Objective
This User and Entity Behavioral Analysis will streamline authentication to the network and services while transparently securing mission-critical services, such as warfighting applications, through granular, role-based access controls. This UEBA solution may enable the implementation of the Army’s Zero Trust Architecture while improving the tactical network’s cybersecurity posture.
Description
The Army requires a novel UEBA capability that serves as, or feeds, a Policy Decision Point in the Tactical ZTA. A behavior analysis is the process of collecting activity data on people and other entities, applying advanced analytics, and comparing the results to accepted baselines and peer activities.
This UEBA will leverage data collected and normalized by the Elastic Stack. This data includes Active Directory Domain, Active Directory Certificate Services, Windows Endpoint, Linux Endpoint, Palo Alto Firewall, Suricata Intrusion Detection System, Zeek Network Sensor, Netflow and Cisco IOS events. It will also incorporate Nessus Security Center vulnerability and asset scan reports.
This capability can execute within the Elastic Stack as a collection of detection engine rules, entity analytics or a Machine Learning model, or it can execute as a stand-alone virtual machine or container. The UEBA should include a well-documented and flexible REST API that enables Policy Enforcement Points to obtain necessary telemetry and enforce authorization decisions.
Phase I
A proof-of-concept showing technical maturity and feasibility for User and Identity Behavioral analysis solutions.
The government seeks a proof of concept, in the form of a whitepaper, that details the feasibility of developing a novel User and Entity Behavioral Analysis capability that serves as a policy decision point. The proof of concept will assume the ability to utilize data already collected by systems in the Program Executive Office Command, Control and Communications-Tactical portfolio and normalized by the Elastic Stack implementation deployed on the tactical network. The model shall determine a user’s normal battle rhythm and be able to alert a human in the loop of a change in the user’s risk score. The authoritative human in the loop can terminate the user’s session or elevate for further analysis.
Phase II
A prototype development and demonstration/evaluation.
The vendor will develop the prototype and demonstrate it to the UEBA, highlighting its ability to collect and interpret data. The demonstration shall also show the ability to display a user’s risk-score change based on behavioral anomalies while enabling the human in the loop to decide on access based on that alert.
Phase III
Submission Information
All eligible businesses must submit proposals by 12 PM, Eastern Time.
To view full solicitation details, click here.
For more information, and to submit your full proposal package, visit the DSIP Portal.
Applied SBIR Help Desk: usarmy.pentagon.hqda-asa-alt.mbx.army-applied-sbir-program@army.mil
References:
Objective
This User and Entity Behavioral Analysis will streamline authentication to the network and services while transparently securing mission-critical services, such as warfighting applications, through granular, role-based access controls. This UEBA solution may enable the implementation of the Army’s Zero Trust Architecture while improving the tactical network’s cybersecurity posture.
Description
The Army requires a novel UEBA capability that serves as, or feeds, a Policy Decision Point in the Tactical ZTA. A behavior analysis is the process of collecting activity data on people and other entities, applying advanced analytics, and comparing the results to accepted baselines and peer activities.
This UEBA will leverage data collected and normalized by the Elastic Stack. This data includes Active Directory Domain, Active Directory Certificate Services, Windows Endpoint, Linux Endpoint, Palo Alto Firewall, Suricata Intrusion Detection System, Zeek Network Sensor, Netflow and Cisco IOS events. It will also incorporate Nessus Security Center vulnerability and asset scan reports.
This capability can execute within the Elastic Stack as a collection of detection engine rules, entity analytics or a Machine Learning model, or it can execute as a stand-alone virtual machine or container. The UEBA should include a well-documented and flexible REST API that enables Policy Enforcement Points to obtain necessary telemetry and enforce authorization decisions.
Phase I
A proof-of-concept showing technical maturity and feasibility for User and Identity Behavioral analysis solutions.
The government seeks a proof of concept, in the form of a whitepaper, that details the feasibility of developing a novel User and Entity Behavioral Analysis capability that serves as a policy decision point. The proof of concept will assume the ability to utilize data already collected by systems in the Program Executive Office Command, Control and Communications-Tactical portfolio and normalized by the Elastic Stack implementation deployed on the tactical network. The model shall determine a user’s normal battle rhythm and be able to alert a human in the loop of a change in the user’s risk score. The authoritative human in the loop can terminate the user’s session or elevate for further analysis.
Phase II
A prototype development and demonstration/evaluation.
The vendor will develop the prototype and demonstrate it to the UEBA, highlighting its ability to collect and interpret data. The demonstration shall also show the ability to display a user’s risk-score change based on behavioral anomalies while enabling the human in the loop to decide on access based on that alert.
Phase III
Submission Information
All eligible businesses must submit proposals by 12 PM, Eastern Time.
To view full solicitation details, click here.
For more information, and to submit your full proposal package, visit the DSIP Portal.
Applied SBIR Help Desk: usarmy.pentagon.hqda-asa-alt.mbx.army-applied-sbir-program@army.mil
References: