DISA seeks enterprise tools to manage security data

The Defense Information Systems Agency collects hundreds of terabytes of security-related data from its various firewalls, intrusion detection systems and other network defense mechanisms.

The agency is now in the market for enterprise tools to sift through the data, organize it and use it to identify potential vulnerabilities in the Defense Department's networks, said Richard Hale, DISA's executive for information assurance.

Hale today told a gathering of industry representatives that DISA was preparing enterprisewide procurements for security information management software. He spoke at TechNet International 2005 in Washington.

"Based on our experience, we think we can write a pretty good spec," Hale said.

DISA has been using ArcSight Enterprise Security Manager from ArcSight Inc. of Cupertino, Calif., to analyze security information and help mitigate risk. ArcSight's other government customers include the IRS and the departments of Energy and Health and Human Services.

ArcSight's system uses agent or agentless technology to collect thousands of security events per second from disparate infrastructure components. The ArcSight Manager collects the data and allows users to view it, trigger alerts and perform other functions. The product is currently undergoing Common Criteria certification, according to the company.

Security information management, sometimes known as security event management, is a growing software field. Other vendors include Computer Associates International of Islandia, N.Y., Itellitactics Inc. of Reston, Va., and OpenService Inc. of Westborough, Mass.

Hale also said DISA would be on the lookout for product that can perform automated certification and accreditation of computer systems.

"A lot of the money spent in the security business is spent for certification and accreditation, that's our quality control process," Hale said. "It's very expensive and painful in DOD right now. And it's not clear that we're buying nearly as much security as it's costing us. So there's a movement there to perhaps procure some tools to do this more easily, maybe more effectively."

The Defense Department is currently rewriting its instructions for performing certification and accreditation. Hale said, depending on the outcome of that process, DISA could put out a request for information in fiscal 2006.