Fortifying the Tactical Edge

Prevention-first file security for disconnected military operations. 

In today’s increasingly digital battlespace, U.S. military leaders face an unrelenting threat landscape—made more daunting by denied, disrupted, intermittent and limited (DDIL) network environments, where adversaries jam signals; connections drop; and bandwidth is scarce.  

The aerospace and defense sector overall has seen a 300% increase in cyber attacks since 2018. With large language models (LLMs) now being used to rewrite malicious JavaScript code, it’s impossible to keep up with the multiplying threats using traditional detection and user awareness.  

“A major challenge with DDIL attacks is knowing what happens when connectivity is lost,” notes Kelly Davis, senior solutions architect for Glasswall, a provider of defense-grade zero trust file protection. “Being able to operate on day one the same way you can operate on day 1,000 with no connectivity in between is how you prevent these attacks,” he adds.  

Protecting mission-critical files in these scenarios demands much more than detection-based security tools. Glasswall offers proactive file filtering as a core security layer. 
The company’s Content Disarm and Reconstruction (CDR) advanced zero trust cybersecurity technology provides file-level security enforcement directly on operator end points, which is necessary for the military and federal agencies that frequently operate in offline and air-gapped environments. Eliminating file-based threats before they can execute, CDR removes noncompliant content and elements entirely.    

Rearchitecting File Security for the Mission Edge 

Glasswall’s CDR solution uses a four-step process to rebuild files back to their known good specification—eliminating malicious code, macros or embedded threats—without ever needing an internet connection. Because the company validates against what is a known specification, the process does not require an internet connection.  

By referencing static, manufacturer-published file specs instead of ever-changing virus signatures, Glasswall helps keep networks operating securely, regardless of network status. Glasswall’s file-based threat prevention technology, called Meteor, works where bandwidth is tight, or connectivity is intermittent, allowing mission data to move securely without risk of compromise. Specifically, Glasswall Meteor delivers this capability as a Windows application requiring no server infrastructure, operating fully offline on tactical workstations.  

The approach aligns with the government’s Zero Trust Strategy, which focuses on protecting the data itself, not just the perimeter.    

“The data pillar is often the least mature in zero-trust implementations; organizations typically invest heavily in identity and network segmentation, but files get a pass. CDR closes that gap,” Davis says.   

The strategy’s seven pillars begin with the user and device, and then extend to the network and environment, application and workload, data and automation and orchestration, before ending with visibility and analytics.  

Addressing Real-World Data Breaches  

Kelly Davis joined Glasswall as a senior lead DevOps engineer. Before that, he served as lead IT specialist supporting the U.S. Army’s Command, Control, Communication Tactical Directorate (C3TD), which ensures software readiness of Army mission command, tactical radio and transport systems, a role where he saw firsthand how CDR’s preventive approach closed critical gaps.  

He highlights a recent CDR implementation involving a federally funded research and development center (FFRDC) that faced a rare breach by a nation-state. “This was their first breach in about 15 years,” recalls Davis, who helped sanitize the center’s massive datasets. The process involved running their data through Glasswall’s filters, bringing the data back in once it was cleansed to restore their operations.   

Glasswall Meteor’s ability to swiftly and effectively sanitize exposed documents enabled the research center to sanitize its files at scale and eliminate any lingering threat with confidence. The solution was integrated into the FFRDC’s internal file processing pipeline, handling large datasets, including real and sample malware. Meteor now acts as the initial filter in a multilayered security approach, processing files before they reach internal users, file shares or storage locations. This approach significantly enhanced the organization’s overall security posture, providing a more in-depth defense against future file-based attacks.  

CDR is also central to secure, cross-domain data sharing, including among coalition allies with different security protocols, where document exchanges include classified and unclassified network transfers. SQ Magazine reports that 68% of NATO members confirmed attempted intrusions into defense logistics software during the first half of 2025, while 21 countries reported successful intrusions into classified defense networks during the first two quarters of 2025.  

“When files cross domains or trust boundaries, cleansing is foundational. Our tools automatically inspect and rebuild files to prevent accidental data leakage or targeted attacks,” Kelly says.  

Five Best Practices for Protecting Data Files in DDIL Environments   

For defense IT and cybersecurity personnel seeking to strengthen operations in DDIL environments, Glasswall recommends these five steps:  

• Change Your Security Mindset: “Detection is no longer enough. Prevention-first thinking must be the foundation.”  
• Map Your Trust Boundaries: “Identify every point where files or data enter, leave or cross your networks.”  
• Deploy the Right Solutions at Each Boundary: “Technology must verify and reconstruct files at critical entry and exit points.”  
• Write Clearly Specified Requirements: “Detail your operational and security needs for any solution considered or procured.”  
• Align With Federal Mandates: “Compliance isn’t optional—adopt standards like the DOD’s Zero Trust Strategy, NSA’s ‘Raise the Bar’ and NIST 800-207 for Zero Trust Architecture.”   

Davis emphasizes the importance of aligning best practices with what’s being mandated at the federal and defense government levels, noting that Glasswall CDR is NSA Raise-the-Bar mandated for all cross-domain solutions, one of only two required content filters for classified domain transfers.   

The difference in Glasswall’s approach is that it emphasizes prevention rather than simply detection. “Detection asks if a file is BAD. Prevention asks if a file is RIGHT. In DDIL environments, that’s the difference between hope and certainty,” explains Davis.   

Future Focus: Deeper, Defensive Integration  

Looking ahead, Glasswall is driving deeper integration of CDR into tactical mission platforms and hybrid cloud-edge environments, prioritizing embedded prevention rather than cyber solutions focused on detection.   

Glasswall’s technology is trusted in classified environments because the company meets the highest standards and certifications, including compliance with the Defense Information Systems Agency’s (DISA’s) Security Technical Implementation Guides, or STIGs, as well as National Institute of Standards and Technology (NIST) cybersecurity standards.  

Concluding, Davis urges the defense community to never trust—always verify. “In DDIL, your security posture degrades precisely when the threat environment is most contested. CDR ensures your file protection works the same on day 1,000 as it did on day one, and with zero connectivity in between.”  

More Information  

Learn more about Glasswall at www.glasswall.com