Raytheon chosen by DARPA for cybersecurity programme
Raytheon Company has been selected to support an insider threat research programme led by the Defense Advanced Research Projects Agency (DARPA).
The goal of the DARPA Anomaly Detection at Multiple Scales (ADAMS) programme is to create, adapt and apply technology to the problem of anomaly characterization and detection in large data sets.
In order to build algorithms to better detect anomalous behaviors, the ADAMS project will use data collected by Raytheon's endpoint audit and investigation solution known as SureView(TM). The specific goal of ADAMS researchers is to detect anomalous behaviors shortly after a trusted insider "turns" and begins committing malicious acts. Unlike previous insider threat research programmes that were limited in size and scope, ADAMS will leverage massive data sets from large computer end-user populations observed in live, operational environments. DARPA has stated it wants the technology developed by ADAMS researchers to bolster the capabilities of existing sensor suites currently employed by cybersecurity analysts and operators.
"This project will provide unprecedented understanding of the insider threat at a time when the US government is mandating that agencies implement automated insider threat detection capabilities to protect their classified information systems," said Steve Hawkins, vice president of Raytheon's Intelligence and Information Systems' Information Security Solutions business. "The ADAMS programme will ensure that operationally proven tools such as SureView can be further enhanced to keep pace with the ever-evolving nature of the insider threat and allow analysts to better identify precursor behaviors before damaging incidents occur."
SureView captures malicious activity by proactively auditing end-user behavior on computer endpoints for policy violations and high-risk activity, such as accessing classified or proprietary data and trying to send it outside the firewall. Whether an incident is accidental or deliberate, SureView provides customers visibility and context to discern benign and malicious behavior all while adhering to an organization's privacy policies.
SureView agents are able to collect data associated with a multitude of applications, processes and behaviors, including Web browsing, removable media, MS Office applications, file activity, email, MS Windows registry, peer-to-peer applications, log on/log off activity, keystroke logging and clipboard functions, use of printers, use of Windows terminal services, instant messaging, command line operations and use of encryption.
Source: Raytheon
More from Digital Battlespace
-
NATO adopts high-data-rate waveform for tactical communications
NATO member countries can now access to the ESSOR HDR Base Waveform which can offer secure and high-speed tactical communications.
-
Lockheed Martin joins radar research consortium ahead of Finland’s F-35 procurement
Lockheed Martin and VTT will lead a consortium of Finnish defence and technology companies to develop signals intelligence technologies for the F-35 and other defence applications.
-
Eventide Communications' NexLog DX-FIPS recorders achieve JITC certification
Reliability and security remain at the forefront of technology considerations in the rapidly evolving defence communications industry.
-
Steatite nears completion of order for Crib rugged mobile operations hub
Steatite‘s Crib is a ruggedised universal C2 terminal which incorporates multi-function displays enabled with Persistent Systems Wave Relay Mobile Ad-hoc Network (MANET) radio.
-
UK MoD’s new cybersecurity requirements present industry challenges
The Secure by Design approach means capability owners and delivery teams are accountable and responsible for delivering systems that are cyber secure.