Einstein’s little bro: Used by most states, Albert guards against malware
The Multi-State Information Sharing and Analysis Center hopes to bring its Homeland Security-inspired state government cybersecurity program to every state by the end of the year, officials said.
The program is already in 40 different states and territories, where state governments and agencies can use it to easily detect viruses or other malicious software that could compromise its computers and networks, MS-ISAC Chair, Tom Duffy said. The program is very similar to the Department of Homeland Security’s Einstein program.
It’s name? Albert, of course.
“There are centers usually at the perimeter of the network, and it inspects traffic going out for any malicious type of indicators,” Duffy explained. “We have signatures, and if the signature matches, we send off an alert. And then the alert is analyzed by the security-operations center analysts to determine if it is a real event or a false alert.”
To keep up with the huge number of new malware variants, Albert is run 24/7 and MS-ISAC updates the signature database twice a day.
Duffy considers the program “absolutely successful,” he said – last year, the program received 50,000 notices indicating possible malicious activity. Of all the detections, the most common type was click fraud at 27 percent, according to a 2015 MS-ISAC report given to FedScoop. The next most common type, 19 percent, were generic Trojans and 17 percent were botnet activity.
Albert closely resembles Einstein 2, the cybersecurity program DHS previously used. Just like that program, it cannot block or remove malware, but merely alerts security officials to further investigate. While the DHS upgraded to Einstein 3A, which can stop the attacks itself, upgrading Albert would be too expensive, Duffy said.
MS-ISAC worked closely with the DHS to develop the program, using a profit sharing agreement from them to help create it. In total, the program cost “a couple million” to develop, Duffy said.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.