The Defense Department is making changes to the tools that provide endpoint security to its network. In a news release, DISA said the Host Based Security System (HBSS) — a tool to enable DoD to detect and counter known threats in the network — will be folded into several other tools as to provide an "evolved, holistic approach to cybersecurity network defense." This new approach is known as Endpoint Security Solutions (ESS), DISA said.
This change includes newer versions of existing capabilities and brand-new capabilities that were identified through the NIPRNet/SIPRNet CYBER Security Architecture (NSCSAR) analysis that assesses gaps in DoD Information Network cyber protection capabilities, said John Hickey, cyber development director for DISA, in an email to C4ISRNET.
DISA was tasked by the DoD's chief information officer, Terry Halvorsen, to evolve the HBSS to an endpoint security system, Hickey said, adding that Halvorsen and DISA are working with components in the department to identify what that end-state will be. The initial phase integrates the HBSS and DoD Secure Host Baseline (SHB) Windows 10 build into a single image, though the overall enhancement will be a gradual process over the next few years.
ESS, Hickey described, is DoD's "rebranding" of HBSS into a new suite to include "HBSS-like capabilities, new capabilities, and the merger of the DoD Secure Host Baseline (SHB) Windows 10 implementation."
"The change is happening based on DoD Component feedback on existing tool capabilities, ease of use, and desire for additional capabilities to reduce effort while conducting cyber security activities," Hickey wrote.
All the endpoint information feeds into DISA's Cyber Situational Awareness Analytic Capabilities, which is a set of solutions that provides an ability to collect, analyze, visualize and share DoDIN and mission partner information for collaborative cyberspace operations. Additionally, it allows for greater visibility into the enterprise to enable critical decisions to be made upon better and broader information sets. This allows joint analysts to view and act on those data elements, Hickey said.
Endpoint security is a DoD-wide effort that leverages efforts from several agencies such as DISA, the National Security Agency, the DoD Cyber Range and DoD red teams, and involves continuous market research that is conducted through DoD components, the Department of Homeland Security as well as supporting contractors, DISA said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.