Einstein

Participating agencies have used Einstein in network gateways since 2004. In conjunction with the Trusted Internet Connection (TIC) initiative launch in 2008, DHS mandated that all federal agencies must use Einstein. TIC reduces the total number of Internet connections used by federal agencies and installs centralized monitoring of all gateways using Einstein. Under the initiative, every agency has to justify each gateway, with the goal of reducing more than 4,000 gateways across the federal government down to 50 by June 2008.

Government security specialists use a secure Web portal to review session data about traffic on their own network gateways. This data complements existing filtering and intrusion detection systems, allowing agents to be aware of activity throughout federal networks. DHS provides the necessary hardware, software, support services and operational training to agencies, offering an "out of the box" capability.

Implementation of Einstein and similar intrusion defense tools is a crucial step in preparing for future cyberwars with both distributed groups of criminal hackers and, potentially, other nations. Deep traffic analysis, at the packet level, is a vital element of maintaining network security, given the advanced disguises such attacks employ to fool users into downloading malware from email or websites which then may lodge deep within an operating system, invisible to the user. Once installed, such malware may access sensitive information or make the host part of a botnet to compound the potential damage.

Critics of Einstein note that its capabilities appear to be no more robust than commercial software deployed in the private sector. An improved version that features real-time analysis of network traffic and the content of email and other communications for malicious code is, however, due later in 2008.

In physics, an einstein is a physical unit equal to one mole of photons.

Read more about Einstein: - Shawn Waterman did an analysis of Einstein and US cybersecurity for United Press International. - John wrote about lawmakers' concerns about the Einstein program at the GLORIAD blog.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows registry forensics guide: Investigating hacker activities Ed Skoudis explains how investigators can interact with the registry to analyze a compromised system and unveils several reg commands that can be used... More built-in Windows commands for system analysis Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis. Is security improved when the number of Internet gateways is reduced? A single entry point has often been thought easier to defend than multiple entry points. There are some caveats to reducing the number of Internet...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) footprinting  (SearchSecurity.com)