Subject: Cyber Operations Support
The Challenge:
Sentar was tasked with developing a prototype insider threat detection tool for a DoD client that could be implemented within a data center environment and provide insider threat detection alerts with the low probability of false positives. Several response options were requested, including alerting administrator personnel to autonomously disabling network access, depending on the actions detected.
The Solution:
Sentar personnel developed a prototype hybrid cloud monitoring tool for insider threat analysis. Analytics were developed to track and monitor potential insider threat behavior. Resource monitors, data analysis, and bandwidth analysis metrics were utilized with threat analytics to provide a real-time insider threat warning product. This tool was able to successfully detect both malicious insiders as well as resource waste and unauthorized software utilization, with adjustable settings to reduce false positive settings at the expense of lowered detection rates. This tool was able to highlight potential insiders based on resource utilization requests, including file access requests, date and timestamps of login and logoff requests, and external service connections.
The Mission Impact:
Efficient Insider Threat Analysis:
Sentar was able to successfully design and implement a prototype capability that was able to update pre-defined analytics and refine pre-defined user profiles to detect insider threat actions. This approach was selected as it is well-suited for implementation next to existing solutions, including IDS/IPS appliances, firewalls, proxy appliances, and Active Directory/Group Policy controls