AN ELEMENTAL APPROACH TO HOLISTIC ENTERPRISE SECURITY
ELEMENTAL SECURITY PLATFORM saves Fortune 500 customer millions of dollars in ongoing expenses and improves their security
Elemental’s customer is a Fortune 500 company, and an information infrastructure provider in the manufacturing industry. The customer employs more than 10,000 people in more than 60 locations throughout Asia, Europe and the United States.
The customer is governed by regulations including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and various privacy laws in Europe and Japan. Overall, the customer must meet 14 different compliance objectives.
With so many offices and systems distributed throughout the world, the Company’s problem was clear – it had no method to obtain a holistic security view into its environment, which would allow it to effectively manage its risk. The customer could not track, manage or secure its networked systems; nor measure or prove its compliance with its various security and regulatory compliance objectives.
“We have a large network with many parts coming and going all the time, and it’s difficult to find out what’s going on out there,” said one senior director of information services. “We have more than 25,000 machines, and have approximately 2,000 systems turning over monthly due to our dynamic employee population and constantly changing systems.”
The Company used a variety of solutions to collect asset inventory, control access, and monitor compliance within its dynamic environment. Unfortunately, the systems were not integrated and did not provide results in a unified manner. They also ran reports in various formats, resulting in up to 10 different variations. According to the customer, it was extremely labor intensive to review and correlate all of the data, and this approach was prone to error.
“To run an analysis of a group of machines and their characteristics – such as OS, vulnerabilities, patch status, accounts and configurations – it took a day or two at a minimum, and to correlate the data into a report took a ‘one person week,’” said a senior security manager. “Of course, during that time things are in constant change, so even the most current reports didn’t give us an accurate picture.”
A senior director of information services summarized the issue: “Our overall problem is that we aim for what we call ‘holistic security profiles,’ but achieving this corporate goal was impossible with the various systems we had running. When there was a worm or virus outbreak, we couldn’t target what our risk might be. Timeliness of incident responses was way off, especially since the process involves crossfunctional teams throughout various corners of the globe. Finally, we didn’t have reporting on a regular basis, and it wasn’t consistent.”
THE PREVIOUS SOLUTION
To help with compliance management, the customer deployed a well-known legacy vulnerability management solution and its agents to more than 2000 select Windows machines and critical Solaris and HP-UX servers. Unfortunately, according to the customer, this product did not meet many of its basic requirements and was cumbersome to use. It was installed on only critical production machines due to high license costs and the customer’s lack of management staff to administer additional systems. According to the customer, the vulnerability management solution cost several $100,000s per year in maintenance. In addition, one fulltime administrator was needed to manage it.
“Our legacy vulnerability management solution did not consistently provide accurate and valuable information when systems were out of compliance so we could remediate,” said an end-user. “Its console was not user friendly, and the GUI was hard to extract information from. Proving compliance during our audits was a real headache.”
The customer completed a full-system compliance review only once every six months because the exercise was such a difficult task, and these reviews often took “three man weeks” to complete, they said.
Another security tool selected by the customer, to deliver host-level access control, works only with its Unix machines. This system cost $60,000 a year to maintain, plus one fulltime administrator. In addition, their cross-platform inventory management tool worked with all platforms except Windows. This product cost $150,000 for the first year, and $30,000 a year thereafter to maintain, plus one fulltime administrator. There were no Windows equivalents for either of these products.
The combined total cost for this disparate set of tools was more than $800,000 a year in maintenance and administration support fees alone.
THE ELEMENTAL SECURITY PLATFORM
Some time ago, the customer came across Elemental Security, and its unified solution to security compliance management. After a thorough evaluation, the customer began deploying the Elemental Security Platform in April 2005.
The Elemental Security Platform is an enterprise security software solution that enables organizations to express, monitor, and enforce security policies for any computer connecting to the network. It uses a client-server security architecture that provides broad visibility into all hosts in the enterprise and the means to control or contain them through auto-deployed security policies.
According to the customer, the Elemental server installed easily, and was up and running in about an hour. The agents were installed, and later that day the system began collecting a significant amount of information about their environment, including servers they were not aware were deployed.
Elemental shows significant value and can drive holistic security profiles like no other product can.
- Senior Director of Information Services
“Elemental collects an outstanding level of quality data, such as audit information, account management, configurations, host-level ACLs, inventory information, and other data helpful in defending against attacks,” said a senior security manager. “It continuously analyzes hosts for idle activity, software configuration and SOX compliance, and these checks can be tailored to our environment.”
To date, Elemental has exceeded expectations and delivered all that it promised, including allowing for spot audits and ease in reporting, the customer said.
“Elemental shows equivalent or better functionality than our previous set of tools, and allowed us to turn some of the other tools off,” said a senior director of information services. “It handles compliance guidelines and gets reports better than our existing solution. All our organizations worldwide can now share one security compliance tool. It shows significant value and can drive holistic security profiles like no other product can.”
Today, the customer has more visibility into their systems than ever before, and can obtain up-to-date compliance readings at any time. A full network audit and review that used to take “three man weeks” can now be done in a few days.
Elemental is deployed to the customer’s most critical resources, and the customer plans to roll agents out on its global security network later this year. Eventually, they see it fully displacing their legacy compliance system and other security systems, the customer said.
The results of the Elemental Security Platform have been immediate and far reaching, especially in terms of time and effort saved – allowing the customer’s IT organization to focus on other objectives. It has also reduced costs of compliance activities with fewer vulnerabilities to breaches and attacks, they said.
For example, Elemental has saved more than 20 percent of administrators’ time, due to improved processes around proving compliance and generating reports. It is no longer necessary to normalize reporting data from multiple products. In addition, the customer has avoided hiring four additional fulltime administrators to support the previous collection of security compliance products.
“Never send a human to do a machine’s job,” advised one user. “Automating these process makes for more timely results, increased customer satisfaction, and reduced workload. Without a tool like Elemental, we could never cover all of our bases.”
“We needed a tool that ran at the network and at the host, because without this visibility IT groups couldn’t tell the status or what was going on with their networks,” a senior director of information services continued. “Elemental eliminates a lot of work, and because it automates the reporting and fixes, it eliminates any human error, too. Elemental also provides a good audit trail and records what we’ve done to fix a problem.”
Finally, Elemental helps the customer save time and money during SOX audit and compliance exercises. The customer estimates that Elemental will save it approximately 20 percent of its average internal and external testing costs, a savings of more than $175,000 a year in SOX testing costs alone.
“Elemental helps us with our holistic security profile,” concluded a senior director of information services. “Everyone who has seen the solution fully understands how Elemental helps us manage our risks. We now have a better, consolidated solution, a proactive approach to our security and risk management, and we will save nearly one million dollars per year in support, administration and compliance testing fees.”
- Implementing Role-Based Access Controls
- Protecting Data Against Compromise or Loss
- Managing Security Policies
- Unauthorized Host Containment
- Sarbanes-Oxley Compliance
Note: The following is a case study of the Elemental Security Platform. Due to the customer's corporate security practices, the Company and its representatives must remain anonymous. The information in this document was gathered following recent conversations with the customer's Corporate IT personnel.