Listen to article:
Vice President of
“We’re protecting one of the largest, most complex networks in the world,” says ECS Vice President of DoD Cybersecurity Mark Maglin, “for an incredibly important mission that our nation’s adversaries are attacking every single day.” Mark is talking about the Army Endpoint Security Solution (AESS) that ECS has provided for U.S. Army Cyber Command (ARCYBER) since 2016.
The zero trust architected AESS protects 800,000 endpoints across the Army’s global infrastructure. It blocks 1.5 million malicious events per month. It’s the only true managed security service used by the U.S. Army. And it’s the only deployed, fully integrated cybersecurity solution that offers all the endpoint security and management capabilities required by Joint Force Headquarters ― DoD Information Network.
In the fall of 2022, ARCYBER awarded ECS a five-year recompete contract, beginning the “2.0” phase of AESS development. We sat down with Mark to ask a few questions about AESS and where its 2.0 improvements will take Army cybersecurity.
Q: Can you summarize for us the innovations and improvements AESS 2.0 will bring?
A: For starters, we’re expanding the system’s endpoint detection and response capabilities by adding another endpoint tool, Microsoft Defender. Our strength is in our work with key technology partners to integrate and deliver the latest and best tool sets available, because no one tool does everything.
We take all these powerful tools — Elastic, ThreatQuotient, Forescout, Trellix, Tychon, and others ― integrate them into a coherent solution, automate it, and deliver it as a managed security service. So ARCYBER never needs to worry about managing individual tools or policies.
Network visibility and analytics improvements are also in the works. We’re creating a unified asset management system that will provide more visibility of network devices and enhanced reporting. This will improve compliance, threat detection, investigation, and response.
We’re also integrating with the Army’s big data platform, Gabriel Nimbus, and other DoD data platforms. This will enrich the Army’s long-term threat intelligence analysis.
Q: You’ve said AESS is “all about the data.” Can you elaborate on that?
A: Well, it’s all about protecting the Army’s data. And it’s also about the threat data generated by our security tools. By gathering and analyzing that threat data, we gain visibility and can better protect endpoints. That’s why we’ve built AESS from these tools. We know how to get the data from them and gain visibility into every asset on the Army’s networks and everything that’s happening on those networks.
Data analytics tell us things we wouldn’t otherwise know, such as where the vulnerabilities are. Without this capability, you’re just playing Whac-a-Mole on security events. But with it, we know where to look and how to understand and prioritize vulnerabilities and fix things before we have an intrusion.
Data enables us to detect and automatically protect against threats across the Army’s networks in the short term. Finally, by sharing our threat data with other Army platforms, we’ll help uncover cyber threats and vulnerabilities through long-term analytics.
Q: Is there anything else about the future of AESS that you’d like to leave us with?
A: Well, AESS will continue to evolve, just as cyber threats and technologies will continue to evolve. And ECS will continue to draw on our company’s massive array of skills and experience to maintain and develop AESS.
At ECS, project teams can draw on the skills and experience of each other. For example, ECS’ artificial intelligence experts — who are top providers of AI solutions to the DoD — partner internally with our AESS team to help ARCYBER solve hard problems.
Our AESS team also works a lot with ECS’ Department of Homeland Security [DHS] CDM dashboard team. We share insights, best practices, and expertise, because the AESS and CDM dashboard have a common mission — cyber situational awareness — and use a common technology: Elastic. When I talk about Army network visibility, that’s what CDM is providing for DHS. We’re doing the same thing for the Army.
That internal knowledge sharing across ECS projects will always support the development of the Army Endpoint Security Solution — so long as we have the privilege of providing the Army with this managed security service.