DOD SBIR 24.4 Annual

Active
Yes
Status
Open
Release Date
October 3rd, 2023
Open Date
October 3rd, 2023
Due Date(s)
March 31st, 2025
Close Date
March 31st, 2025
Topic No.
A244-013

Topic

User and Entity Behavior Analysis

Agency

Department of DefenseN/A

Program

Type: SBIRPhase: BOTHYear: 2024

Summary

The Department of Defense (DOD) is seeking proposals for User and Entity Behavior Analysis (UEBA) as part of their Small Business Innovation Research (SBIR) program. The objective of this solicitation is to develop a UEBA capability that will streamline authentication to the network and services while enhancing the cybersecurity posture of the tactical network. The UEBA solution will serve as a critical enabler to the Army's Zero Trust Architecture (ZTA) implementation. The technology will leverage data already collected and normalized by the Elastic Stack, including data from various systems and events. The UEBA should include a well-documented and flexible REST API for obtaining necessary telemetry for authorization decisions. The project will be conducted in two phases, starting with a proof of concept in Phase I and the development of a prototype in Phase II. The potential applications of UEBA include IoT monitoring, healthcare security, and finance fraud detection. The solicitation is open until March 31, 2025. For more information, visit the DOD SBIR website.

Description

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Integrated Network Systems-of-Systems

 

OBJECTIVE: This User and Entity Behavioral Analysis (UEBA) will streamline authentication to the network and services while transparently securing mission critical services such a warfighting applications, through granular role-based access control. As implemented, this UEBA solution will be a critical enabler to the Army’s Zero Trust Architecture (ZTA) implementation. It would substantially improve the tactical network’s cybersecurity posture.

 

DESCRIPTION: The U.S. Army requires a novel User and Entity Behavioral Analysis (UEBA) capability that serves as or feeds a Policy Decision Point (PDP) in the Tactical Zero Trust Architecture (ZTA). Behavior analysis is the process of collecting activity data on people and nonperson entities, applying advanced analytics and comparing the results to accepted baselines and peer activities. This UEBA will leverage data that is already collected and normalized by the Elastic Stack. This data includes Active Directory Domain, Active Directory Certificate Services, Windows endpoint, Linux endpoint, Palo Alto Firewall, Suricata Intrusion Detection System, Zeek Network Sensor, Netflow, and Cisco IOS events. It will also incorporate Nessus Security Center vulnerability and asset scan reports. This capability can execute within the Elastic Stack as a collection of detection engine rules, entity analytics or a Machine Learning model, or it can execute as a stand-alone virtual machine or container. The UEBA should include a well-documented and flexible REST API that enables Policy Enforcement Points (PEPs) to obtain necessary telemetry to obtain and enforce authorization decisions.

 

PHASE I: The government is looking for a proof of concept, in the form of a whitepaper, that details the feasibility of developing a novel User and Entity Behavioral Analysis (UBEA) capability that serves as a policy decision point. The proof of concept will assume the ability to utilize data already collected by systems in the PEO C3T portfolio and normalized by the Elastic Stack implementation deployed on the tactical network. The model shall determine a user's normal battle rhythm and be able to alert a human in the loop of a change in the user's risk score. The authoritative human in the loop will be able to make a decision to terminate the user's session or elevate for further analysis.

 

PHASE II: The prototype will be developed to demonstrate the UEBA ability to collect and interpret data. The demonstration shall also show the ability to display a risk score change of a user based on behavioral anomalies and the ability for a human in the loop to make a decision on access based on that alert.

 

PHASE III DUAL USE APPLICATIONS:

UEBA seeks to embed AI/ML pattern recognition into cybersecurity operations to automatically detect anomalous behavior in a digital environment. ​
Regarding zero trust (ZT) requirements, corporate research underscores that UEBA architecture inherently gives users a ZT solution as it provides maximum network visibility into all users, devices, asset, and entities. ​
Corporates and investors forecast start-ups augmenting current UEBA technology will imbue it with predictive analytics, creating “contextually aware” multimodal algorithms, and/or ensuring more robust interoperable and API infrastructure. ​
Current market applications, including start-up usage, for UEBA are:​
	
		Internet of Things (IoT) – UEBA can monitor both human activity on devices as well as anomalous behavior on connected devices.​
		Healthcare – similar to IoT, the healthcare use case includes patient portals and securing hardware.​
		Finance – track and flag suspicious behavior across a myriad of devices. ​
	

 

 

REFERENCES:

https://www.varonis.com/blog/user-entity-behavior-analytics-ueba
https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics
https://www.forbes.com/sites/forbestechcouncil/2022/04/28/implementing-a-zero-trust-architecture-be-sure-to-include-behavioral-analytics-to-bolster-security/?sh=c927b8777a4a

 

KEYWORDS:  User and Entity Behavioral Analysis (UEBA); Zero Trust Architecture; Authentication; Network; Data; Active Directory

Similar Opportunities

DOD SBIR 24.4 Annual - User and Entity Behavior Analysis
Department of Defense
The Department of Defense (DOD) is seeking proposals for the topic of "User and Entity Behavior Analysis" as part of their SBIR program. The objective of this research is to develop a UEBA capability that serves as a Policy Decision Point (PDP) in the Tactical Zero Trust Architecture (ZTA). The UEBA will analyze user and entity behavior by collecting activity data and applying advanced analytics to detect anomalies. The solution will leverage data already collected and normalized by the Elastic Stack and incorporate various sources such as Active Directory, endpoint systems, firewalls, and vulnerability scans. The UEBA should include a flexible REST API for obtaining telemetry and making authorization decisions. The project will be conducted in three phases. Phase I requires a proof of concept in the form of a whitepaper, demonstrating the feasibility of developing the UEBA capability. Phase II involves developing a prototype to collect and interpret data, display risk score changes, and allow human decision-making based on alerts. Phase III focuses on dual-use applications, such as embedding AI/ML pattern recognition into cybersecurity operations and applying UEBA to IoT, healthcare, and finance sectors. The project duration is not specified, but the solicitation is open until March 31, 2025. For more information and to submit proposals, interested parties can visit the DOD SBIR website at [solicitation_agency_url].
DOD SBIR 24.4 Annual - xTech Search 8 SBIR Finalist Open Topic Competition
Department of Defense
The Department of Defense (DOD) is seeking proposals for the xTech Search 8 SBIR Finalist Open Topic Competition. The objective of this solicitation is to find novel and disruptive concepts and technology solutions with dual-use capabilities that can address the Army's current needs and apply to current Army concepts. The technology areas of interest include Electronics, Human Systems, and Sensors. The Army is particularly interested in technologies related to Artificial Intelligence/Machine Learning, Advanced Materials, Advanced Manufacturing, Autonomy, Cyber, Human Performance, Immersive, Network Technologies, Position, Navigation and Timing (PNT), Power, Software Modernization, and Sensors. The Phase I of the project requires a feasibility study and concept plans, while Phase II involves producing prototype solutions for evaluation by soldiers. Phase III focuses on the maturation of the technology and commercialization. The solicitation is open until March 31, 2025. For more information, visit the [solicitation agency website](https://www.defensesbirsttr.mil/SBIR-STTR/Opportunities/).
DOD SBIR 24.4 Annual - xTech Search 8 SBIR Finalist Open Topic Competition
Department of Defense
The Department of Defense (DOD) is seeking proposals for the xTech Search 8 SBIR Finalist Open Topic Competition. The objective of this solicitation is to find novel and disruptive concepts and technology solutions with dual-use capabilities that can address the Army's current needs and apply to current Army concepts. The technology areas of interest include Electronics, Human Systems, and Sensors. The Army is particularly interested in technologies related to Artificial Intelligence/Machine Learning, Advanced Materials, Advanced Manufacturing, Autonomy, Cyber, Human Performance, Immersive, Network Technologies, Position, Navigation and Timing (PNT), Power, Software Modernization, and Sensors. The Phase I of the project requires a feasibility study and concept plans, while Phase II involves producing prototype solutions that can be easily operated by soldiers. Phase III focuses on the maturation of the technology and its transition to TRL 6/7, as well as further development and commercialization. The solicitation is open until March 31, 2025. For more information, visit the [solicitation agency website](https://www.defensesbirsttr.mil/SBIR-STTR/Opportunities/).
DOD SBIR 24.4 Annual - xTechScalable AI
Department of Defense
The Department of Defense (DOD) is seeking proposals for the topic "xTechScalable AI" as part of the SBIR program. The Army branch is specifically interested in novel and disruptive concepts and technology solutions that can address the vulnerabilities of current machine learning pipelines and models. The goal is to develop comprehensive security models capable of defending against universal AI threat vectors. The Army is prioritizing proposals that focus on systematic testing and evaluation methods, trusted and secure validation and verification strategies, continuous monitoring capabilities, improved transparency and assurance of code and data, and improved telemetry capabilities. The Army will use the xTechScalable AI prize competition to identify small businesses that meet the criteria for award, and only winners of the competition will be eligible to submit a proposal under this topic. The project will have three phases: Phase I involves submitting a Direct to Phase II (DP2) proposal, Phase II involves producing prototype solutions for evaluation by soldiers, and Phase III involves completing the maturation of the technology and producing prototypes for further development and commercialization. The deadline for proposal submission is March 31, 2025. For more information and to submit a proposal, visit the solicitation agency's website at [solicitation_agency_url].