Definition

EINSTEIN

EINSTEIN is an intrusion detection system (IDS) for monitoring and analyzing Internet traffic as it moves in and out of United States federal government networks. EINSTEIN filters packets at the gateway and reports anomalies to the United States Computer Emergency Readiness Team (US-CERT) at the Department of Homeland Security.

EINSTEIN is designed to provide the federal government with a cohesive view of Internet threats and a centralized point of authority for dealing with potential threats. The second iteration of EINSTEIN included automatic alerts to US-CERT when activity matching predetermined patterns is detected. According to US-CERT, the patterns, which are called signatures, are not typically included in commercially available databases of known attack signatures, but are developed by US-CERT. EINSTEIN 3 includes supplemental signatures developed by the National Security Agency (NSA) and uses real-time deep packet inspection (DPI). In addition to notifying US-CERT when a network intrustion is attempted, EINSTEIN 3 also alerts government agencies.

As with all intrustion detection systems, EINSTEIN's weakness is that it cannot detect threats that do not have an associated signature in EINSTEIN's database.

 

This was last updated in July 2015

Continue Reading About EINSTEIN

Dig Deeper on Government IT Security Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

To what degree can a perimeter-based defense like Einstein be trusted?
Cancel

The best way to describe tools like Einstein is as necessary but insufficient. Every organization needs a layered defense which includes everything from virus and malware programs through tools like Einstein all the way to Advanced Threat Protection. EINSTEIN fits in the era where security was intended to 'keep them out' rather than the more apropos 'protect our stuff'. The recurring breaches make it clear that only with constant monitoring, advanced threat detection through Big Data analysis, and a proactive stance leveraging threat intelligence can you reduce the impact of a breach. N.B. The layered defense prevents most breaches; the advanced monitoring detects the ones that get through.

Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close