User Activity Monitoring (UAM)
TDG provides user activity monitoring (UAM) data analysis and technical services to Headquarters, U.S. Army Cyber Command (ARCYBER). Place of performance is an INSCOM facility in Springfield, VA.
TDG augments ARCYBER’s UAM operations. User activity monitoring is the technical capability to observe and record the actions and activities of all users, at any time, on any device accessing national security information in order to detect insider threats and to support authorized investigations. User activity monitoring generates alerts when specific anomalous activities occur that may be indicators of insider threat behavior.
TDG supports ARCYBER’s operational UAM capability on two (non-tactical) classified networks employing certain UAM tools. ARCYBER’s application and database servers reside on a classified network. Tools deployed to endpoints on the network send their collected data to the database server through a cross domain solution. TDG’s ARCYBER UAM team leverages data from the Host Based Security System (HBSS), and other tools to enhance UAM data analysis. TDG analyzes UAM data (and data from supporting tools) from a total of approximately 60,000 (60K) endpoints. TDG’s ARCYBER UAM analysts resolve alerts received from approximately 4,000 UAM clients each day.
TDG’s UAM Team:
Reviews UAM audit alerts and create Incident Assessment Reports (IARs) as directed.
Strengthens the ARCYBER's analytical program by applying technical expertise and experience to make suggestions aimed at improving existing UAM policies.
Documents the analytical program’s operations.
Generates program metrics.
Completes other tasks outlined in the certain documents.
These services are provided across the following task areas:
Task Area 1 -Task Management
Task Area 2 - Project Plan
Task Area 3 - UAM Data Analysis
Task Area 4 - Collection and Analytical Capabilities Improvement
Task Area 5 - Concept of Operations (CONOPS) and Metrics
