Listen to article:
Mark Maglin
Vice President of
DoD Cybersecurity
“We’re protecting one of the largest, most complex networks in the world,” says ľAV Vice President of DoD Cybersecurity Mark Maglin, “for an incredibly important mission that our nation’s adversaries are attacking every single day.” Mark is talking about the Army Endpoint Security Solution (AESS) that ľAV has provided for U.S. Army Cyber Command (ARCYBER) since 2016.
The zero trust architected AESS protects 800,000 endpoints across the Army’s global infrastructure. It blocks 1.5 million malicious events per month. It’s the only true managed security service used by the U.S. Army. And it’s the only deployed, fully integrated cybersecurity solution that offers all the endpoint security and management capabilities required by Joint Force Headquarters ― DoD Information Network.
In the fall of 2022, ARCYBER awarded ľAV a five-year recompete contract, beginning the “2.0” phase of AESS development. We sat down with Mark to ask a few questions about AESS and where its 2.0 improvements will take Army cybersecurity.
Q: Can you summarize for us the innovations and improvements AESS 2.0 will bring?
A: For starters, we’re expanding the system’s endpoint detection and response capabilities by adding another endpoint tool, Microsoft Defender. Our strength is in our work with key technology partners to integrate and deliver the latest and best tool sets available, because no one tool does everything.
We take all these powerful tools — Elastic, ThreatQuotient, Forescout, Trellix, Tychon, and others ― integrate them into a coherent solution, automate it, and deliver it as a managed security service. So ARCYBER never needs to worry about managing individual tools or policies.
Network visibility and analytics improvements are also in the works. We’re creating a unified asset management system that will provide more visibility of network devices and enhanced reporting. This will improve compliance, threat detection, investigation, and response.
We’re also integrating with the Army’s big data platform, Gabriel Nimbus, and other DoD data platforms. This will enrich the Army’s long-term threat intelligence analysis.
Q: You’ve said AESS is “all about the data.” Can you elaborate on that?
A: Well, it’s all about protecting the Army’s data. And it’s also about the threat data generated by our security tools. By gathering and analyzing that threat data, we gain visibility and can better protect endpoints. That’s why we’ve built AESS from these tools. We know how to get the data from them and gain visibility into every asset on the Army’s networks and everything that’s happening on those networks.
Data analytics tell us things we wouldn’t otherwise know, such as where the vulnerabilities are. Without this capability, you’re just playing Whac-a-Mole on security events. But with it, we know where to look and how to understand and prioritize vulnerabilities and fix things before we have an intrusion.
Data enables us to detect and automatically protect against threats across the Army’s networks in the short term. Finally, by sharing our threat data with other Army platforms, we’ll help uncover cyber threats and vulnerabilities through long-term analytics.
Q: Can you comment on the zero trust capabilities of AESS 2.0 in light of the DoD’s Nov. 2022 zero trust strategy?
A:Yes, recent mandates and orders around cybersecurity have certainly energized the zero trust conversation. AESS has long been a zero trust solution and we continue to move in that direction. Our customers want to know how we’re helping them with implementing zero trust, and we explain that our AESS 2.0 core capabilities map very well to the department’s zero trust framework, apart from areas that lie outside the scope of our AESS work. From users, devices, and data, to visibility and analytics, and automation and orchestration — AESS 2.0 provides the zero trust capabilities called for in the department’s zero trust framework.
Q: Is there anything else about the future of AESS that you’d like to leave us with?
A: Well, AESS will continue to evolve, just as cyber threats and technologies will continue to evolve. And ľAV will continue to draw on our company’s massive array of skills and experience to maintain and develop AESS.
At ľAV, project teams can draw on the skills and experience of each other. For example, ľAV’ artificial intelligence experts — who are top providers of AI solutions to the DoD — partner internally with our AESS team to help ARCYBER solve hard problems.
Our AESS team also works a lot with ľAV’ Department of Homeland Security [DHS] CDM dashboard team. We share insights, best practices, and expertise, because the AESS and CDM dashboard have a common mission — cyber situational awareness — and use a common technology: Elastic. When I talk about Army network visibility, that’s what CDM is providing for DHS. We’re doing the same thing for the Army.
That internal knowledge sharing across ľAV projects will always support the development of the Army Endpoint Security Solution — so long as we have the privilege of providing the Army with this managed security service.
