August 5, 2011
Raytheon Chosen by DARPA for Critical Cybersecurity Research Program on Insider Threats
DULLES, Va., Aug. 5, 2011 /PRNewswire/ -- Raytheon Company (NYSE: RTN) has been selected to support an insider threat research program led by the Defense Advanced Research Projects Agency (DARPA).
The goal of the DARPA Anomaly Detection at Multiple Scales (ADAMS) program is to create, adapt and apply technology to the problem of anomaly characterization and detection in large data sets.
In order to build algorithms to better detect anomalous behaviors, the ADAMS project will use data collected by Raytheon's endpoint audit and investigation solution known as SureView(TM). The specific goal of ADAMS researchers is to detect anomalous behaviors shortly after a trusted insider "turns" and begins committing malicious acts. Unlike previous insider threat research programs that were limited in size and scope, ADAMS will leverage massive data sets from large computer end-user populations observed in live, operational environments. DARPA has stated it wants the technology developed by ADAMS researchers to bolster the capabilities of existing sensor suites currently employed by cybersecurity analysts and operators.
"This project will provide unprecedented understanding of the insider threat at a time when the U.S. government is mandating that agencies implement automated insider threat detection capabilities to protect their classified information systems," said Steve Hawkins, vice president of Raytheon's Intelligence and Information Systems' Information Security Solutions business. "The ADAMS program will ensure that operationally proven tools such as SureView can be further enhanced to keep pace with the ever-evolving nature of the insider threat and allow analysts to better identify precursor behaviors before damaging incidents occur."
SureView captures malicious activity by proactively auditing end-user behavior on computer endpoints for policy violations and high-risk activity, such as accessing classified or proprietary data and trying to send it outside the firewall. Whether an incident is accidental or deliberate, SureView provides customers visibility and context to discern benign and malicious behavior all while adhering to an organization's privacy policies.
SureView agents are able to collect data associated with a multitude of applications, processes and behaviors, including Web browsing, removable media, MS Office applications, file activity, email, MS Windows registry, peer-to-peer applications, log on/log off activity, keystroke logging and clipboard functions, use of printers, use of Windows terminal services, instant messaging, command line operations and use of encryption.
Raytheon Company, with 2010 sales of $25 billion, is a technology and innovation leader specializing in defense, homeland security and other government markets throughout the world. With a history of innovation spanning 89 years, Raytheon provides state-of-the-art electronics, mission systems integration and other capabilities in the areas of sensing; effects; and command, control, communications and intelligence systems, as well as a broad range of mission support services. With headquarters in Waltham, Mass., Raytheon employs 72,000 people worldwide.
SOURCE Raytheon Company