GAO: Early look at fed’s 'Einstein 3' security weapon finds challenges

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/article/2946040/security0/gao-early-look-at-feds-einstein-3-security-weapon-finds-challenges.html

By Michael Cooney
Network World
July 9, 2015

When it comes to the government protecting all manner of state and 
personal information, the feds can use all the help it can get.

One of the most effective tools the government has is the National 
Cybersecurity Protection System (NCPS), known as “EINSTEIN.” In a nutshell 
EINSTEIN is a suite of technologies intended to detect and prevent 
malicious network traffic from entering and exiting federal civilian 
government networks.

The Government Accountability Office has been tracking EINSTEIN’s 
implementation since about 2010 and will later this year issue an update 
on the status of the system. But this week, it included some details of 
its report in an update on the state of federal security systems, and all 
is not well.

Preliminary EINSTEIN observations from the GAO:

•The Department of Homeland Security [which administers EINSTEIN] appears 
to have developed and deployed aspects of the intrusion detection and 
intrusion prevention capabilities, but potential weaknesses may limit 
their ability to detect and prevent computer intrusions. For example, NCPS 
detects signature anomalies using only one of three detection 
methodologies identified by NIST: signature-based, anomaly-based, and 
stateful protocol analysis. Further, the system has the ability to prevent 
intrusions, but is currently only able to proactively mitigate threats 
across a limited subset of network traffic (i.e., Domain Name System 
traffic and e-mail).

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/