Delivering Agile Security at Scale
Our IC agency customer needed a way to establish and sustain full cybersecurity situational awareness of their IT infrastructure across multiple enclaves. Their mission is mobile and agile, and their IT systems support thousands of people in the field. They needed a way to monitor the security posture of every endpoint within their environment remotely, without having to be at a desk.
AI Solution Features
For over 8 years, AI has led the implementation and ongoing operation of enterprise endpoint management and continuous monitoring, leveraging the IBM Endpoint Manager (IEM) “BigFix” tool suite for our IC customer. AI provides situational awareness scanning throughout the environment to conduct real-time BigFix file and hash analysis of any host on the wire, detect malicious files that have surreptitiously entered the enterprise and quarantine infected assets in question. AI created a customized innovative solution around the BigFix product suite, including the development of a customized Web Console that provides a role-based confined set of functionally that does not require the user to be on the same LAN segment. The Web Console provided the ability for local customer administrators to register for access, integrated with the BigFix Web Reports application, and provided user action auditing and logging. The Web Console was developed to be easy to use in other component or customer environments and supporting field operations with real-time continuous monitoring and SIEM data within a security posture dashboard.
Benefits to the Customer Mission
Our solution provided remote and mobile real-time visibility and continuous monitoring for the customer’s environment of over 100,000 endpoints across multiple security classifications. Our custom-built Web Console enables over 500 customer field Information Technology Support (ITS) staff to deploy software to their managed OUs based on Active Directory group membership. Utilizing the automated data feeds from BigFix, we developed an automated mechanism for the customer to consolidate and obtain asset information, streamlining the monthly reporting requirement such as NIST compliance and RMF.