The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.
In collaboration with NSA and JTF-GNO, the Network Situational Awareness (NetSA) group at CERT/CC, Software Engineering Institute, Carnegie Mellon University, has developed large-scale network traffic reporting systems that provide analysts with the capacity to dynamically query large summaries of network traffic over time. These systems are deployed on the NIPRNet as part of the JTF Centaur capability. In this presentation we describe the sensor and analysis technologies that support an asset inventory system, and serve as a foundation for a flexible, ad-hoc intrusion detection capability. These facilities have greatly increased our ability to respond strategically to information security challenges, and to detect novel threats to the NIPRNet, in an environment where both attacks and normal traffic are changing continuously.