The Department of Defense (DOD) is seeking proposals for the topic of "User and Entity Behavior Analysis" as part of their SBIR program. The objective of this research is to develop a UEBA capability that serves as a Policy Decision Point (PDP) in the Tactical Zero Trust Architecture (ZTA). The UEBA will analyze user and entity behavior by collecting activity data and applying advanced analytics to detect anomalies. The solution will leverage data already collected and normalized by the Elastic Stack and incorporate various sources such as Active Directory, endpoint systems, firewalls, and vulnerability scans. The UEBA should include a flexible REST API for obtaining telemetry and making authorization decisions.
The project will be conducted in three phases. Phase I requires a proof of concept in the form of a whitepaper, demonstrating the feasibility of developing the UEBA capability. Phase II involves developing a prototype to collect and interpret data, display risk score changes, and allow human decision-making based on alerts. Phase III focuses on dual-use applications, such as embedding AI/ML pattern recognition into cybersecurity operations and applying UEBA to IoT, healthcare, and finance sectors.
The project duration is not specified, but the solicitation is open until March 31, 2025. For more information and to submit proposals, interested parties can visit the DOD SBIR website at [solicitation_agency_url].