Enable Secure Information Sharing Right Data-Right People-Right Time MILCIS 2013 George Kamis RTCS Chief Technology Officer Kamis@TrustedCS.com +1 703-537-4310 EXIM Approval #IIS2013-268 Copyright 2013 Raytheon Company. All rights reserved. Customer Success Is Our Mission is a registered trademark of Raytheon Company. Raytheon Trusted Computer Solutions Backed by the Raytheon Company, 2012 sales of $24.4 US billion. Raytheon is a technology and innovation leader specializing in defense, homeland security and other government markets throughout the world, with a history of innovation spanning 90 years. 19+ years of experience in fielding operational cross domain systems throughout the DoD and the Intelligence Community. Providing the multilevel enterprise desktop and transfer solutions used throughout the US DoD and Intelligence community. Other agencies look to these deployments as setting the standard for cross domain enterprise deployments. Backed by a Professional Services organization with the largest collection of cross domain implementation and C&A/SA&A expertise in the world. Developing and implementing certifiable and accreditable cross domain solutions is our sole focus. Page 2 Speaker Name 1
RTCS Mission Increase security & reduce cost of IT infrastructures by implementing cross domain technology Develop and market commercial software products and services that enable management & sharing of information in a trusted environment Enable Secure Information Sharing Right Data-Right People-Right Time Page 3 What are Cross Domain Solutions? Cross Domain Solutions (CDS) facilitate secure information sharing between entities (agencies, countries, networks) with different sensitivity levels. Three types of solutions: Access: provides users a path data on the different networks to which are allowed by policy Transfer: provides various mechanisms to securely move data between different networks while mitigating against viruses, malware, and policy violations Hybrid: solutions that encompass both access and transfer capabilities Page 4 Speaker Name 2
RTCS Cross Domain Product Line ACCESS AND TRANSFER SOLUTIONS The High Speed Guard (HSG) cross domain information sharing solution is NOT approved for export beyond the Five-Eyes partners. The Small Format Guard (SFG) cross domain information sharing solution is NOT approved for export beyond the United States (US). Page 5 Cross Domain Access The Common Desktop Environment: How Trusted Thin Client Simplifies Enterprise Access Across Multiple Disjointed Environments Page 6 Speaker Name 3
Cross Domain Access Problem Page 7 Trusted Thin Client UCDMO Baseline Technology Classification levels clearly displayed Consolidated access with Trusted Thin Client 11/13/2013 Page 8 Speaker Name 4
Trusted Thin Client Secure Multilevel Access Page 9 Trusted Thin Client Demonstration (All Information is Unclassified) Page 10 Speaker Name 5
Trusted Thin Client Demonstration (All Information is Unclassified) Page 11 TTC Enterprise Functionality - Global TS, S, TS Rel A User CA TS, S, TS Rel B User US Data Center/ Cell TS, S Cluster TS, S Rel D Data Center/ Cell TS, S Rel C TS, S, S Rel E User QA Data Center/ Cell Administrative Enterprise Console and Services 11/13/2013 Page 12 Speaker Name 6
Trusted Thin Client Cost Effective Increases user productivity Supports a wide variety of back end servers Runs on most x86 thin clients Reduces desktop hardware and power Reduces administration and O&M costs Extends the benefits of Desktop in the Infrastructure COTS development, licensing, and support model Reduced administration cost Enterprise Ready Large-scale enterprise deployments in operation Enterprise management capabilities Scalable with failover Consolidated user environment for ease of management Cloud computing model where all user data and applications are remotely accessible Ease of expansion for new clients, network connections, and sensitivity levels Flexible Virtual implementations utilize existing workstations and support users requiring high performance computing Remote implementations provide all benefits of secure multilevel access for field agents and remote workers Supports multiple VDI technologies for desktop access Wide variety of client options: thin clients, PCs, memory sticks, etc. Type I and Type II hypervisors Hardware independent Secure Controlled multilevel access; no data transfer Read-only operating system and applications at the end point US UCDMO Baseline (TSABI and SABI) Suite B support Page 13 Independent Study Findings A US intelligence agency customer demonstrated a 54% return on investment over a 6.2 month payback period by significantly reducing hardware, infrastructure, support costs and power usage Interview Highlights: Using TTC changed the feel of the environment, as users were able to move from having four or even six machines on their desktops down to one. Forrester Total Economic Impact Study of RTCS TTC, efficiencies in terms of cost savings realized Putting in TTC in conjunction with new facilities avoided infrastructure costs from the beginning. In existing facilities, the network infrastructure remained, but costs to maintain it, both in terms of hardware and labor, were reduced. A key advantage of Trusted Thin Client is having a single wire to the desktop, guaranteed to be going to separate networks. IT Project Manager Page 14 Speaker Name 7
Quantified Benefits of Trusted Thin Client Benefits Year 1 Year 2 Year 3 Total Thin Client Cost Avoidance $ 1,200,000 $ -0- $ -0- $ 1,200,000 Support staff reduction $ -0- $ 3,000,000 $ 6,000,000 $ 9,000,000 Infrastructure savings (cable and network) $ 15,500,000 $ -0- $ -0- $ 15,500,000 Power Savings $ 132,830 $ 132,830 $ 132,830 $ 398,489 Total $ 16,832,830 $ 3,132,830 $ 6,132,830 $ 26,098,489 Source: The Total Economic Impact of Trusted Thin Client, Forrester Consulting, June 2012 Customer with requirement to access 4 sensitivity levels or networks for 500 users Every organization s experience may differ based on the characteristics of the environment. The above benefits are offset by costs associated with license cost, professional services, internal labor costs, hardware and change management support Net benefits after costs and risk adjustments showed a NPV of $7.7M with a payback period of 6.2 months Page 15 Cross Domain Transfer Utilizing High Speed Guard to Manage Real-Time Data Sharing for Images, Text, Video, Voice etc. Page 16 Speaker Name 8
High Speed Guard UCDMO Baseline Technology An automated, high performance data transfer guard, supporting full motion audio and video COTS bi-directional data guard Extensive support for highly complex automated transfer requirements between multiple sensitive networks Sustains the industry s fastest bidirectional transfer rates: more than 9Gb/s on a 2 CPU platform Customer configurable for simplified management and maintenance Unparalleled control and auditing Multiple application protocols, adaptable to custom interfaces Real-time video streaming Complex web services Highly customizable data validation rules for maximum flexibility Up to 12 security domains Adaptable to a wide variety of data types and security policies Extensive markup language(xml) Native support for XML payloads utilizing Xerces The High Speed Guard (HSG) cross domain information sharing solution is NOT approved for export beyond the Five-Eyes partners. Page 17 High Speed Guard The High Speed Guard (HSG) cross domain information sharing solution is NOT approved for export beyond the Five-Eyes partners. Page 18 Speaker Name 9
VoIP Transfer Capabilities with HSG Permits users at different levels to directly dial each other and participate in conference calls Security controls include auditing, OPSEC notifications, and tight protocol control Future enhancements add format conversion and noise generation Working closely with Cisco using their hardware technology Cisco Cisco The High Speed Guard (HSG) cross domain information sharing solution is NOT approved for export beyond the Five-Eyes partners. Page 19 Small Format Guard RTCS recognizes the need for mature transfer capabilities applied to the emerging systems Builds on the success of High Speed Guard Same functional capabilities Leverage C&A pedigree Currently experimenting with ATCA line cards, bricks, generic single board computers Broadly customizable for unique requirements, such as SWaP-C requirements The High Speed Guard (HSG) cross domain information sharing solution is NOT approved for export beyond the Five-Eyes partners. Page 20 Speaker Name 10
Keep Data from Walking Out the Door: Utilizing Trusted Gateway System to Transfer Data Between Domains without External Media Page 21 Trusted Gateway System UCDMO Baseline Technology A multi-directional, workflow-based, data transfer guard COTS PL4 multidirectional data guard Automatic bulk upload to high side network or cloud 25 GB+ file size support Web interface 2 person reliable human review Self release when permitted by policy 2 GB file size support File transfer by data push or email User-defined templates Filters/Validations Virus Check File Type Check built in 1,500 file types. New types can be added in minutes Dirty Word Search Clean Words & Regular Expressions Lists for each security level Microsoft document sanitization XML PDF and imagery transforms GUI-based User Management and Auditing capabilities Wiki posting through WebShield integration Page 22 Speaker Name 11
Trusted Gateway System Page 23 Trusted Gateway System Demonstration (All Information is Unclassified) Page 24 Speaker Name 12
Trusted Gateway System Demonstration (All Information is Unclassified) Page 25 Enhance the Security and Efficiency of Enterprise Print and Email Services Page 26 Speaker Name 13
Trusted Print Delivery A highly secure cross domain print delivery solution Results in productivity gains for users printing in multilevel environments. Significant cost savings occurs from reduced printer hardware at individual security levels and decreased capital investment, maintenance, consumables, and administration. Leverages Trusted Gateway System (TGS) for Protection Level 4 (PL4) secure data transfer Extends investment in cloud printing strategies Standard print submission and print attributes Page 27 Trusted Print Delivery Page 28 Speaker Name 14
Trusted Mail System Enabling the secure, policy-enforces exchange of email and attachments between multiple networks Leverages Trusted Gateway System (TGS) for secure email and file transfer Inspect and sanitize all enterprise email content: messages, headers, and attachments including nested content (multi-part MIME) Uses existing email clients Robust end-to-end auditing of all events Page 29 Trusted Mail System 11/13/2013 Page 30 Speaker Name 15
A Enterprise Cloud Gateway and Maximizing Big Data by Accessing Data at its Source through WebShield Page 31 WebShield UCDMO Baseline Technology A data guard that provides secure web search and browse-down from high side networks to lower level networks Cross Domain Transfer Solution Transparent to end user interacts with web sites on low-side network Uses existing desktop browsers Provides forward and/or reverse web proxy guard functionality http guard that supports http traffic requests and replies Allows browse-down and file transfer up Supports http GET and POST methods Security Features Certified and Accredited for US TSABI High-side and low-side SSL integration Strong Authentication module allows use of PKI for authentication and auditing/logging Performs XML validation on defined schemas Customizable to site security policies Virus scanning Dirty word search File typing Active content blocking Page 32 Speaker Name 16
WebShield Page 33 WebShield Enterprise Support Full integration into Active Load Balance and Active Fail Over architectures Local and regional load balance Fully scalable to the environment Technical Specifications Red Hat Enterprise Linux operating system Interoperable with almost all platforms/browsers No back-end or front-end infrastructure cost Integrates to Cross Domain Applications Google Earth Web client Chat Wiki s Outlook Web App SharePoint Performance Tuning for the Environment Analyze required number of client processes on WS Monitor file size requirements Integrate increased applications as needs grow Page 34 Speaker Name 17
Questions For more information please visit our website: www.trustedcs.com George Kamis RTCS Chief Technology Officer Kamis@TrustedCS.com +1 703 537-4310 Jamie Hall Director, International Sales JHall@TrustedCS.com +1 703 537-4347 Page 35 Speaker Name 18