WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
The U.S Department of Homeland Security (DHS) is responsible for ensuring the security of the nation, but who is responsible for helping to ensure the security of the DHS network?
Part of that responsibility falls on the capable shoulders of Brendan Goode, director of Network Security Deployment at DHS. Goode spoke about his role and DHS programs during a well attended session at the RSA conference in San Francisco last week.
The mission of the Network Security Deployment (NSD) division at DHS is to design develop, acquire and provide support for the National Cybersecurity Protection System, explained Goode. The National Cybersecurity Protection System (NCPS) is operationally known within DHS as EINSTEIN and provides key cybersecurity capabilities to defend against cyber threats targeted at civilian-facing networks in the .gov domain, such as the U.S. Department of Commerce and U.S. Department of Health and Human Services.
"Our objective for our systems is to enable DHS to be able to detect and alert on malicious traffic that is coming into the federal government," Goode said. "We also can take proactive action to stop those actions, over the wire at line speed."
Since 2008 the DHS has been ramping up the NSD budget and deployment capabilities. While technology has played a key role, the human element is equally important. The office has grown from four to 93 people during that time, Goode said.
Even with the new hires, Goode said that he knew his department wouldn't be able to solve every problem on its own. "I had a limited number of people I could hire and there are some complex challenges out there," he said. "It's important to engage collaboratively across government and the private sector."
NCPS has been investing in intrusion detection and prevention capabilities that are referred to within DHS as EINSTEIN2 and EINSTEIN3, Goode said. Today his team is able to monitor approximately 83 percent of all the traffic going in and out of the federal government today for malicious activity. With EINSTEIN3, Goode said the government's ability to deal with spear phishing and botnets has improved.
A side benefit and challenge of the EINSTEIN deployments is that the NCPS is collecting a lot of network flow data that it needs to analyze.
"So we have shifted investment toward our analytics capabilities themselves," Goode said. "We're establishing automated processing capabilities to allow the analysts to handle approximately 10 billion netflow record alerts on a daily basis."
By automating the collection and processing technologies, human analysts within his group can focus on higher-level tasks, Goode said. The infrastructure that NCPS is building is critically important for allowing the DHS to achieve its mission.
From an innovation perspective Goode said his organization has embraced the development principle of "fast fail," which allows the organization to learn lessons quickly and doesn't tie a development team to a particular path.
"I think too often as engineers we're compelled to try and force technology to work in an environment, even though the right solution would have been to accept the technology as a good attempt but the requirements need to be taken elsewhere," Goode said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.