Raytheon chosen by DARPA for cybersecurity programme

Raytheon Company has been selected to support an insider threat research programme led by the Defense Advanced Research Projects Agency (DARPA).

The goal of the DARPA Anomaly Detection at Multiple Scales (ADAMS) programme is to create, adapt and apply technology to the problem of anomaly characterization and detection in large data sets.

In order to build algorithms to better detect anomalous behaviors, the ADAMS project will use data collected by Raytheon's endpoint audit and investigation solution known as SureView(TM). The specific goal of ADAMS researchers is to detect anomalous behaviors shortly after a trusted insider "turns" and begins committing malicious acts. Unlike previous insider threat research programmes that were limited in size and scope, ADAMS will leverage massive data sets from large computer end-user populations observed in live, operational environments. DARPA has stated it wants the technology developed by ADAMS researchers to bolster the capabilities of existing sensor suites currently employed by cybersecurity analysts and operators.

"This project will provide unprecedented understanding of the insider threat at a time when the US government is mandating that agencies implement automated insider threat detection capabilities to protect their classified information systems," said Steve Hawkins, vice president of Raytheon's Intelligence and Information Systems' Information Security Solutions business. "The ADAMS programme will ensure that operationally proven tools such as SureView can be further enhanced to keep pace with the ever-evolving nature of the insider threat and allow analysts to better identify precursor behaviors before damaging incidents occur."

SureView captures malicious activity by proactively auditing end-user behavior on computer endpoints for policy violations and high-risk activity, such as accessing classified or proprietary data and trying to send it outside the firewall. Whether an incident is accidental or deliberate, SureView provides customers visibility and context to discern benign and malicious behavior all while adhering to an organization's privacy policies.

SureView agents are able to collect data associated with a multitude of applications, processes and behaviors, including Web browsing, removable media, MS Office applications, file activity, email, MS Windows registry, peer-to-peer applications, log on/log off activity, keystroke logging and clipboard functions, use of printers, use of Windows terminal services, instant messaging, command line operations and use of encryption.

Source: Raytheon