The Defense Information Systems Agency is undertaking a comprehensive modernization effort for endpoint security. 

DISA announced in late 2016 that it was rebranding its Host Based Security System, or HBSS, which will be folded into several other tools to provide an "evolved, holistic approach to cybersecurity network defense," to be known as endpoint security solutions, or ESS.

The current HBSS system has been around for about a decade, and modernization efforts are underway because the agency and DoD recognize that greater efficiency can be attained by adopting newer technologies as well as reducing the number of parts and pieces, said Seab Herron, Endpoint Security Programs chief at DISA.

DISA is still in source selection for its HBSS recompete, which Herron described as meeting three conditions:

  • Separating licensing from the integrator to have the licensing on a separate contract
  • Getting the integrator on a separate contract
  • Ensuring that new capabilities DISA might pursue would be on a different enterprise contract from the licensing and integrator.

This would make DISA more agile to be able to work through the integrator, which would be vendor agnostic, Herron said. With licensing not tied to a vendor, the agency can work through the integrator to define the right mix of security tools by specific vendors for specific capabilities based on requirements that were given. 


Herron said they can consolidate a lot of the work into smaller applications and smaller tools, but to get there, there must be significant collaboration and coordination with component counterparts as well as the individual services, whose opinions, he said, are probably the largest they subscribe to.

To that point, he noted his shop as well as counterparts within the government are seeking to simplify war-fighter requirements and platforms. Herron said the immediate challenge is the need to move more quickly and get security in place to relieve the burden on troops for the sustainment of some of the complex security tools.

The goal is to adopt capabilities that are more automated and that require less intervention by the war fighter, a similar effort being undertaken by other individual services. Simplifying the user experience by adopting tools that are less complex but still work well is a lesson that has been learned over the last ten years, he said. Specifically, the government is after vendors to give them what they want and provide solutions that are not overly complex and are not difficult to deploy and sustain, Herron added.

Herron said his other priorities include adopting smarter technologies, such as machine-learning-capable tools. These will allow tools to be applied to more diverse networks, especially at the tactical and disadvantaged networks — or network that has limited connectivity — that aren't able to use the full capability of tools DISA and DoD have.

Adopting Windows 10, mandated by former DoD CIO Terry Halvorsen, is also a priority. Windows 10 and its manufacturer, Microsoft, have adopted a more aggressive security posture within its operating systems, Herron said.

Third, Herron described the need to accelerate the acquisition process. "We cannot continue to take as long as we have historically taken to put a capability in play," he said. "We have to be much, much quicker."

As adversaries have become smarter and are increasingly able to understand and get around defensive architectures, nothing is foolproof anymore, Herron said. 

"Even if we figure something out and put something in place today, it probably won't be very long before the bad people find out how to get around it," he said.

As such, an acquisition cycle and rapid authority is imperative. Herron described how DISA is leveraging vehicles such as other transaction authority and the Defense Innovation Unit-

Experimental to move things forward.