Better Together: Hypori + Menlo Security = Securing the Entire Workday

This episode of The BLUF explains a “Better Together” solution combining Hypori and Menlo Security to close two major gaps: keeping government data off user devices and keeping active web code off endpoints. We describe Hypori’s cloud-hosted virtual mobile workspace where users see encrypted pixels on personal devices via the Hypori app and outline Menlo’s remote browser isolation and safe document viewing that render risky web and file content in the Menlo cloud, neutralizing web-borne attacks by design. The combined approach strengthens zero trust, improves user experience and adoption, reduces help desk load and incident response, and can cut costs by reducing GFE phone needs and legacy secure web gateway/proxy backhauls. Tune in to learn more!

• 00:00 Introduction
• 00:38 Remote Work Threats
• 01:13 Hypori Explained
• 03:18 Menlo Security Overview
• 04:47 Why Better Together?
• 05:52 Compliance and Cost Wins
• 06:40 30-to-60 Day Pilot Plan
• 07:33 Bottom Line Recap

This episode is brought to you by ATP Gov. Visit us online at www.atpgov.com or follow us on LinkedIn.

[00:00:00] Welcome to the Bottom Line Upfront, the podcast that cuts through the noise to deliver distilled insights from today’s most important technical webinars, presentations and demonstrations designed for federal and military IT leaders. Each episode breaks down complex technologies into mission ready takeaways, so you get the key points.

Fast. Whether it’s cybersecurity, cloud, architecture, or emerging defense technologies, we highlight what matters most and how trusted integrators like a TP gov can help implement and operationalize these solutions across your agency or command. No fluff. No filler, just the bottom line upfront. If you work in civilian, federal, or DOD spaces, you know the tension people need to work from anywhere, be it home, TDY, the fight line, and even the soccer sidelines.

But our adversaries target endpoints and browsers relentlessly. We’ve also got surge workforces, contractor access, and the never ending mandate to accelerate zero [00:01:00] trust while cutting cost. Today’s Better Together story shows how Hyper and Menlo security closed two big gaps at once. No government data on the device, and no active web code on the endpoint.

So let’s talk about Hyperion Plain English. Think of POR as a virtual mobile workspace that lives in the cloud. Your quote unquote work phone runs an AWS gov cloud, and you can just see the encrypted pixels on your personal device. Your touches go up, the pixels come back. No agency data apps or certs live on your physical phone.

Porres design goals came from special operations and contested environments. They assume that the device and the network are compromised and still deliver secure access back to mission apps. If you lose the phone, something gets damaged, the device gets hijacked, the data was never there. That’s why the client uses a mutually authenticated MTLS tunnel and credentials like CAC and derive credentials reside in the virtual workspace and not on the edge device.

[00:02:00] With por, you can enroll in minutes. Multifactor authentication and biometrics are used to enter your workspace and you can run a curated list of apps, things like teams, outlook and CAC enabled sites. All inside of that virtual phone notifications can alert you when something needs attention, and admins can lock down, copy and paste, screenshots, cameras, and more based on policy and classification level.

Right now the Army licenses RI in the tens of thousands with active growth and the Air Force usage is also rising. SOCOM and other communities are engaged with RI and RI continues to position BYOD as a cybersecurity control, not just a convenience separating personal life from work data while respecting user privacy.

As mentioned before, RI runs in AWS and has a FedRAMP high authorization for government offerings supporting CMMC as well as NIST 800 dash 1 71, and is being positioned by customers to reduce IL 5G FE burden for unclassified mission use. When you [00:03:00] do a total cost of ownership against legacy architectures pricing and platform fees for solutions like Pui scale down at a per user level at volume.

And when you jump up to DOD Scale, they’ve cited their per user over year pricing drop substantially as quantities increase. So what’s Menlo Security all about? Now we’re talking about the browser and email problem. Most attacks still land through a link, a site, or a file. Menlo Security uses remote browser isolation to open every risky site or file in a surrogate browser.

In Menlo Cloud then streams a safe rendering down to the user. Your machine never runs the site’s active code, so drive by downloads. HTML smuggling and many zero days are neutralized by design. Menlo platform was engineered for isolation first. That’s why the DOD runs Menlo at multimillion user scale daily with normal browsing video and audio performance.

Something that’s been challenging [00:04:00] for bolt-on RBI features at other competitors. Menlo pairs this with safe document viewing, which allows you to open and inspect files in the cloud, including password protective archives, and it also includes DLP in the browser. So think about Watermarking redaction.

And policy-based blocking on sensitive data leaving the page. Many admins might be thinking, how do you handle tricky sites or recapture two-factor authentication? Menlo uses a smart bypass. It pushes certs and proxy settings by GPO and MDM, and for forensic needs, you can record sessions to your own AWS S3 or Microsoft Azure Storage.

Menlo doesn’t keep any of your data. Menlo operates in a FedRAMP moderate cloud environment, and for DOD deployments are already running in disa hosted environments with many child tenants. Now let’s talk about why RI and Menlo is a better together story. Here’s the Synergy RI protects your agency apps and data access by virtualizing the entire mobile [00:05:00] workspace.

No data on end user devices. While Menlo protects the internet, you have to touch, so that means no active web code on endpoints. By combining them together, you cover the two attack surfaces that burn most programs the device. And the browser. That’s a clean zero trust strategy you can believe in. Assume compromise on the edge and assume untrustworthy websites, yet still delivering the mission.

You might be doubting this and thinking that the user experience must suffer in some way, but the reality is hyper gives native feeling mobile. C derived cred flows, and curated app stores. Menlo at the same time, keeps normal browsing, streaming and file review, feeling familiar, so the net effect, higher adoption, lower help desk, and reduce risk by architecture, not just by signatures.

But let’s also take a look at this from the acquisition, compliance and cost angles. Porres government service is FedRAMP high, and that aligns to CMMC [00:06:00] and NIST 801 71 use cases. Menlo GovCloud is FedRAMP moderate and widely deployed in DOT environments. Replacing a portion of GFE phones with re’s BYOD approach can cut unclassified device spend and support overhead while melos RBI can offset legacy secure web gateways and proxy backhauls while reducing incident response churn tied to web borne malware.

Both vendors express order of magnitude savings at DOD Scale during implementation. And when it comes to acquisition, we act as your guide and integrator and we can stack technologies like Hyper and Menlo together with your agency vehicles and advise on pilot to production glide paths. Discovery to success is measured in a typical 30 to 60 day pilot.

What we would do is we would map user groups using your GFE or BYOD devices. We’d set up identity and CAC flows, as well as web categories and DLP requirements. Integrating both of those into hypori and the Melo Instantiations, [00:07:00] we would stand up a RI workspace for a cross section of your users and steer internet and email links through Menlo Isolation while in the RI workspace.

What we’re interested in measuring is time to first access phishing and malware neutralization. We’re looking for data at rest endpoint events to be zero. We want to look at the help desk deltas and any bandwidth or cost relief while using the platform. And when we talk about scale, we want to expand in slices.

We wanna start with employees and contractors and partners, and tune policies for the different classification levels. So what’s the bottom line? Up front RI keeps government data off devices entirely. Even BYOD devices like the one you’re listening to this episode on. While Menlo Security keeps web and email threats away from users by isolating sessions in the cloud together, they protect the apps you rely on and the internet.

You can’t avoid. Por gives you the reassurance that there’s no data on your devices and your CAC and derived credentials live inside the virtual workspace. [00:08:00] This is bring your own device that actually reduces risk. Menlo at the same time promotes the ability to have no web code on the RI endpoints. That means safe rendering, safe documents, and data loss prevention in the browser.

And at DOD Scale. With RI and Menlo, together you can protect apps and the open internet the entire workday. Yes, this does map zero trust. It does reduce costs and it scales at DOD enterprise size. And we can help you pilot, integrate, and measure success in 30 to 60 days. So if you’re interested in trying out this solution, please email info@atpgov.com with the subject line bluff, pilot plus Menlo, and we’ll bring Ian Menlo to the table, confirm success metrics, and start a low friction pilot.

Be sure to reach out to ATP cov today@www.atpgov.com, or email info@atpgov.com, or check us out on social media on LinkedIn. [00:09:00] Thanks for listening, and be sure to subscribe to the bottom line upfront wherever you get your podcasts. And stay tuned for more distilled insights from the front lines of tech and national security.

So until next time, stay secure. Stay mission ready.

The Bottom Line Up Front, is ATP Gov’s podcast that cuts through the noise to deliver distilled insights from today’s most important technical webinars, presentations and demonstrations designed for federal and military IT leaders. Each episode breaks down complex technologies into mission ready takeaways, so you get the key points.

Fast.

Whether it’s cybersecurity, cloud, architecture, or emerging defense technologies, we highlight what matters most and how trusted integrators like ATP Gov can help implement and operationalize these solutions across your agency or command.

No fluff. No filler, just the bottom line up front.