Background: The Navy Cyber Defense Operations Command (NCDOC) coordinates, monitors, and oversees the defense of Navy computer networks and systems. NCDOC is also responsible for accomplishing Computer Network Defense (CND) missions as assigned by Commander, Naval Network Warfare Command and Commander, Joint Task Force - Global Network Operations (JTF-GNO).
Challenges: With more than 700000 users worldwide NCDOC is one of several military cyber defense teams in the Department of Defense (DOD) and is responsible for around-the-clock protection of the Navy's computer networks. The organization's 180 employees continuously analyze huge volumes of network information gathered from ships aircraft and shore facilities across the globe. The vast number of cyber security sensors and corresponding alerts from these sites placed an inordinate burden on staff responsible for carefully evaluating each incident.
Best Deployment Scenario - Security Solution for Government
Solution provided: NCDOC addressed this challenge by creating PROMETHEUS a suite of tools that monitors reports and analyzes malicious network activity. PROMETHEUS uses Novell Sentinel as the security event management front-end to monitor tens of thousands network events per day and the SAS Intelligence Platform as the data warehouse back-end.Novell Sentinel tightly integrates identity data with security information event management so organizations know who is accessing resources. Having a holistic real-time view of all network activities gives NCDOC personnel the ability to: - Prioritize and focus on the most critical issuesâ€¢Monitor thousands of sensors and alerts across geographically dispersed networks - Generate reports in all levels of detail for different audiences whether commanders other agency partners or a joint security task forceThe PROMETHEUS system accesses and aggregates data from all portions of the network - including system logs Web logs e-mail logs firewall logs and router logs - and prepares and stores the data for analysis and reporting. Novell Sentinel alerts and prioritizes all security events in a centralized dashboard for security operators. This allows the Command to focus on those that require their immediate attention.
Summary: "With Novell Sentinel we have a unified real-time view of malicious activity across our diverse global environment from a central console," said Keith Rohwer NCDOC director of Research Development Testing and Evaluation. "We can customize what we want to see and prioritize everything according to the seven standard security levels."