Sandia National Labs: Homeland Security and Defense: Cyber Security: Detect

Sandia's tools for early detection of threats can lead to quick intervention—and minimized damage.

Visualization

Detection illustration–anomaly detection, cyber response, vulnerability scanning, profiling, countermeasures

Sandia provides an array of visualization tools:

NetState aids in detecting an attack by portraying “normal” network activity, creating a network profile database using scanning and passive monitoring
Our visualization tool suite for rapid recognition of network activity allows operators to grasp real-time network status at a glance
The heuristic/AI SPARC software choreographs real-time network response and reconfigurations

Detecting anomalies

Sandia’s transactional logging and anomaly detection system allows real-time analysis of abnormal traffic patterns and creates an easily searchable log of all network sessions.

Additional capabilities include:

High-speed intrusion detection at 1–10 Gbps
Wireless intrusion detection of RF interference and jamming
Monitoring of multi-protocol label switching networks

Thwarting attackers

After observing suspicious traffic, the Adaptive Network Countermeasures (ANC) system injects deceptive packets into the network to confuse attackers.

Conducting forensics and attribution

Sandia offers traffic mapping tools (NetState, transactional logging) to facilitate attribution, and the ANC tool helps determine the “intent” of the attacker.

Sandia also gathers cyber evidence, performs application-specific reverse engineering and session regeneration, and maintains a malicious code testbed to aid forensics.

Mission Areas

DETECT AND RESPOND TO CYBER ATTACKS

Visualization

Detecting anomalies

Thwarting attackers

Conducting forensics and attribution