In today’s data-centric environment, critical information constantly flows between users, devices, data centers, and networks. It’s important that the right people have access to the right data where and when they need it.
The MDeX System, a cross domain transfer system, securely manages the exchange of voice, video, and data across multi-level security domains and between internal organizations and external coalitions. This easy-to-use solution provides secure collection, distribution, dissemination, and delivery of sensitive information enabling organizations to quickly share data without worrying that it will fall into the wrong hands.
The MDeX System supports mutiple use cases including:
The MTS ingests all content from the source XMPP client SDI and applies security (both flow and content) policies on the content. The MTS inspects session content for policy anomalies and quarantines the content if policy constraints such as anti-virus or content inspection are not met. For customer applications that apply message integrity checks or classification labels, the MTS can also apply content policies to inspect for any anomalies associated with that additional content.
The SDI simultaneously supports multi-protocols (e.g., SMTP, XMPP, JMS, File) through a common SDI (at least one in each source/destination domain). The MTS is not constrained by interface changes or other related issues as that is handled by the SDI. Only the payload submitted by the source application is exchanged between the MTS and the SDI.
SDI edge interfaces support multiple types of services. The MTS has several network ports that provide access points to the same domain or multiple domains.
|Core Solution||Core Solution||Core Solution|
|MDeX Transfer System (MTS)||Security Domain Intermediary (SDI)||Remote Management Station (RMS)|
Core assurance appliance of the MDeX System that makes policy decisions and enforces policy for all information flows
The MTS provides the content policy and executes content filters. It engages, as necessary, the XD Mail appliance for complex and multi-part documents. The MTS provides quarantine control of all messages and content that fail policy checks.
Edge interface application of the MDeX System (within each security domain)
The SDI provides connectivity of mission and infrastructure applications to the MDeX System. Protocol clients include SMTP, XMPP, JMS, File DropBox/File Service, Proxies/User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). At least one SDI interface is required for each domain connected to an MTS, extending to the source or destination applications and systems.
Public Key-enabled management appliance of the MDeX System
It provides mission and infrastructure operators command and control, monitoring, and security/policy management accessibility to all MTS instantiations. The RMS receives alerts from the MTS in the advent of quarantined items.
The MDeX System can include back up MTS and RMS appliances for high availability to support continuity of operations of the enterprise. The MTS and RMS appliances are highly robust platforms with fault tolerant components designed to address high availability needs.
For transfers, the MTSs can be implemented in a mesh architecture where multiple MTSs can be bound to common SDIs. When primary and back up MTSs are active, if one MTS fails then the other MTS continues the data flow.
System Monitoring and Management Capabilities
The MTS is controlled, managed, and monitored by the RMS. Operators use the RMS to issue commands to the MTS and to monitor events (e.g., audit, performance, quarantine) that it receives from the MTS. Events are generated on the MTS for audit, system, application, and transaction activities and are periodically sent to the RMS. Alerts and notifications for critical events are generated and directly sent to the RMS with follow-on notifications configured particular to respective enterprise services. Additionally, each security domain may send chat-relevant events through notifications configured for the respective enterprise services. All events on the RMS can also be distributed to associated enterprise management service providers (e.g., security management, health and status management, and mission management) for overall enterprise situational awareness.
Computer Network Defense
The MDeX System provides cyber network defense capabilities. MTS events are pushed to the RMS for analysis and audit reduction. The RMS includes Splunk, a third party event management engine. Splunk visualizes machine data by providing a comprehensive tool set to monitor events for potential anomalies, threats, and attacks, content and unauthorized flows. The resulting quarantine actions send alerts to the RMS for immediate action.
The MDeX-MTS-SPLUNK integrated capability significantly increases the cyber defense and information assurance function, converting machine data into actionable intelligence.
Plug and Play Architecture
The MDeX System’s modular design and simple Java programming support creates an environment where adding new domains, communities of interest, applications, and content filters requires significantly less custom development compared to most solutions. This gives the mission or organization the flexibility to change their requirements based on mission needs. SDIs supply the edge interface for connectivity between security domains and the MDeX System’s core security appliance, the MTS, allowing for ready integration of the MTS within existing mission and enterprise JMS, SMTP, XMPP, and standard file sharing applications.
Typical cross domain solutions are designed to address specific data types and transfers. When a new data type or transfer organization is added it requires custom development efforts, and a complete certification and accreditation effort for approval to use. This process can take many months and costs a great deal of money. To address this challenge, the MDeX System uses a plug and play architecture and Application Programming Interfaces (APIs) for the customization and refinement of application protocol support and content filtering. These optimization capabilities enable users to add new protocols or content filters without changing the overall security support structure.
Organizations can then isolate any additional certification and accreditation activities to just the new protocols or content filters, without re-certification of the MTS itself. As a result, missions and organizations can deploy MDeX System configurations with minimal certification impact and minimize accreditation timeframes.
The entry-level MTS (MTS E-1) appliance offers a standard two domain configuration that can be upgraded through additional domain licenses. SafeNet AT offers a field upgrade option for government network operators that require additional capacity in a sub-system (Memory swap, Additional Network Ports).
The MTS E-2 appliance offers a standard six domain configuration that can be upgraded through additional domain licenses to a thirteen domain configuration.
|Feature||SafeNet AT MDeX System|
|U.S. UCDSMO-baseline validated (TSABI)||√|
|Create templates containing frequently used data to create jobs||√ Offers ability to clone policies and then modify as needed|
|Support for multi-channel, multi-directional transfers with one system||√|
|Support for username and password authentication mechanisms||√|
|PKI authentication mechanisms||√|
|Support for a mail system||√|
|Validations||√ Basic validations readily available for virus scanning, file type, verification, dirty word search, etc. however customers have the ability to create their own more detailed obligation filtering or integrate with 3rd party COTS obligations|
|Site security policy||√ To/from unlimited number of approved networks|
|Classification level transfer||√ All levels|
|Supports multiple file transfer requests||√|
|Available policies||√ Can support configuration for any and all policies|
|Delivery protocol for text or files post-validation||JMS, File Client, UDP|
|File transfer protocol||Use custom scripts running on SDI|
|Administration and management||√|