SafeNet's UCDMO Baseline-validated Cross Domain Solution is now available for reuse throughout DoD and IC. View the video on how SafeNet's Cross Domain Solution, the MDeX System, can help you securely manage the transfer of voice, video and data across multi-level security domains.
SafeNet’s MDeX System, an assured information sharing and cross domain solution, provides a reliable, secure, and configurable means of transferring information between domains for all Intelligence Community, Department of Defense, and other sensitive operations.
The MDeX System provides consistent Multi-Level Security (MLS) services regardless of interface protocols and data content filtering needs. It establishes a stable and verifiable framework in which business and mission managers can implement concurrent yet controlled information flows with various communities of interest and security domains. The system addresses business and mission information sharing needs by providing secure ingest, distribution, dissemination, and delivery of sensitive information.
The MDeX System architecture is comprised of three parts:
MDeX Transfer System (MTS)
: Security core appliance that orchestrates the flow and filtering of information according to customer policies and rule sets
Security Domain Intermediary (SDI)
: Protocol and queuing edge interface between domain applications and MTS
Remote Management Station (RMS)
: Enterprise management appliance for policy and security management, command and control, and monitoring
For more details on MDeX System Architecture, please click here.
Cybersecurity Situational Awareness - Situational analysis demands the integration of high volume, high velocity data from both internal and external sources. Cross
Domain messaging tools establish real time access to intelligence data,
events, logs and sensors across multiple enclaves without connecting
logical networks. Identifying
possible exploits, network attacks and data exfiltration challenges
security teams to correlate data from across the many parts of their IT
organization and collaborate with their peers. As
government broadens cyber defense support to include private
environments such as critical infrastructure and financial systems,
cross domain solutions such as the MDeX System, provide the ability to
exchange health and status events or alerts for full situational
Disaster Response - In the event of a natural
disaster, Federal agencies must quickly establish lines of communication
with non-government organizations (NGO's) to coordinate response and
support services. State and
local police, hospitals, and volunteers providing assistance in the
recovery process require open access to intelligence feeds, geo-spatial
services, and communications. In the past, availability of data sources and applications were limited by closed networks and systems (aka silos). Cross
Domain solutions such as the MDeX System, provide low risk and flexible
interoperability for intercommunication between these silos greatly
increasing the effectiveness of the response teams.
Supply Chain Security - Collaboration with outside
partners has always been a major hurdle for the rapid delivery of
mission critical technology and information. With
an increasingly globalized supply chain risks posed by insider threat,
and partnerships of the moment, corporate and military espionage has
rapidly become a major acquisition lifecycle concern. Cross
domain solutions such as the MDeX System facilitate the risk management
process by controlling the exchange of intellectual property, contract
data, and sensitive system design secrets.
Defense and Intelligence Coordination - As multiple
military, government and civilian agencies create, store, process, and
maintain data critical to the nation’s security, cross-domain solutions
are necessary for timely and secure communications between multiple
organizations. SafeNet’s MDeX System provides government agencies a
communications solution that offers unprecedented speed, security and
flexibility unlike any of the solutions currently approved for use in
Cloud Assurance – The cloud provides the ability to align just-in-time processing and storage capacity with ever changing business needs. Along
with those benefits, the cloud introduces an environment which includes
many user communities each with their own unique security policies and
controls. Without direct
physical and logical control of their data organizations must increase
the rigor of the services protecting their information as it moves
throughout the cloud. SafeNet’s data protection offerings provide such services while the data is at rest or in-transit. The
addition of services for controlling organizational access policies
provided by cross domain solutions such as the MDeX System governs
information flows to ensure they meet organizational information sharing
SafeNet information flow engine, Oracle Solaris 10 with Trusted Extensions, Oracle Java, Oracle XACML, SPARC, or x86 platforms
SafeNet CDS manager, Oracle Solaris 10, Oracle Java, Oracle MySQL, Splunk, SPARC, or x86 platforms
SafeNet protocol clients and queue manager, Oracle Java
Splunk is a commercial product integrated into the RMS for event
Database repository used within the RMS for storing system data
Application Programming Interface (API) for Java content filters
The SDI API allows for legacy or unique application integration with the MDeX System
TIBCO Java Message Service (JMS):
Provided SDI client supports TIBCO’s Enterprise Message Service (EMS) JMS client for message exchanges within enterprise bus architectures. Requires customer to have existing TIBCO EMS Enterprise License
View Feature & Benefits
Industry standard access policy interoperability and extensibility so
that policy decision points can exist in multiple places. Access policy managed through
Plug and Play Architecture
The MDeX System’s modular design creates an environment where adding new domains, communities of interest, applications, and content filters requires significantly less custom development compared to most solutions. This gives the mission or organization the flexibility to change their requirements based on mission needs. SDIs supply the edge interface for connectivity between security domains and the MDeX System’s core security appliance, the MTS, allowing for ready integration of the MTS within existing mission and enterprise JMS, SMTP, XMPP, and standard file sharing applications.
Many other cross domain solutions are designed and developed to address specific data types and transfers. With these systems, adding a new data type or transfer organization requires custom development efforts, and a complete certification and accreditation effort for use approval. This process can take many months and costs a great deal of money.
To address this challenge, the MDeX System uses Plug and Play architecture and its Application Programming Interfaces (APIs) for interface protocols and content filters. This enables organizations to add new protocols or content filters without changes in the security support structure. Organizations can then isolate any additional certification and accreditation activities to just the additional protocols or content filters, without re-certification of the MTS itself. As a result, missions and organizations can deploy MDeX System configurations with minimal certification impact and minimize accreditation time frames.
Situational Awareness and Control
Enterprise and Mission Integration
The MDeX System includes enterprise and mission management of the MDeX System cross domain environment. It accomplishes this through its centralized (managing n CDS instances) and distributed (remote accessibility to management platform) capabilities for command and control, monitoring, and management activities.
Ease of Use
The MDeX System’s intuitive GUI for remote management provides a forward-thinking interface to policy and configuration management, and the means to view audit, system, and application events. This user-friendly design enables systems managers to quickly learn MDeX System operations and eliminates the need for users to have years of trusted operating system command line interface experience.
Accessibility is another key benefit to the MDeX System. The MDeX System includes PK-enabled web access from any authorized location. The MDeX System also provides the ability for enterprise and mission management services to gain accessibility to active cross domain event information to enable proactive data flow management.
Dynamic Policy Enforcement - Real-time Policy Changes with Assurance
Dynamic policy enforcement allows data owners to establish granular information flows and content filtering policies as mission needs dictate using the industry standard, OASIS XACML, security policy language. The separation of flow and content policies, and use of XACML, enables rapid examination and approval of defined policies by organization authorities. Two-role control provides separation between policy definition and release for management operations. Once an organization certifies a policy for implementation, it is available to the security core appliance, the MTS, for immediate activation and enforcement. This allows organization and mission authorities to operate in a coordinated manner to implement policy changes to address changing mission needs.