Definition

EINSTEIN

EINSTEIN is an intrusion detection system (IDS) for monitoring and analyzing Internet traffic as it moves in and out of United States federal government networks. EINSTEIN filters packets at the gateway and reports anomalies to the United States Computer Emergency Readiness Team (US-CERT) at the Department of Homeland Security.

EINSTEIN provides the federal government with a cohesive view of Internet threats and a centralized point of authority for dealing with potential threats. A key component of EINSTEIN's success will be completion of the Trusted Internet Connection (TIC) initiative. TIC seeks to reduce the number of gateways to a manageable number and use EINSTEIN to monitor traffic flow.

The second iteration of EINSTEIN includes automatic alerts to US-CERT when activity matching predetermined patterns is detected. According to US-CERT, the patterns, which are called signatures, are not typically included in commercially available databases of known attack signatures, but are developed by US-CERT.

Einstein 3, which is now being tested in a pilot program, automatically detects and responds to cyber threats "before harm is done." EINSTEIN 3 has supplemental signatures developed by the National Security Agency (NSA) and uses real-time deep packet inspection (DPI). In addition to notifying US-CERT when a network intrustion is attempted, EINSTEIN 3 will also alert the agencies.

According to an audit released in March 2010 by the Government Accountability Office (GAO), implementation of EINSTEIN has been slow, even though it is mandated by the Department of Homeland Security. The audit found the Department of Homeland Security partly at fault for the delay and has recommended the agency take the following actions:

1. Establish milestones for agencies to submit the required Einstein service level agreements (SLAs).

2. Develop additional performance indicators to validate Einstein alerts and document agency responses.

3. Evaluate lessons learned to define future requirements and make agencies aware of their ability to access Einstein data.

4.Develop a process that ensures that both DHS and participating agencies complete deployment checklists and execute required service level agreements on schedule.

This was last updated in April 2010
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: