Back to news

September 16, 2020 | International, Naval, Other Defence

Fewer Threats, More Bandwidth: DISA Awards $199M For Cloud Browsing

Leaving the browser and its history in a virtual environment spread across any number of servers makes it harder for adversaries to target the military's actual computers or tablets.

ALBUQUERQUE: The Defense Information Systems Agency awarded $198.9 million for a Cloud Based Internet Isolation contract to Menlo Security and By Light, the agency announced today. DISA hopes Menlo Security's tech can, by keeping downloads in the cloud, reduce harmful downloads across the entire Pentagon workforce. By keeping browsing inside the cloud, the program will save on bandwidth, and protect against the department's 3.5 million users accidentally downloading malware.

It is a kind of “air-gapping,” the style of computer security that keeps networks safe by making sure that computers are not physically connected at all times. Leaving the browser, and all its contained history, in a virtual environment in any of a number of servers makes it harder for adversaries, be they criminals, nonstate actors, or nations, to target the actual computers or tablets used by the military.

Internet browsing is mostly downloading files directly to the end-user's computer or mobile device. What the Cloud Based Internet Isolation (CBII) does is make sure that all that downloading happens, not on the end user's computer, but instead in a remotely secured server.

“The remote worker will perform the task of going to their net or an Internet based application, that fetch and execute,” Menlo Security VP Mike Fraga says. What is different is that, instead of downloading directly onto the user's device, “getting the information and actually queuing is done in a disposable container in Menlo cloud. And so then we replicate what's happening on the application or the internet down on a remote workers device.”

In essence, CBII promises to do all this while making the user experience virtually indistinguishable from having the browser directly running on the computer. Users are functionally interacting with an image of a browser window, instead of the browser itself, but that illusion should be imperceptible.

“That's going to significantly reduce the risk in the attack surface,” said By Light VP Jason Cole, “alleviating all the congestion at those Internet access points.”

For security purposes, this means that instead of monitoring all traffic for harm on every device, the Pentagon can instead look at the connection between computers and clouds. If a piece of malware was downloaded, it becomes a much smaller haystack of files for the forensics team to go through, since downloading to a computer becomes an active choice, instead of the passive function of browsing.

Many of the normal conveniences of browser-based functionality are continued within Menlo's cloud-based environment.

Instead of users having to log in anew to every site they visit every time they load the remote cloud, the software “maintains an encrypted cookie-jar in our cloud for each user that largely mirrors how the user's native browser handles cookies,” said Kowsik Guruswamy, Menlo Security CTO.

“When a user navigates to a site, Menlo injects the user's site-specific cookies into the isolated browser so they can stay logged in,” Guruswamy continued. “The encryption key for each user's cookie jar is stored in their own browser, such that only they can unlock the contents.”

Beyond the security of the environment, the move to cloud-based browsing also promises an overall savings in data use.

“We're estimating about a 20% bandwidth reduction for any general web browsing, but then a 50 to 70% bandwidth reduction for streaming media,” said Cole.

That savings is valuable everywhere, and is especially valuable in areas where bandwidth is already constrained, like on ships underway or at remote bases with low connectivity. Even in more domestic settings, the pandemic-induced shift to remote work often means users have to send data back through company-owned network infrastructure for security reasons, which eats up time in the process, and comes with risks.

“I think companies overall are struggling with not only the latency so that their end users can have a good experience to accomplish their job, but gaps in security based on all that backhauling, and there's some blind spots there,” said Fraga.

The servers are, like much of the cloud infrastructure available today, provided through Amazon Web Services. Menlo's approach is already in use with banks like JPMorgan Chase, HSBC, and AmEx.

“Isolation overall is an innovative technology,” said Fraga. Isolation, in the fashion promised by cloud-based browsing, is a preventative technology. It reduces the number of paths into computers, making it easier for other detection solutions to find the fewer threats that might slip through.

https://breakingdefense.com/2020/09/fewer-threats-more-bandwidth-disa-awards-199m-for-cloud-browsing/

On the same subject

  • Marines looking to integrate new information capabilities

    December 14, 2018 | International, C4ISR

    Marines looking to integrate new information capabilities

    By: Mark Pomerleau The Marine Corps has famously claimed that every Marine is a rifleman, but the Corps has moved 1,000 personnel in the last two years to focus on cyber, electronic warfare, signals intelligence and information operations. These moves have come at the cost of infantry, “a pretty big cost to go pay for the Marine Corps,” Kenneth Bible, deputy director of the C4 directorate and deputy chief information officer, said Dec. 6 at the Charleston Defense Contractors Association Defense Summit. "The commandant really had to go think about taking that out of the structure to create these [units] across the Marine Corps.” Now the Marines are looking to integrate these new units — called Marine Expeditionary Force Information Groups, or MIGs — with traditional formations. The deputy commandant for information, a new three-star position created in 2017 to oversee all aspects of information-related warfare, is overseeing efforts to further develop the groups and integrate them into battle plans. "How does he employ those capabilities as part of an integrated warfare plan? How does he implement a strike package in the information domain?” Bible said. “We really have to figure out how to go make that a relevant force and make it something that the MEF commanders can use.” Bible explained these forces will be able to provide traditional military information support operations, psychological operations, military deception, or cyber to fight in the information environment. An operational advisory group met earlier in December with all of the group commanders that focused a lot on how they were maturing capabilities, Bible said. Some of the key questions that still remain surround how to provide intelligence support to cyber, as well as how to incorporate information support capabilities for a more integrated force package, from shaping operations to when operations actually take place. Bible said that Lt. Gen. Lori Reynolds, the deputy commandant for information, has told the organization to start building out exercise plans to work more closely together, adding there will be more specifics to come in the near future. Trident Juncture, NATO-led Trident Juncture exercise in Norway that took place from Oct. 25 to Nov. 7, he said, was a good example of getting limited capability out to commanders to test. New tactical defensive cyber teams participated in the exercise and commanders saw their impact, Bible said. https://www.c4isrnet.com/c2-comms/2018/12/11/marines-looking-to-integrate-new-information-capabilities

  • Pentagon to pit AI against human pilots in live fighter trials

    September 10, 2020 | International, Aerospace, C4ISR

    Pentagon to pit AI against human pilots in live fighter trials

    Aaron Mehta and Andrew Eversden WASHINGTON — U.S. Defense Secretary Mark Esper announced Wednesday that the Pentagon intends to conduct live trials pitting tactical aircraft controlled by artificial intelligence against human pilots in 2024. The announcement comes three weeks after an AI algorithm defeated a human pilot in a simulated dogfight between F-16s, something Esper described as an example of the “tectonic impact of machine learning” for the Defense Department's future. “The AI agent's resounding victory demonstrated the ability of advanced algorithms to outperform humans in virtual dogfights. These simulations will culminate in a real-world competition involving full-scale tactical aircraft in 2024,” Esper said in prepared remarks delivered to the department's Artificial Intelligence Symposium. The Aug. 20 test was the finale of the Pentagon research agency's AI air combat competition. The algorithm, developed by Heron Systems, easily defeated the fighter pilot in all five rounds that capped off a yearlong competition hosted by the Defense Advanced Research Projects Agency. Heron's AI system gained notoriety throughout the competition for its aggressiveness and the accuracy of its shot. But the system wasn't perfect. Heron often made an error in basic fighter maneuvers by turning away from enemy aircraft to where the AI thought the other aircraft would go. It was then unable to recover throughout the fights. “There are a lot caveats and disclaimers to add in here,” Col. Dan Javorsek, program manager in DARPA's Strategic Technology Office, said after the test, including that the AI had significant information that might not be available in an actual combat scenario. Military officials have long eyed the potential for AI to control aircraft, whether as part of a “loyal wingman” setup where a number of systems are controlled by one pilot, or through taking existing systems and making them optionally manned. https://www.c4isrnet.com/artificial-intelligence/2020/09/09/dod-to-pit-ai-vs-human-pilots-in-live-fighter-trials-by-2024/

  • Opinion: Five Takeaways From Recent Defense Investment Activity | Aviation Week Network

    March 10, 2021 | International, Aerospace, Naval, Land, C4ISR, Security

    Opinion: Five Takeaways From Recent Defense Investment Activity | Aviation Week Network

    This year, companies large and small will constantly have to assess and reassess where they can best compete.

All news