McAfee, Northrop Grumman partner to work on Host Based Security System

The Defense Information Systems Agency recently finalized a $9.7 million services agreement with Northrop Grumman Information Systems to deploy the Host Based Security System (HBSS).

Northrop Grumman has partnered with McAfee to work on deployment, operations and maintenance on the U.S. Air Force's secret network, the SIPRNet.

Tom Conway is director of federal business development for McAfee and explained that HBSS sits on every endpoint within DoD and every server on the classified and unclassified networks.

It also provides a common protection profile and a common management framework through which officials can apply policies and tools across the entire enterprise at a moment's notice based on emerging threats.

"The information in the alerts roll upward, so something that may be occurring on the other side of the Earth can be seen at a command center in real time. You could nip it in the bud locally or make sure to see if it's happening anywhere else in the world and then decide what to do about it."

Conway explained that, since it runs on both the NIPRNet, DoD's Nonsecure Internet Protocol Router Network, and SIPRNet, DoD's Secure Internet Protocol Router Network, it protects against a variety of threats by sitting on every endpoint.

"It's a very advanced protection profile, where it moves beyond signature-based protection -- signature-based being defined as you already know what you're looking for, so you've got a signature and if you see it, you stop it -- to zero-day attacks, where you've never seen it before. In that case, you need to identify and block it by behavioral elements, such as -- this ought not to be happening in this place on my system so I'm going to block it because that's outside the norm. So, it's moving towards more advanced technology."

He added that the framework is important, as well, because threats continue to change -- and a threat to one is a threat to all, "You've got to have the ability to respond quickly and universally across 15,000 networks, 5 million endpoints worldwide."

McAfee used its original virus scan technology as a starting point for HBSS, though there are distinct differences.

"What HBSS is built around is something called host intrusion prevention, which is more behavioral based. You're trying to keep the bad guys out of the machine; whereas a virus is already in the machine and we're cleaning it up. With this, we're trying to put a protective shell around the machine."

Overall, the world of security and protection in the cyber world is changing, thus, HBSS.

"What [it] was designed to do is be the last line of defense against an external threat -- for example, something's coming from a different country all the way down to your particular server desktop -- [you need to] block that before it gets into your desktop or notebook. It's also been designed to guard against the insider threat -- the thumbdrive situation, where the adversary finds a means of bypassing [security] and getting directly into the machine. . . . [HBSS] is going to see an application trying to launch from a thumbdrive and say -- hey, wait a minute. That's not normal -- and block it."

So, while HBSS is doing all it can to protect the DoD, Conway said one can never forget another important aspect of security -- the human element.

"Every user is on the frontline in this fight. If you think about it, everything in our lives is going to be coming with its own IP address, or its going to have a USB port so you can plug something in. Everything's going to internetwork, so you have to build protection in 360 degrees in defense and depth mechanisms."

While Conway couldn't talk about specifics with regards to when the work for the Air Force on the SIPRNet will be complete, he did say that McAfee has partnered with Northrop Grumman before and seen positive and timely results.

---

Learn more on FederalNewsRadio.com with Tag Searches!

Federal News Radio: cyber-security

Federal News Radio: defense