The Prospects of Commercializing Homeland Security Technologies
The amount of research that the U.S Department of Homeland Security puts in for combating cybercrimes is stupendous. This research leads to developing technology that’s used in turn to develop new software, most of which would be used to combat all kinds of sophisticated cyberthreats.
The federal government now seeks to bring these technologies to the marketplace, especially since these are part of research projects that are not top-secret ones. In 2016, the DHS had made a list of eight cyber security technologies that could be released to the public. The list included REnigma, Socrates, PcapDB, REDUCE, DFI (Dynamic Flow Isolation), TRACER, FLOWER and SilentAlarm.
Discussing the prospects of the commercialization of these technologies is highly relevant. Let’s examine this, based on some of these technologies- the ones that are most likely to get commercialized…
REnigma: This is a software that allows potentially harmful malware to run within a virtual machine, recording what the malware does so that it can all be replayed and used for analysis. Thereby REnigma helps researchers get to view and study malware at leisure and understand their working in detail. The highlight is that the malware is made to think that it’s attacking an actual system and continues to operate within the virtual environment. REnigma thus helps researchers avoid manual reverse engineering, a method that they earlier had to depend on for malware analysis.
FLOWER: FLOWER is another name for Network FLOW AnalyzER, the software that inspects IP packet headers, gathers data about bi-directional flows and identifies baseline traffic and abnormal flows. This helps spot potential breaches and insider threats. This technology is already being used in many government offices and also by business organizations; it helps a lot as regards forensic investigations into incidents.
PcapDB: PcapDB is basically a software database system that organizes packet traffic into flows and then captures packets to analyze network traffic. In fact, almost like the black box used in aircrafts, this software helps analyze data post a cyberattack and thus it helps investigators get clarity regarding an attack and its origins. PcapDB helps store months of traffic data on commodity Serial Attached SCSI (SAS) disks and allows reconstruction of malware transfers, downloads, command and control messages, and exfiltrated data.
SilentAlarm: This software does an analysis of network behaviors and helps identify malicious behavior, thereby preventing attacks. It also helps prevent zero-day attacks, for which there are no signatures. This technology helps identify abnormal activities, including failed SMTP attempts, external internet connections etc. It also helps determine if any abnormal activity poses a threat to overall security. An alert is also sent upon detection of such an abnormal activity.
REDUCE: This DHS software helps compare malware samples, especially to previously collected and analyzed samples/groups of malware. Thus, using this software, investigators can identify as to who wrote a malware and also form an idea about its technical characteristics and threat level. REDUCE can also be used to compare multiple malware samples simultaneously; such analyses helps find similarities in code patterns, which are displayed along with existing data about those patterns.