EINSTEIN Is the Wrong Tool
June 20, 2010link
The only tool in DHS's chest is a monitoring tool. Millions of alerts
have to be filtered down. The continuous port scans, the worm traffic,
the DDoS attacks, have to be winnowed down to something actionable.
And even if that were possible, attacks such as those seen by Google, the Dalai Lama's office, and the Pentagon, would still be effective.
Einstein is a waste of money and a distraction. Other than generating huge reports that highlight the levels of attacks targeting DHS it will do nothing to protect DHS networks.
EINSTEIN, a network-based intrusion detection tool and a critical component of the government's $35-50 billion Comprehensive National Cybersecurity Initiative (CNCI) is, according to Richard Stiennon, a waste of money.
Stiennon knows the computer security field having been a former VP of Research for Gartner where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting and managed security services for the Security and Privacy group .