Skip to main content

With the rise of new and unprecedented malware, it is more important than ever that government systems adapt the most advanced cybersecurity capabilities to prevent and defend against cyberattack. The 2017 WannaCry ransomware outbreak alone affected over 350,000 computers across 150 countries, causing billions of dollars’ worth of catastrophic damage.

As the information technology and cybersecurity command center of the US Army, ARCYBER foresaw the need to transition from the legacy Host-Based Security System (HBSS) to a modern, cloud-native cybersecurity solution. The scope and criticality of such a transition cannot be overstated—ARCYBER is responsible for all US Army global endpoints, including the tactical systems that keep our soldiers safe and enable the Army’s mission.

Download Program Overview and Architecture
Black and white U.S. Army Cyber Command logo

Cybersecurity as a managed service

ARCYBER selected ECS to manage this transition to the next-generation Advanced Cyber Threat Defense (ACTD) platform, replacing the outmoded tools of HBSS with an integrated suite of best-in-breed technologies to provide enterprise-wide zero-day threat defense, real-time visibility of assets, vulnerability management and advanced automated endpoint security response. By seeking a platform-as-a-service (PaaS) solution, ARCYBER seized the opportunity to consolidate what had become an unwieldy, divergent system operated by at least seven contracts with nonstandard security and operating procedures into a unified system managed by one service provider, ECS.

ACTD reduces overall cost while ensuring that the entire system operates towards clearly defined contractual service level agreements (SLAs). Through this managed service, ECS provides advanced cybersecurity tools, threat data, analytics, and training to all authorized Army users, including the Army Defense Cyber Operations Integration Center, Regional Security Centers, and leaders at each echelon. Relieved of routine system operations and maintenance (O&M), the Army was able to upskill its work force from system administrators to cyber warriors.

But how to orchestrate a transition of such magnitude and strategic importance?

ECS approached the challenge with a multi-phase plan. In Phase 1, “Like for Like,” ECS deployed the contractor-owned, contractor-operated (COCO) enterprise managed service, standing up the new ACTD platform and assuming responsibility for Tier-2 and Tier-3 support. Simultaneously, ECS established standardized baseline security capabilities. This strategy allowed for a low-risk transition within six months of contract kickoff.

Stronger protection and greater efficiencies

In Phase 2, “Expanded Capabilities,” ECS implemented next-generation tools, building upon the mature, proven DISA-approved products already in place. These tools, which meet and exceed ARCYBER’s security and asset management requirements, serve not only to identify and respond to cyberattacks, but also to prevent and protect against such threats through automated data collection and reporting, as well as interoperation between products and endpoints.

By embracing innovation and partnerships with leading technology providers like Elastic, ECS brings new capabilities to ARCYBER including security orchestration automation response (SOAR), interagency indicator-of-compromise (IOC) sharing, and increased visibility through cyber scorecards and dashboards. As part of a firm-fixed price contract, these new capabilities come at no additional cost to ARCYBER. ECS’ efforts on AESS have resulted in $50 million cost savings over three years and over 70 percent full-time equivalent (FTE) reduction.

Continuous Innovation and Improvement

In Phase 3, “Continuous Innovation and Improvement,” ECS continues to upgrade ACTD and achieve new efficiencies for the Army, introducing new features like a threat intelligence platform (TIP) and analyst training for all users. Due to the success of ACTD, the Army Chief Information Officer (CIO) issued a memorandum that all Army Commands will migrate to AESS.

By shifting Automated Endpoint Continuous Monitoring (ACEM) to AESS and retiring redundant systems, ECS helped ARCYBER save tens of millions of dollars annually. Recognizing the natural fit of AESS’ automated response capabilities with the Comply to Connect (C2C) mission, U.S. Army Network Enterprise Technology Command (NETCOM) turned to ECS to roll out the prototype and initial C2C system, integrating visibility with command and control and automated response to isolate and remediate non-compliant endpoints.  ECS is currently developing a hybrid multi-cloud solution to protect both on-premises and cloud endpoints and data, as well as laying the groundwork for zero-trust architecture. As the Army increasingly moves towards cloud applications and services, ACTD is the platform that will protect these systems and data.

AESS is a forward-looking solution, designed for continuous innovation and improvement through system upgrades, automation, orchestration, and application enhancement. Its open, extensible architecture allows for integration with other Army tools, such as the GABRIEL NIMBUS big data platform, as well as vital information sharing with partner networks. AESS is cloud-native ready for Army and can readily be adapted to other networks including the Defense Research and Engineering Network (DREN), Mission Partner Networks, Joint Worldwide Intelligence Communications System (JWICS), and Combined Enterprise Regional Information Exchange System (CENTRIXS). These capabilities provide for a system that not only meets the cybersecurity demands of today, but also anticipates and rises to meet the challenges of the future.

The AESS contract is delivered on the NASA SEWP V government-wide acquisition contract.
Find out more about our
cybersecurity solutions.

Close Menu

© 2023 ECS. All Rights Reserved.