EINSTEIN
E97782
EINSTEIN is a U.S. federal intrusion detection and prevention system used to monitor and protect government agency networks from cyber threats.
Observed surface forms (2)
| Surface form | Occurrences |
|---|---|
| EINSTEIN 3 Accelerated | 1 |
| EINSTEIN program | 1 |
Statements (43)
| Predicate | Object |
|---|---|
| instanceOf |
cybersecurity system
ⓘ
federal intrusion detection and prevention system ⓘ |
| appliesTo | U.S. federal civilian executive branch agencies NERFINISHED ⓘ |
| associatedWith | U.S. federal civilian executive branch cybersecurity programs ⓘ |
| basedOn |
intrusion detection
ⓘ
intrusion prevention ⓘ network traffic monitoring ⓘ |
| collects |
network flow data
ⓘ
security-relevant network metadata ⓘ |
| country |
United States of America
ⓘ
surface form:
United States
|
| dataType | network traffic metadata rather than full content in many deployments ⓘ |
| designedFor | large-scale federal enterprise networks ⓘ |
| developedBy | U.S. Department of Homeland Security NERFINISHED ⓘ |
| earlierVersionsCapability | passive intrusion detection ⓘ |
| focus | known and identifiable cyber threats ⓘ |
| goal |
enable coordinated federal response to cyber incidents
ⓘ
improve situational awareness of cyber threats to federal networks ⓘ |
| hasVersion |
EINSTEIN 1
NERFINISHED
ⓘ
EINSTEIN 2 ⓘ EINSTEIN 2.0 NERFINISHED ⓘ EINSTEIN 3 NERFINISHED ⓘ EINSTEIN 3 Accelerated NERFINISHED ⓘ |
| laterVersionsCapability |
automated blocking of known malicious traffic
ⓘ
intrusion prevention ⓘ |
| legalFramework | U.S. federal cybersecurity policy ⓘ |
| limitation | primarily signature-based detection ⓘ |
| monitors | network gateways of participating federal agencies ⓘ |
| notTargetUser |
private sector networks by default
ⓘ
state and local governments by default ⓘ |
| operator |
Cybersecurity and Infrastructure Security Agency
NERFINISHED
ⓘ
U.S. Department of Homeland Security NERFINISHED ⓘ |
| purpose |
detect cyber threats
ⓘ
monitor U.S. federal civilian agency networks ⓘ prevent cyber intrusions ⓘ |
| relatedTo |
Federal Information Security Modernization Act
NERFINISHED
ⓘ
Trusted Internet Connections initiative NERFINISHED ⓘ |
| sector | federal government cybersecurity ⓘ |
| securityDomain | network perimeter security ⓘ |
| supports |
federal incident detection
ⓘ
federal incident response coordination ⓘ |
| targetUser | U.S. federal civilian agencies NERFINISHED ⓘ |
| uses |
indicators of compromise
ⓘ
known threat signatures ⓘ |
Referenced by (3)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
EINSTEIN program
this entity surface form:
EINSTEIN 3 Accelerated