Strengthening Network Traffic Analysis
In 2007, the National Cyber Initiative made Einstein mandatory for all federal civilian agencies. The Department of Homeland Security (DHS) Einstein program helps protect federal computer networks and the delivery of essential government services.
First deployed in 2004, Einstein's capabilities for situational awareness are used throughout the federal government, in part because of a casual conversation between SEI staff members and the Department of Defense (DoD). That conversation led to the research and collaboration that produced a sophisticated suite of tools that can characterize network threats, assess the impact of security events, and identify vulnerable network infrastructures. Einstein integrates several distinct data collection and analysis systems and uses tool sets for network traffic analysis developed in the SEI's CERT Division.
Initially, Einstein collected summary network traffic information at agency gateways and provided a high-level view of federal government network connections. The program has grown to provide an automated process for collecting, correlating, analyzing, and sharing computer security information across the federal government to improve our nation's situational awareness.