How Hardsec-Based, Cloud-Delivered Internet Isolation Helps Your Workforce Win

The first two decades of the 21 century have taught us that the information advantage is the strategic advantage of national security, and nothing has made that clearer than the massive growth of the Internet. Yet as the men and women of the US Department of Defense and our allies around the world work to develop the information advantage, cybersecurity leaders must understand that web browsers are a double-edged sword. Browsers not only allow users to leverage the trove of information across the Internet but also expose those same users to sophisticated threats such as drive-by-downloads, AI-driven phishing, hidden malware, and ransomware. In 2024 alone, the world’s most popular browser, Google Chrome, reported 10 zero-days (opens a new window) – previously unknown exploits that turn the code that brings the user to the Internet against the user, their systems, and their networks.

Security, Performance and Manageability

Historically speaking, organizations like the DoD attempted to rigidly segment their users from the Internet into so called “walled gardens” with dedicated private networks connected to the Internet through complex, expensive, and non-performant arrays of firewalls and network threat detection/prevention technologies. However, 30 years of experience in seeing these architectures penetrated and the advent of Zero Trust require the Department and other Federal organizations to create a more secure, performant, and easily managed way for users to securely access the Internet.

When the Defense Information Systems Agency (DISA) realized the urgent need to balance speed, usability, and security for the Department to access the Internet, DISA introduced Cloud-Based Internet Isolation (CBII) across the DOD Information Network (DODIN). This program was designed to secure the DODIN, provide users with performant Internet access, and ensure that network traffic could easily be managed. Any of these three pillars faltering could disadvantage the Department in maintaining information advantage in the 21 century.

As CBII and programs like it continue to grow, the technology driving those programs should grow as well, which is why I’m excited to see Everfox redefining Internet isolation for the modern workforce with a focus on enabling the mission.

Redefining Internet Isolation

Hardware-enforced security (hardsec) is a fundamentally different approach that leverages Silicon Assured Video Isolation (SAVI™) technology to help ensure browser compromises cannot escape the boundaries of software-containerized solutions. It effectively mitigates inherent browser flaws, such as zero-days, within the browser itself through the same concept as an air gap, called a verifiable pixel gap, without the limitations of an actual physical air gap. The result is a best-of-both-worlds approach with the option to run on-premises via a hardware device or as a hardsec-enforced, cloud-delivered Remote Browser Isolation (RBI) solution. Hardsec-enabled Internet isolation offers a superior security posture, performance at scale, and the flexibility and interoperability the organization needs to seamlessly integrate with existing infrastructure.

Security

AI-generated attacks and sophisticated Advanced Persistent Threats (APTs) have introduced unprecedented scale and accuracy of execution, hidden in seemingly innocuous web code and planted search engine links. Since we cannot know what lies ahead, shifting left of breach requires a proactive approach to cybersecurity with solutions designed to mitigate the impacts of both known and novel threats with the same level of diligence. Hardsec achieves high assurance security through the innovative SAVI™ technology that creates a pixel gap without creating the cumbersome experience that comes with the legacy air gapped approach.

Performance

Managing what and how personnel can or can’t access can be a daunting, thankless task, particularly in DoD’s high-paced environment. Striking the right balance between productivity with cyber risk can be difficult and getting it wrong can create friction and unnecessary disconnects in critical workflows. Sacrificing security for productivity isn’t the right answer, but neither is sacrificing productivity for security. Some RBI solutions aren’t compatible with commonly used websites and can break key elements, making the site at minimum hard to read and at times impossible to visit. Introducing friction to the user experience can lead to personnel seeking risky workarounds or abandoning their task altogether, both of which can waste time and delay achieving their end goals. RBI solutions that uphold the browser performance end users expect are critical to maintaining control over security and enabling personnel to confidently execute the task at hand.

Flexibility

The Department’s mission cannot afford the interoperability challenges and logistical latency of installing high-touch solutions when more agile solutions are available. A hardsec-enforced, cloud-delivered solution provides ease of deployment and a simpler approach to management than an on-premises solution that requires hardware maintenance and management – which are made even more difficult by DoD’s global footprint. In addition, interoperability with existing security solutions like proxies, secure web gateways, or browsers creates a better experience not just for end users, but also for communications officers.

For critical organizations like the DoD to maintain decision dominance and stay ahead of the many sophisticated threats our nation faces, it’s critical to consider how innovative technologies can help improve security without slowing down the mission. Though the stakes may be high and the adversaries ever evolving, continuing to work together with the private sector will help the public sector win the battle.

To learn more about the Everfox approach to hardsec-enabled, cloud-delivered Remote Browser Isolation, download the Browser Isolation Buyers’ Guide for Defense and Security. (opens a new window)

David Mihelcic

Principal, DMMI LLC

David Mihelcic, is an expert in defense technical infrastructure and engineering. He has led extensive digital transformation initiatives for the Federal Government in executive leadership positions. As the former Chief Technology Officer for the Defense Information Systems Agency (DISA), he was the senior authority on scientific, technical, and engineering matters championing the joint concept technology demonstration (JCTD) program. His work on critical infrastructure initiatives as a Deputy Program Director and Chief Executive Engineer for the Global Information Grid Bandwidth Expansion (GIG-BE) Program laid the groundwork for defining the GIG-BE architecture.
In the private sector, David has led contributions to private sector growth as the head of Federal technology and strategy for Juniper networks. At Juniper Federal, his technical leadership helped sales and customers scale automated, secure networking solutions that met government customer expectations, satisfied technical and certification requirements, and supported global mission critical operations. Today, David leverages his federal and commercial leadership and technical expertise in securing and scaling networks as Principal at DMMI LLC, a technology consulting firm dedicated to bringing innovation and digital transformation initiatives to the federal government.

Read full bio