Humphrey Browning by Humphrey Browning | | Blog

Enabling and Protecting

An IEG is designed to enable the flow of information between networks whilst at the same time protecting an internal domain from both inbound malware threats and the outbound leakage of sensitive information.  One of the biggest challenges in achieving these goals is the range of Core and Functional Information Exchange Services the IEG has to guard.

Guarding Core Services

The Core Services that a guard must protect, facilitate the exchange of everyday office file formats like the MS Office suite, PDF files and imagery.   Typically, applications such as Email, Chat, File Transfer, Web Browsing, Directory Replication and Network Management are all supported as part of IEG Core Services.

This presents a number of challenges. The data being carried is typically unstructured and complex. As a consequence, the kind of checks the guard must make need to be configurable and rules based. Just to take one example, consider the requirement to check for the presence of protective markings to determine whether communication should be allowed, blocked or redacted. These markings could occur anywhere in the data structure, from the header of an email attachment to an embedded tag in a chat message. The syntax used for the marking could be consistent across the internal domain, it could vary, or it could be totally different to one being used by a partner organisation.

To successfully guard this type of unstructured data, evaluate technologies capable of performing deep content inspection to detect both inbound malware threats and the outbound leakage of sensitive information.

Guarding Functional Services

The Functional Services that a guard must protect typically carry highly structured data. A good example is NATO Functional Services transported over HTTP such as NATO Friendly Force Information (NFFI) or machine-to-machine Command and Control (C2) data.

To successfully guard this type of structured data, evaluate technologies capable of removing any threat by transforming the structured data. A good transformation technology will provide a protocol break, extract and dispose of the original data, before creating brand new data to deliver onwards, in real or near real time, thus ensuring that no threat can travel “end-to-end”.

Guards that use this type of transformation approach may also be appropriate for protection of the core services in secret and above systems where advanced threats can target a deep content inspection capability.

Building the IEG

An IEG is designed to do a simple job, protect the internal domain while allowing the flow of information between domains. But to accomplish this, it must be comprised of a combination of sophisticated technologies that can perform both deep content inspection of complex protocols and data structures as well as transforming structured data to render it safe.

Deep Secure’s range of content inspection and threat removal guards deliver exactly this functionality and are the foundation of the IEGs we have deployed for specialist international defence and security communities across UK, US, NATO and EMEA over the last decade.

View all posts