertainty
over how much time is left before it's needed."

Army Maj. Gen. James Bryan, commander of the Joint Task Force for
Computer Network Operations (JTF-CNO), agreed and said threats to
computerized networks are growing and script-based intrusion detection
systems are effective and will continue to be used, but "the problem
is that we must also expect the threat to know this and to do the
unexpected."

"We must carefully script our systems to look for the unexpected
because [our enemies] are going to camouflage their malicious activity
as otherwise normal activity," Bryan said. "Therminator is one very
promising approach to this challenge."

The JTF-CNO is in charge of defending all DOD networks from attack and
also can initiate cyberattacks when instructed by the president or
Defense secretary.

Therminator will integrate StealthWatch's high-speed data flow
architecture with NSA and DOD's data reduction and data visualization
technology, Copeland said.

Therminator technology watches the data stream and illustrates
categories of data as colored bars that are proportional in height to
the quantity of data at a given time. The process is repeated to form
a stacked bar graph that moves across a computer screen to show
current and past data traffic composition. The tool then goes one step
further to represent the many possible states of a data stream by
selected variables, and those parameters are displayed on a
multicolored stacked bar chart.

"Currently, StealthWatch already stores available local information on
the attacking host, Copeland said. "Since IP addresses can be spoofed,
actual 'tracking down' requires investigating log information from
routers and switches along the path of the attack. Once StealthWatch
is combined with the Therminator technology, an attack would be seen
all along its path throughout the network."

The technology transfer licensing and cooperative research and
development agreement was signed Nov. 12, and all three stakeholders
are making investments in the project in terms of time and resources.
Financial terms were not disclosed. The project is under way and the
government and vendor project teams are meeting this week at Lancope's
Alpharetta, Ga., headquarters to map out the Therminator development
schedule.

The tool is expected to be ready in about six months, and Lancope will
offer the Therminator technology as part of its commercial product
line.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]