Listen to article:
Mark Maglin
Vice President of
DoD Cybersecurity
“We’re protecting one of the largest, most complex networks in the world,” says ECS Vice President of DoD Cybersecurity Mark Maglin, “for an incredibly important mission that our nation’s adversaries are attacking every single day.”
Mark is talking about the Army Endpoint Security Solution (AESS) that ECS has provided for U.S. Army Cyber Command (ARCYBER) since 2016. “The key to AESS success is sharing cyber threat intelligence (CTI) in near real time to protect the Army’s assets and inform our partners of new threats.”
The zero trust architected AESS protects 800,000 endpoints across the Army’s global infrastructure. It blocks 1.5 million malicious events per month. It’s the only true managed security service used by the U.S. Army. And it’s the only deployed, fully integrated cybersecurity solution that offers all the endpoint security and management capabilities required by Joint Force Headquarters ― DoD Information Network.
In the fall of 2022, ARCYBER awarded ECS a five-year recompete contract, beginning the “2.0” phase of AESS development. We sat down with Mark to ask a few questions about AESS and where its 2.0 improvements are taking Army cybersecurity.
Q: Can you describe some innovations and improvements AESS 2.0 will bring?
A: For starters, we’re adding another endpoint tool, Microsoft Defender. Our strength is our working with key technology partners to integrate and deliver the latest and best tool sets available, because no one tool does everything.
We take all these powerful tools — Elastic, ThreatQuotient, Forescout, Trellix, Tychon, and others ― integrate them into a coherent solution, automate it, and deliver it as a managed service. So ARCYBER never needs to worry about managing individual tools or policies.
All our tools are cyber sensors. Our integrated solution collects, normalizes, correlates and instantaneously shares CTI from each one of the sensors. So, the AESS can isolate a single malicious detection and use that CTI to protect every endpoint across the global enterprise — automatically and in real time.
Beyond CTI, we enumerate every endpoint for cyber hygiene: policy compliance, configuration, and vulnerabilities. That way, as soon as a new attack and its method are known, we know which endpoints may be vulnerable.
During a significant cyber event, no single entity has all the information, authorities, or capabilities to enable comprehensive action. Creating shared situational awareness is primarily a policy, information, and analytics challenge, not just an IT challenge.
Network visibility and analytics improvements are also in the works. We’re creating a unified asset management system that will provide more visibility of network devices and enhanced reporting. This will improve compliance, threat detection, investigation, and response.
We’re also integrating with the Army’s big data platform, Gabriel Nimbus, and other DoD data platforms. This will enrich the Army’s long-term threat intelligence analysis.
Q: You’ve said AESS is “all about the data.” Can you elaborate on that?
A: It’s all about protecting the Army’s data. And it’s also about the CTI generated by our security tools. By gathering and analyzing that threat data, we gain visibility and can better protect endpoints. That’s why we’ve built AESS from these tools. We know how to get the data from them and gain visibility into every asset on the Army’s networks and everything that’s happening on those networks.
Data analytics tell us things we wouldn’t otherwise know, such as where the vulnerabilities are. Without this capability, you’re just playing Whac-a-Mole on security events. But with it, we know where to look and how to understand and prioritize vulnerabilities and fix things before we have an intrusion.
Data enables us to detect and automatically protect against threats across the Army’s networks in the short term. Finally, by sharing our threat data with other Army platforms, we’ll help uncover cyber threats and vulnerabilities through long-term analytics.
We are also working with other DoD agencies such as Joint Special Operations Command, Central Command, and others to automatically share CTI discovered from novel malicious events. This is a first, and I think we are the only ones sharing across agency networks. There is a technical challenge which we have solved, but it is really a policy challenge, too. It is the right thing to do. We need to crowdsource our CTI.
Q: Can you comment on the zero trust capabilities of AESS 2.0 in light of the DoD’s Nov. 2022 zero trust strategy?
A: AESS has long been a zero trust solution and we continue to move in that direction. Our AESS 2.0 core capabilities map very well to the department’s zero trust framework, apart from areas that lie outside the scope of our AESS work. From users, devices, and data, to visibility and analytics, and automation and orchestration — AESS 2.0 provides the zero trust capabilities called for in the department’s zero trust framework.
On AESS, we are implementing a hybrid-multi-cloud cybersecurity system. It is hybrid in that we host our cybersecurity tools on premises, within Army data centers, and we use the native cybersecurity tools in Microsoft Azure as part of Microsoft Defender Enterprise (MDE). It is multi-cloud because we protect every type of endpoint —from physical on premises (work laptops) to virtual desktops to cloud-hosted applications in multiple clouds, including cArmy.
Q: Is there anything else about the future of AESS that you’d like to leave us with?
A: AESS will continue to evolve, and ECS will continue to draw on our company’s massive array of skills and experience to maintain and develop AESS. Internal knowledge sharing across ECS projects will always support the development of the Army Endpoint Security Solution — so long as we have the privilege of providing the Army with this managed security service.
