Throughout departments of defense, intelligence communities, civilian and other government agencies a physically separated, the multilevel network architecture is used (often mandated) to maintain a boundary between different classification/sensitivity levels or networks. This model is ideal for data and network protection but can be cumbersome when it comes to administration.
This is true for security operations centers (SOCs) and Defensive Cyber Operations Centers (DCOCs) and the tools they use to monitor and address system auditing and alerts.
In most cases administrators utilize a Security Information & Event Management (SIEM) solution, such as Micro Focus ArcSight™, from Hewlett Packard Enterprise, to provide comprehensive, cost-effective security analytics to identify threats and manage risk and "provide a holistic view of [the enterprise] information technology security posture". Collection agents are deployed to endpoints, servers and across network devices to gather logs, security event data, common vulnerabilities and exposures (CVEs), etc. This all works remarkably well when used in a flat network architecture but can become VERY complex in a multilevel network environment.
Due to the sensitive, and often classified, nature of the data residing on the individual networks, the data must be kept separate and often times administration must be performed by separate individuals. This results in a large number of separate monitoring tools and makes it very difficult to capture a singular picture of what is happening across the enterprise.
High-Speed Guard™, from Forcepoint, is a multilevel transfer guard (or cross-domain guard) purpose-built to provide secure data transfer capabilities that mitigate the risk from viruses, malware, policy violations, and misuse insensitive and classified environments. Widely deployed throughout departments of defense, intelligence communities, and civilian agencies, High-Speed Guard facilitates rapid, seamless, and secure data transfer between networks at different sensitivity levels.
The inclusion of High-Speed Guard in the SIEM architecture allows for rapid data transfer from lower-level networks to a single higher-level network. The result is one location to monitor the entire enterprise allowing administrators a comprehensive view across individual network boundaries.
High-Speed Guard is a software solution that utilizes a trusted operating system (OS) to enforce OS- and application-level security rules and network segment separation. Due to the flexible nature of a software guard versus hardware solutions (such as data diodes), guard technology is inherently more flexible allowing for robust customizations to meet specific customer use cases.
Whereas diodes rely on software typically installed on traditional servers, guards utilize customized military-grade inspection routines and validations that are highly protected from the data and the networks and execute in a tightly controlled manner. These validations prevent malicious data from entering more secure networks and prevent data leakage from sensitive networks; providing a much higher degree of confidence that the data being passed is the permitted data. Refer to the Ensuring Secure Data Transfer: Guards vs. Diodes whitepaper for additional information.
High-Speed Guard contains an extremely flexible rule engine supporting many different transfer mechanisms providing a variety of fixed security protections and secure transfer methods. Refer to the High-Speed Guard datasheet for additional information.
Specific to environments transferring ArcSight SIEM data, High-Speed Guard utilizes the following mechanisms:
ASSESSMENT & AUTHORIZATION (A&A)
High-Speed Guard is engineered to satisfy cross-domain security requirements for Top Secret/SCI and Below Interoperability (TSABI) and Secret and Below Interoperability (SABI) A&A processes. High-Speed Guard is deployed worldwide and has received accreditation under Director of Central Intelligence Directive (DCID) 6/3, ICD 503, and National Institute of Standards & Technology 800-53 and 8500.2 security controls.
SUPPORTING A MULTILEVEL SIEM ENVIRONMENT IN PRACTICE
A current ArcSight customer in the US Department of Defense faced this exact problem – they had the requirement to streamline audit log and security alert monitoring from 6+ networks to a higher-level network.
High-Speed Guard is used to moving the ArcSight data rapidly and securely from the individual lower networks to one high-side network. This allows for greater network visibility and also reduces much of the administrative burden incurred with monitoring all the networks individually. Administrators that were required to spend much of their time devoted to SIEM monitoring are now able to redeploy to other high-value tasks in the enterprise.
No longer is it necessary to retain ultra-complex SIEM environments when working in SOCs and DCOCs with any number of separate networks of differing sensitivity or classification levels. With High-Speed Guard to rapidly and securely transfer all security log and event data to a single network location for ArcSight management, administrators can now obtain a holistic view of the entire enterprise quickly and easily.
Forcepoint™ Federal is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, and TRITON® are registered trademarks of Forcepoint, LLC. High-Speed Guard™ is a trademark of Forcepoint, LLC. Raytheon is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Palo Alto Networks
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox