Cybersecurity Operations for a Global C3 Network
Client: US Transportation Command (TRANSCOM)
Serving as TRANSCOM’S Cybersecurity Services Provider (CSSP), Sentar was tasked with conducting 24/7/365 Computer Network Defense (CND) operations to protect critical mission data and the global C3 network infrastructure used by 3500 industry and military staff worldwide. This endeavor required close coordination with Army, Air Force, and Navy networks to ensure TRANSCOM’s global logistics operations provided timely distribution of equipment and supplies to warfighters in multiple AORs. TRANSCOM’s migration to the AWS cloud environment required that we develop unique cybersecurity solutions to secure a hybrid cloud infrastructure and the associated applications.
Via a global Security Operations Center, we deployed cutting-edge solutions for intrusion detection, threat intelligence and analysis, insider threat, incident response, and vulnerability remediation. We also provided Risk Management Framework (RMF) solutions for TRANSCOM to implement, monitor, and perform RMF activities for all phases of the DoD RM Program (DoD Instruction 8510). Our cyber defense tool suite included firewalls, proxy servers, email filtering gateways, anti-malware, Host Based Security System (HBSS), and integration with capabilities provided via the JIE/ Joint Regional Security Stacks (JRSS). Specific solutions include:
- We enhanced cyber threat intelligence data sharing with the Intelligence Community and combatant commands via Significant Activity Reports.
- Sentar created a dashboard within the cloud Splunk environment to monitor the cybersecurity of transitioning infrastructure and applications by querying IP to return Nessus data enumerating all hosts within a program, services running, operating system, DNS name, hostname, IP, and other information. We created a second dashboard combining EC2, firewall, and Nessus data to enumerate hostname, DNS name, internal and external IP, FQDN, and program.
THE MISSION IMPACT:
- In just 3 months, we increased SIGACT report generation by 100%. We also increased JIMS event/incident reporting, as mandated by CJCSM 6510.01B by more than 500%.
- Our cloud transition dashboards allow analysts to quickly gather extensive host information and identify vulnerabilities to known exploits based upon the software load on an individual machine, resulting in quicker event correlation.
- Our cyber network defense analysts were the first to witness the probing of the 2020 F5 CVE against USTC’s external systems. Our team quickly determined which assets had been affected or remained vulnerable, subsequently deploying remediation protocols that prevented negative mission impact and secured critical mission data.