Computer Network Defense (CND)
Computer networks are under constant attack. The Computer Network Defense team identifies network security vulnerabilities, monitors the network of intrusion attempts and virus activity, and defends the network by patching or mitigating vulnerabilities.
Many network analytical tools allow the CND team to quickly review millions of network log entries to identify and correlate potential security breaches or viruses. A single event may not be a problem, but events that follow a cycle or pattern may indicate a security breach.
ArcSight, Host Base Security Solution, AccessData, BlueCoat, Barracuda, Vulnerability Management System, Retina, and a solid understanding of DoD cyber operations terminology help the CND team navigate millions of log entries and terabytes of data to identify specific events.
In the realm of network security, hackers are broadly categorized by their intentions. White Hat hackers follow specific rules of engagement, coordinated with the system owner, before they attempt to penetrate the network. Results are documented and turned over to the system owner so the exploited vulnerabilities can be patched or mitigated. Black Hat hackers attack systems with the intent to damage networks or exploit them for their own use. Black Hat hackers follow no rules and only publicize their success if they want to improve their reputation with their peers. Gray Hat hackers work with the same intentions as White Hat hackers, but without the consent or agreement of the system owner, and they use many of the same tools and techniques as Black Hat hackers.
The CND team works, when asked, as a White Hat hacker to identify vulnerabilities on the network and help identify patches or fix actions to reduce or eliminate network risk. Network compliance inspections and CND corrective recommendations give customers insight into the security posture of their network and the ability to reduce network risk.