Description

Throughout departments of defense, intelligence communities, civilian and other government agencies a physically separated, the multilevel network architecture is used (often mandated) to maintain a boundary between different classification/sensitivity levels or networks. This model is ideal for data and network protection but can be cumbersome when it comes to administration.

This is true for security operations centers (SOCs) and Defensive Cyber Operations Centers (DCOCs) and the tools they use to monitor and address system auditing and alerts.

In most cases administrators utilize a Security Information & Event Management (SIEM) solution, such as Micro Focus ArcSight™, from Hewlett Packard Enterprise, to provide comprehensive, cost-effective security analytics to identify threats and manage risk and "provide a holistic view of [the enterprise] information technology security posture". Collection agents are deployed to endpoints, servers and across network devices to gather logs, security event data, common vulnerabilities and exposures (CVEs), etc. This all works remarkably well when used in a flat network architecture but can become VERY complex in a multilevel network environment.

Due to the sensitive, and often classified, nature of the data residing on the individual networks, the data must be kept separate and often times administration must be performed by separate individuals. This results in a large number of separate monitoring tools and makes it very difficult to capture a singular picture of what is happening across the enterprise.

PROBLEM SOLVED

High-Speed Guard™, from Forcepoint, is a multilevel transfer guard (or cross-domain guard) purpose-built to provide secure data transfer capabilities that mitigate the risk from viruses, malware, policy violations, and misuse insensitive and classified environments. Widely deployed throughout departments of defense, intelligence communities, and civilian agencies, High-Speed Guard facilitates rapid, seamless, and secure data transfer between networks at different sensitivity levels.

The inclusion of High-Speed Guard in the SIEM architecture allows for rapid data transfer from lower-level networks to a single higher-level network. The result is one location to monitor the entire enterprise allowing administrators a comprehensive view across individual network boundaries.

High-Speed Guard is a software solution that utilizes a trusted operating system (OS) to enforce OS- and application-level security rules and network segment separation. Due to the flexible nature of a software guard versus hardware solutions (such as data diodes), guard technology is inherently more flexible allowing for robust customizations to meet specific customer use cases.

Whereas diodes rely on software typically installed on traditional servers, guards utilize customized military-grade inspection routines and validations that are highly protected from the data and the networks and execute in a tightly controlled manner. These validations prevent malicious data from entering more secure networks and prevent data leakage from sensitive networks; providing a much higher degree of confidence that the data being passed is the permitted data. Refer to the Ensuring Secure Data Transfer: Guards vs. Diodes whitepaper for additional information.

TRANSFER MECHANISMS

High-Speed Guard contains an extremely flexible rule engine supporting many different transfer mechanisms providing a variety of fixed security protections and secure transfer methods. Refer to the High-Speed Guard datasheet for additional information.

Specific to environments transferring ArcSight SIEM data, High-Speed Guard utilizes the following mechanisms:

  • ADAPTABLE LIGHTWEIGHT MESSAGING - The Adaptable Lightweight Messaging transfer mechanism gives High-Speed Guard the flexibility to support almost any standard or custom messaging protocol, while still providing extensive security controls on all transmissions. High-Speed Guard supports almost any UDP or TCP based protocol with or without SSL.
  • ULTRA HIGH DATA RATE USER DATAGRAM PROTOCOL (UDP) - The Ultra High Data Rate UDP mechanism provides enterprises with a unique messaging capability that has achieved transfer rates of 96,000 messages per second with 1200 byte messages, without any packet loss.

ASSESSMENT & AUTHORIZATION (A&A)

High-Speed Guard is engineered to satisfy cross-domain security requirements for Top Secret/SCI and Below Interoperability (TSABI) and Secret and Below Interoperability (SABI) A&A processes. High-Speed Guard is deployed worldwide and has received accreditation under Director of Central Intelligence Directive (DCID) 6/3, ICD 503, and National Institute of Standards & Technology 800-53 and 8500.2 security controls.

SUPPORTING A MULTILEVEL SIEM ENVIRONMENT IN PRACTICE

A current ArcSight customer in the US Department of Defense faced this exact problem – they had the requirement to streamline audit log and security alert monitoring from 6+ networks to a higher-level network.

High-Speed Guard is used to moving the ArcSight data rapidly and securely from the individual lower networks to one high-side network. This allows for greater network visibility and also reduces much of the administrative burden incurred with monitoring all the networks individually. Administrators that were required to spend much of their time devoted to SIEM monitoring are now able to redeploy to other high-value tasks in the enterprise.

CONCLUSION

No longer is it necessary to retain ultra-complex SIEM environments when working in SOCs and DCOCs with any number of separate networks of differing sensitivity or classification levels. With High-Speed Guard to rapidly and securely transfer all security log and event data to a single network location for ArcSight management, administrators can now obtain a holistic view of the entire enterprise quickly and easily.

ABOUT FORCEPOINT

Forcepoint™ Federal is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, and TRITON® are registered trademarks of Forcepoint, LLC. High-Speed Guard™ is a trademark of Forcepoint, LLC. Raytheon is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.



Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
High Speed Guard™ + ArcSight™ 1.0
916.4 KB
  |  
Aug 31, 2017
More info Less info
Product compatibility
Version 6.11
Version 7.0 · 7.2
Languages
English

Resources

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the Micro Focus Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-7-3-4335 | Wed Jul 28 06:08:21 PDT 2021