ENCLAVE STRATEGY

The need for protecting highly sensitive data is not limited to the government’s Classified or Controlled Unclassified Information (CUI) safeguarding requirements. Commercial businesses are also facing increased cyber risks to their confidential data that can contain customer, patient, financial, and intellectual property information.

In collaboration with defense and intelligence agencies, cyber security experts at eResilience developed solutions that apply an Enclave strategy for protecting CUI and other highly sensitive data from cyber-attacks. By putting sensitive information that needs to be protected within an Enclave, the boundary can be strictly controlled and monitored.  This strategy reduces the avenues of approach and creates a defense-in-depth for your most critical data and applications.

ENCLAVE EXPERTISE

eResilience is a division of Referentia Systems, a National Security Agency (NSA) Trusted Integrator with a strong track record of providing secure, compliant and easy-to-use solutions. The company has been developing information assurance technologies and solutions for the DoD for more than 15 years, and offers cross-domain security expertise, in-depth experience with NIST 800-30 risk assessments, Cyber Security Framework (CSF) and Risk Management Framework (RMF) implementation, and staff that has obtained DoD’s recognized Certified Authorization Professional (CAP) certification.

Our experience includes applying Enclave strategies to protect sensitive information for commercial enterprises, critical infrastructure sites, and the U.S. Military.

ENCLAVE TECHNOLOGY

The eResilience Enclave technology was developed for the U.S. Military as a best-in-class cost effective solution for information assurance within cross-domain operations (separating unclassified and classified information on virtual networks and assuring the separation, which could have life-or-death consequences if not separated). Within government agencies, the Enclave technology allows isolated critical networks to exchange information with others, without introducing security threats that normally come from network connectivity. For commercial enterprises, the eResilience Enclave technology and process meets technical requirements for compliance with DFARS 252.204-7012 and NIST SP 800-171 R2.

Setting up a secure network Enclave requires strong cross-domain knowledge, a deep understanding of the limitations and strengths of different components and devices, and expertise that can only be gained through years of experience. eResilience has developed tools to automate the setup and configuration process, ensuring that each device is set up securely. The team identifies what needs to be protected, and creates Enclave barriers to establish a defense-in-depth strategy around the mission critical data and applications. This reduces the avenue of approach, lessens the opportunity of a security breach, and restricts unauthorized access.

ENCLAVE ARCHITECTURE

Enclaves provide the ability to create secure barriers at the user, workstation, network and server level, to protect what is inside the Enclave. Combining the eResilience Enclave architecture with a unique set of automated tools, the detection capabilities to look for lateral movements and leakage are increased, making threat identification easier and more accurate. Enclaves are deployed at the most critical parts of the network, so a breach in one area will not compromise or bring down operations that are Enclaved within another area.

Utilizing the Enclave approach, the eResilience team has developed an end-to-end architecture capable of securing data for U.S. defense, intelligence and critical infrastructure projects. This same architecture is now available to defense contractors to help achieve rapid compliance with DFARS, NIST and other cybersecurity regulations. In addition,  automated tools allow for accurate and easy to manage threat and policy monitoring.