Back to news

September 16, 2020 | International, Naval, Other Defence

Fewer Threats, More Bandwidth: DISA Awards $199M For Cloud Browsing

Leaving the browser and its history in a virtual environment spread across any number of servers makes it harder for adversaries to target the military's actual computers or tablets.

ALBUQUERQUE: The Defense Information Systems Agency awarded $198.9 million for a Cloud Based Internet Isolation contract to Menlo Security and By Light, the agency announced today. DISA hopes Menlo Security's tech can, by keeping downloads in the cloud, reduce harmful downloads across the entire Pentagon workforce. By keeping browsing inside the cloud, the program will save on bandwidth, and protect against the department's 3.5 million users accidentally downloading malware.

It is a kind of “air-gapping,” the style of computer security that keeps networks safe by making sure that computers are not physically connected at all times. Leaving the browser, and all its contained history, in a virtual environment in any of a number of servers makes it harder for adversaries, be they criminals, nonstate actors, or nations, to target the actual computers or tablets used by the military.

Internet browsing is mostly downloading files directly to the end-user's computer or mobile device. What the Cloud Based Internet Isolation (CBII) does is make sure that all that downloading happens, not on the end user's computer, but instead in a remotely secured server.

“The remote worker will perform the task of going to their net or an Internet based application, that fetch and execute,” Menlo Security VP Mike Fraga says. What is different is that, instead of downloading directly onto the user's device, “getting the information and actually queuing is done in a disposable container in Menlo cloud. And so then we replicate what's happening on the application or the internet down on a remote workers device.”

In essence, CBII promises to do all this while making the user experience virtually indistinguishable from having the browser directly running on the computer. Users are functionally interacting with an image of a browser window, instead of the browser itself, but that illusion should be imperceptible.

“That's going to significantly reduce the risk in the attack surface,” said By Light VP Jason Cole, “alleviating all the congestion at those Internet access points.”

For security purposes, this means that instead of monitoring all traffic for harm on every device, the Pentagon can instead look at the connection between computers and clouds. If a piece of malware was downloaded, it becomes a much smaller haystack of files for the forensics team to go through, since downloading to a computer becomes an active choice, instead of the passive function of browsing.

Many of the normal conveniences of browser-based functionality are continued within Menlo's cloud-based environment.

Instead of users having to log in anew to every site they visit every time they load the remote cloud, the software “maintains an encrypted cookie-jar in our cloud for each user that largely mirrors how the user's native browser handles cookies,” said Kowsik Guruswamy, Menlo Security CTO.

“When a user navigates to a site, Menlo injects the user's site-specific cookies into the isolated browser so they can stay logged in,” Guruswamy continued. “The encryption key for each user's cookie jar is stored in their own browser, such that only they can unlock the contents.”

Beyond the security of the environment, the move to cloud-based browsing also promises an overall savings in data use.

“We're estimating about a 20% bandwidth reduction for any general web browsing, but then a 50 to 70% bandwidth reduction for streaming media,” said Cole.

That savings is valuable everywhere, and is especially valuable in areas where bandwidth is already constrained, like on ships underway or at remote bases with low connectivity. Even in more domestic settings, the pandemic-induced shift to remote work often means users have to send data back through company-owned network infrastructure for security reasons, which eats up time in the process, and comes with risks.

“I think companies overall are struggling with not only the latency so that their end users can have a good experience to accomplish their job, but gaps in security based on all that backhauling, and there's some blind spots there,” said Fraga.

The servers are, like much of the cloud infrastructure available today, provided through Amazon Web Services. Menlo's approach is already in use with banks like JPMorgan Chase, HSBC, and AmEx.

“Isolation overall is an innovative technology,” said Fraga. Isolation, in the fashion promised by cloud-based browsing, is a preventative technology. It reduces the number of paths into computers, making it easier for other detection solutions to find the fewer threats that might slip through.

https://breakingdefense.com/2020/09/fewer-threats-more-bandwidth-disa-awards-199m-for-cloud-browsing/

On the same subject

  • US Army capabilities integration chief talks multidomain ops

    October 9, 2018 | International, Aerospace, Naval, Land, C4ISR

    US Army capabilities integration chief talks multidomain ops

    By: Jen Judson WASHINGTON — Lt. Gen. Eric Wesley is the new Army Capabilities Integration Center director and the first director to guide the center's efforts under the purview of the brand-new Army Futures Command, as opposed to Training and Doctrine Command, where the center lived since its inception. ARCIC will be responsible for the development of future operational and war-fighting concepts that align and inform the service's major modernization priorities that Futures Command is tasked to develop in a new and rapid way. In an unprecedented method, concept and capability development will be formed in parallel. In a wide-ranging interview with Defense News, Wesley discussed how the Army is evolving its major operational concept — Multidomain Operations 1.5 — and how ARCIC will continue to align modernization strategy with the concept as the Army heads toward a fully modernized force by 2028 — one that can provide overmatch against peer adversaries. When are you coming out with the new version of the Army's Multidomain Operations concept (MDO 1.5)? Will it be at the Association of the U.S. Army's annual conference? We're teasing it out. What we're going to do is deliver all of the principles and tenets of this new concept, and then you'll see the signed version within 30 days of that. Why is getting the MDO concept right so critical? I'll say upfront this is the most fundamental rewrite of an operational concept since AirLand Battle that was published in 1982. Concepts are critical, particularly at a point in time when you see the world's dynamics fundamentally shift in a way that you've got to, in many ways, reconfigure or redesign and modernize your army. What has changed in the world that requires multidomain operations? I'd say there are a number of things. But if there's a word that you want to remember in terms of identifying the challenges we face within the pacing threats, it is the word “standoff.” And what [our adversaries] have invested in are things that mitigate against the United States and our partners and allies' strengths. We're very good at close combat, and they've watched us over the last 30 years or so. And when you give the United States and our coalition partners and allies time to build up against it, usually the outcome is preordained based on ability to get into position and conduct operations the way we like to conduct them. So recognizing that, they've invested in what we oftentimes refer to as anti-access, area denial capabilities, which serendipitously came parallel with our withdrawal from the continent of Europe and the Korean Peninsula over the last 30 years. Fll article: https://www.defensenews.com/digital-show-dailies/ausa/2018/10/08/us-army-capabilities-integration-chief-talks-multidomain-ops

  • Bridging the FLIT gap - Skies Mag

    February 14, 2024 | International, Aerospace

    Bridging the FLIT gap - Skies Mag

    With the current contracted fighter lead-in training program coming to an end in March 2024, and its replacement not expected to be ready until after 2030, the Air Force is turning to allies to help prepare its future fighter pilots.

  • US Pentagon provides BlackWatch with semiconductor support worth up to $96.9m

    August 28, 2023 | International, C4ISR

    US Pentagon provides BlackWatch with semiconductor support worth up to $96.9m

    US institutions try to boost their domestic semiconductor industry as the commodity becomes a hot topic in the nation’s tech war with China.

All news