 - Einstein is the network monitoring tool used by the United States federal government's Department of Homeland Security (DHS). Einstein is used to automatically monitor and analyze Internet traffic when it moves in and out of federal computer networks, filtering packets at the perimeter. Anomalies that may represent unauthorized access or other hacker activity are reported to United States Computer Emergency Readiness Team (US-CERT), the operational arm of the National Cyber Security Division (NCSD), which then moves to quarantine and disinfect affected machines.
Participating agencies have used Einstein in network gateways since 2004. In conjunction with the Trusted Internet Connection (TIC) initiative launch in 2008, DHS mandated that all federal agencies must use Einstein. TIC reduces the total number of Internet connections used by federal agencies and installs centralized monitoring of all gateways using Einstein. Under the initiative, every agency has to justify each gateway, with the goal of reducing more than 4,000 gateways across the federal government down to 50 by June 2008.
Government security specialists use a secure Web portal to review session data about traffic on their own network gateways. This data complements existing filtering and intrusion detection systems, allowing agents to be aware of activity throughout federal networks. DHS provides the necessary hardware, software, support services and operational training to agencies, offering an "out of the box" capability.
Implementation of Einstein and similar intrusion defense tools is a crucial step in preparing for future cyberwars with both distributed groups of criminal hackers and, potentially, other nations. Deep traffic analysis, at the packet level, is a vital element of maintaining network security, given the advanced disguises such attacks employ to fool users into downloading malware from email or websites which then may lodge deep within an operating system, invisible to the user. Once installed, such malware may access sensitive information or make the host part of a botnet to compound the potential damage.
Critics of Einstein note that its capabilities appear to be no more robust than commercial software deployed in the private sector. An improved version that features real-time analysis of network traffic and the content of email and other communications for malicious code is, however, due later in 2008.
In physics, an einstein is a physical unit equal to one mole of photons.
 |
Learn more about Monitoring Network Traffic and Network Forensics |
| LAST UPDATED: |
10 Apr 2008
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
|
Show me everything on 
