US Marine Corps
Marine Corps Seeks Tool to Detect Insider Threat Activity on Enterprise Networks
The Marine Corps is looking for a tool that can monitor user activity and help detect insider threats on its enterprise networks.
In a sources sought notice published on SAM .gov, the service posted a requirement for a user monitoring and auditing capability for identifying and evaluating anomalous activity on the Marine Corps Enterprise Networks.
The tool must demonstrate five minimum technical capabilities for collecting user activity data, including performing a screen capture, file shadowing, keystroke monitoring and being able to attribute data to specific users, Nextgov reported.
The tool is envisioned to focus on seven key insider breach methods such as privilege elevation, accessing sensitive information, connecting to networks and target systems, establishing file shares and copying data to outside entities.
In addition, the tool must be a Protection Level 4, commercial-off-the-shelf solution that can be used on existing workstation hardware. It must also allow for remote monitoring on field laptops, tablets and other mobile devices.
The selected contractor will be required to perform all initial and follow-up installation and maintenance of hardware and software.
Support provided by the tool covers both the Non-classified Internet Protocol Router Network and Secret Internet Protocol Router Network on the MCEN. UAM data compiled from these sources and integrated with information from various sources is expected to support analysis and combat insider threats on the service’s enterprise networks.
Responses to the notice are due March 4.
Category: Defense and Intelligence
Tags: Defense and Intelligence Department of Defense enterprise networks insider threat Marine Corps Enterprise Networks Nextgov US Marine Corps user activity monitoring