August 2, 2017

Public sector’s new approach to endpoint security

Lloyd McCoy, Marketing Intelligence Manager


By Lloyd McCoy Jr.
Market Intelligence DOD Manager
immixGroup, an Arrow company


Endpoint security in government is almost like a game of dominoes. As the government reduces its IT infrastructure and adopts more cloud computing, the definition of endpoint security is changing and forcing government agencies to rethink their IT strategies.

With the latest hack of the uber-protected National Security Agency, the IT industry has a major role to play in how government agencies protect their endpoints. Here are three trends to watch:

1. Big data will play bigger role

Agencies are looking to big data capabilities to better understand endpoint security. One of the first to kick off the effort was the Defense Information Systems Agency (DISA), which released two requests for proposals for big data capabilities—one to collect and manage security data and the other for the actual tools to break down the data, visualize it if needed, and make actionable decisions based on the information. The ultimate goal is to take the collected data about the Department of Defense’s (DOD) endpoints and aggregate it to give senior leaders a better sense of how well the enterprise is (or not) protected.

2. As endpoint evolves, so do IT needs

The endpoint has evolved to encompass a complex hybrid environment of desktops, laptops, mobile devices, virtual endpoints, servers, and infrastructure involving both public and private clouds. Because of this change, agencies will be looking for innovative solutions to provide security services in heavily virtualized environments. The solutions that will be in most demand by the government will be those that can defend against persistent threats, issue alerts, reduce the attack surface, attack vectors, and detect malware when it arrives and before it wreaks havoc. The need for these kinds of tools, especially for mobile devices, is so urgent that the Department of Homeland Security (DHS) is working closely with the General Services Administration (GSA) to speed up the time it takes to get mobile security vendors added to IT Schedule 70, the largest, most widely-used acquisition vehicle in the federal government.

Additionally, the DOD will soon consolidate its endpoint security programs via the Endpoint Security Solutions contract, which is now in source selection. It will give the department more flexibility in choosing the right mix of tools based on evolving security needs.

3. Infrastructure consolidation reduces the attack surface

By reducing the attack surface, it means fewer doors for the bad guys to get in, which helps improve situational awareness of network threats. This theoretically improves the security of the devices. One of the best examples of this is the DOD’s Joint Regional Security Stacks (JRSS), a suite of tools that performs a host of network security capabilities like firewall functions, intrusion detection and prevention, and enterprise management. It’s allowed DOD to decrease its attack surface as fewer access points, vulnerabilities, and exploits are available to adversaries. The DOD says it will shrink its overall attack surface by reducing the need for security enclaves at more than 1,000 existing network access points and replacing them with regional security stacks at 50 global ingress locations.


The need for cybersecurity solutions, particularly endpoint security tools, has never been stronger. Every government agency is increasing its endpoints and exploring or utilizing analytics to better understand its IT environment and associated vulnerabilities.

Technology companies need to show government agencies how their IT solutions support these trends. Time and again, government program managers stress that as infrastructures shrink and the types of end-user devices in use expand, endpoint security vendors will be well positioned if their messaging is aligned to unique mission environments and agency challenges.

BIO Lloyd McCoy Jr. is a Market Intelligence DOD Manager with immixGroup (an Arrow company), which helps technology companies do business with the government. Lloyd focuses on Defense Department agencies and public sector cybersecurity. Connect with him on LinkedIn at Need help identifying top IT decision makers and opportunities in government? Contact immixGroup’s industry-leading Market Intelligence team today.

Editors Note: This post originally appeared Sept. 8, 2016 and has been updated for accuracy and comprehensiveness.