HBGary Qosmos Deep Packet Inspection White Paper

Government-Wide Cyber Security: Leveraging Network Intelligence Technology

  • 20 pages
  • Confidential
  • April 2009


Hackers hide attacks in normal everyday IP traffic. The only effective way to deal with security threats is to deploy a government-wide cyber security system.

In new survey results released by TechAmerica in February 2009, it was confirmed again that IT security continues to be the greatest challenge facing government CIOs. The survey was based on in-person interviews with federal CIOs from U.S. civilian, homeland security and defense agencies, as well as key officials from the White House Office of Management and Budget, the U.S. Government Accountability Office, and the Congress. The U.S. is now in the early stages of a major “cyber initiative” that will expand monitoring of federal IT networks. Robert Jamison, an undersecretary within the U.S. Department of Homeland Security, when testifying before a congressional committee, defended the need for better network monitoring, saying: “Our adversaries are very adept at hiding their attacks in normal everyday [network] traffic,” adding that the only effective way to deal with the security threats is to deploy a government-wide cyber security system. Such capabilities already exist within a few U.S. agencies, Jamison noted, but are “just not consistent.”

Given the massive volumes of data that the U.S. and other governments must manage and the volume of traffic across IT networks, government-wide security solutions pose significant technical challenges. According to Phil Bond, president of TechAmerica, “Now more than ever, a partnership between the public and private sectors in leveraging IT to achieve a more transparent government is essential to securing the public’s safety.”

Most experts share this view. Without using the words “global approach to cyber security,” the premise of recent NATO initiatives clearly recognizes the need, with the catalyst for at least one SPS (Science for Peace and Security) workshop being: “Information systems engineers and security engineering researchers traditionally work independently, so security mechanisms are often imposed on the system without considering the overall design. This can result in problematic systems and security vulnerabilities.”

But governments must proceed with caution when forming technology partnerships for IT network security. While committed to improving the capabilities, performance and scalability of security systems, governments charged with protecting national security and public safety cannot surrender control or the confidentiality of their solutions.

Lawful Intercept


Criminals, predators and hackers now use chats, blogs, webmail and Internet applications such as online gaming and file-sharing sites to hide their communications.


Qosmos provides law enforcement agencies with a powerful solution to identify a target using multiple virtual IDs and intercept all related IP-based communications. Any trigger, such as a “user login = target” initiates intercept of all IP traffic related to the “target.”

Example of recognized applications and protocols VoIP Email (POP, SMTP) Webmail (Gmail, Hotmail, Live Mail, SquirrelMail, Yahoo mail, etc.) Instant Messaging (Aim, SNM, Skype, Yahoo, Google Talk, QQ, Maktoob, Paltalk, etc.) Online games (World of Warcraft) Online classified ads Audio/Video (H.323, SIP, MGCP, RTP, RTCP, MMSE, RTSP, SHOUTcast, Yahoo Video, MSN Video, SCCP, etc.) Web applications (Dailymotion, Google, eBay, Google Earth, HTTP, MySpace, Wikipedia, YouTube, etc.)

Example of information extracted Caller, phone number, called party, duration of call Webmail login, email address, sender, receiver, subject matter, attached documents Instant messaging sender, receiver, contact lists and status Forum login, IP address, MAC address, mobile ID (IMSI, IMEI) Protocols identified even for unidirectional traffic (e.g. email by satellite).

Benefits of Qosmos Network Intelligence Quickly and accurately detect targets across all identities in the complex IP communications environment Content and metadata records of communications for analysis with Business Intelligence tools

Share this: