Customer Success /

SAS Institute Inc. World Headquarters
SAS Campus Drive, Cary, NC 27513
Tel (800) 727-0025
Fax (919) 677-4444
www.sas.com/success

Customer Success

Printer-Friendly Printer-Friendly

Customer Success
 

War fighters rely on network security

SAS® helps the US Navy protect the information domain

The Department of Defense (DOD) maintains the largest computer network in the world. Connecting thousands of IT systems around the globe, the DOD's computer network is critical for the command and control of each branch of the United States military.

Customer Success Video

Check out this video to learn more about The U.S. Navy Cyber Defense Operations Command and its successes with SAS.

View Video

(Runtime: 4 mins, 38 secs)
Customer ViewPoint
You have questions; our customers have answers. Check out this video Q&A.

Captain Steven Carder
Commander,
NCDOC

 

View Video

Jim Granger
Technical Director,
NCDOC

View Video

Keith Rohwer
Information Technology Specialist,
Navy Research Lab in support of NCDOC

View Video

(Requires Windows Media Player 6.4.7 or higher or RealPlayer 6 or higher)

"Today, information is a critical commodity," says Captain Steven Carder, commander of The US Navy Cyber Defense Operations Command -- or NCDOC for short. "We can't execute without the network, and my job is to defend the Navy portion of the computer network."

To help accomplish that important job, NCDOC relies on PROMETHEUS – a Web-based solution that monitors, reports and thwarts malicious network activity. Using SAS Intelligence Platform components that include SAS Enterprise BI Server, SAS Data Integration Server and SAS Intelligence Storage, the PROMETHEUS system:

  • Integrates and stores large volumes of computer network defense data.
  • Provides customized interfaces that provide information to Navy analysts and other information consumers.
  • Delivers event-correlation capabilities.

Detecting future attacks
Based in Norfolk, Va., NCDOC analyzes masses of incoming and stored data using real-time information obtained from the Navy's networks. "Our 24/7 watch is the nerve center of everything that comes in," says NCDOC technical director Jim Granger. "We receive information from a variety of sources and use that information to stop attacks in progress or – more ideally – predict future attacks and stop them before they start."

Granger's team looks for anomalies or indications of warnings that a computer network attack may occur. In particular, they can watch for probing activities or precursors that somebody may be conducting reconnaissance for a possible attack in the future. "We deal with literally thousands of probes against DOD perimeter defenses every day," says Carder. "We analyze those probes and the successful intrusions into the network, and take a look at the trend data to determine whether each one is a unique and isolated event or part of a broader scope of events."

A complete solution for network security
Before creating PROMETHEUS, the Navy had already established a best of breed defensive grid by using firewalls, anti-virus products and analytic solutions using the industry's top tools for each component. "We allow the industry and the Navy to determine the best product for each situation," says Keith Rohwer, an IT specialist in the Navy research lab that supports NCDOC.

The challenge facing NCDOC was finding a vendor-independent solution that could bring all this information together into a single database for advanced analysis and reporting.

In the past, most of NCDOC's advanced business intelligence was conducted manually by entering data from various security alerts into a database for further analysis. Over the years, however, as threats continued to increase and the network became more and more complex, the Navy saw the need for a more advanced system.

"We knew there was a better way to do this," says Rohwer "And we knew that there was a way to automate this process and improve the current method, which was very manpower and paperwork intensive."

"We needed the tools, capability and technology to give us the power to know what's out there, and help us make more informed decisions about where to focus our assets, where we have vulnerabilities and how we can continue to prepare for the future," adds Carder.

Built with SAS, the PROMETHEUS system accesses and aggregates data from all portions of the network – including system logs, Web logs, E-mail logs, firewall logs and router logs – and then prepares and stores that data for reporting and predictive analysis.

Increased speed and improved recognition
Rohwer, Granger and Carder agree that the results with PROMETHEUS have been beneficial. "Our speed in handling incidents has increased dramatically," says Granger. "We have been able to tie together large patterns of attacks. We have seen things at multiple sites and realized it all tied together and wasn't a coincidence. We have even been able to use PROMETHEUS to go back and see where there was related probing activity at these sites six months ago."

The PROMETHEUS solution also lets the NCDOC team dig deeper into the network's data and produce customized filters for tracking information. With these features, the system can automatically detect trends within the database and trigger further analysis when suspicious activity occurs.

Additionally, Granger says PROMETHEUS has reduced query and reporting times for many common reports. For example, his team produces a hot IP list, which lists the IP address – or computer identifier – for suspected cyber criminals.

"We have certain thresholds and criteria and we say these guys are on a watch list," explains Granger. "Prior to PROMETHEUS, it took us about four hours to generate that list. Now, with the interface that we have, we just click and pull up an IP list within minutes."

War fighters in the information domain
Carder and Granger know the work they do is vital to the nation's defense, and they've seen how the importance of network security has become more and more visible to top military leaders. "Traditionally, information technology troops were not thought of as war fighters," says Carder. "We were thought of as enablers and supporters."

But that has changed, says Carder: "The Commander of the Naval Network Warfare Command, Vice Admiral James D. McArthur now refers to my team as cyber warriors, and that's where we fight: in the information domain. "The Navy network is under attack every day. It has to be defended. If it is compromised, the war fighter will not have the capability to execute the missions he's been given," concludes Carder.

With SAS, the PROMETHEUS solution provides that capability and reduces the resource requirements needed to complete the mission.

Copyright © SAS Institute Inc. All Rights Reserved.

US Department of Defense photo

US Navy

Challenge:
Defend the Navy's computer network against enemies in the cyber domain. 
Solution:
SAS Intelligence Platform technologies store and integrate large volumes of computer network defense data and provide customized information-delivery interfaces for Navy personnel. 
Benefits:
NCDOC analysts handle incidents with increased speed and recognize potential threats sooner than before.

We needed the tools, capability and technology that could give us the power to know what's out there, and help us make more informed decisions about where to focus our assets, where we have vulnerabilities and how we can continue to prepare for the future.

Capt. Steven Carder

Commander of the Navy Cyber Defense Operations Command

Read more: