Einstein

Participating agencies have used Einstein in network gateways since 2004. In conjunction with the Trusted Internet Connection (TIC) initiative launch in 2008, DHS mandated that all federal agencies must use Einstein. TIC reduces the total number of Internet connections used by federal agencies and installs centralized monitoring of all gateways using Einstein. Under the initiative, every agency has to justify each gateway, with the goal of reducing more than 4,000 gateways across the federal government down to 50 by June 2008.

Government security specialists use a secure Web portal to review session data about traffic on their own network gateways. This data complements existing filtering and intrusion detection systems, allowing agents to be aware of activity throughout federal networks. DHS provides the necessary hardware, software, support services and operational training to agencies, offering an "out of the box" capability.

Implementation of Einstein and similar intrusion defense tools is a crucial step in preparing for future cyberwars with both distributed groups of criminal hackers and, potentially, other nations. Deep traffic analysis, at the packet level, is a vital element of maintaining network security, given the advanced disguises such attacks employ to fool users into downloading malware from email or websites which then may lodge deep within an operating system, invisible to the user. Once installed, such malware may access sensitive information or make the host part of a botnet to compound the potential damage.

Critics of Einstein note that its capabilities appear to be no more robust than commercial software deployed in the private sector. An improved version that features real-time analysis of network traffic and the content of email and other communications for malicious code is, however, due later in 2008.

In physics, an einstein is a physical unit equal to one mole of photons.

Read more about Einstein: - Shawn Waterman did an analysis of Einstein and US cybersecurity for United Press International. - John wrote about lawmakers' concerns about the Einstein program at the GLORIAD blog.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Network Intrusion Detection and Analysis,   Enterprise Network Security,   Monitoring Network Traffic and Network Forensics,   Network Intrusion Detection (IDS),   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Chained Exploits: How to prevent phishing attacks from corporate spies Ever wonder if someone is monitoring everywhere you go on the Internet? In this chapter excerpt, learn how to keep corporate spies at bay. PCI compliance requirement 10: Auditing Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 10: "Track and monitor all access to network resources and cardholder... Know when you need IDS, IPS or both Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) footprinting  (SearchSecurity.com)