Swedish as foreign authorities are busting with costs and taxpayers' funds.
This case study shows how “A North American Government” planned to lower their IT budget and move out of their business into the hybrid/cloud, with at least the same level of security as today.
Consolidate, streamline, improve IT access across government departments
Fully Hybrid Solution
Multi cloud strategy to reduce IT costs
A simple answer is ‘relative’. Any security investments should be relative to the size and scale of the business of an organization. Cyber threat intelligence (CTI) is no different as well. Gone are the days where threat intelligence is offered as an add-on like a happy meal. According to the latest SANS 2018 CTI survey, most respondents agreed CTI is becoming more useful overall, especially to security operations teams. This has led to an increased deployment rate of standalone CTI platforms.
Any organization starting its CTI program should realize that threat intelligence is a process. But this doesn’t necessary mean it has to be manual or difficult in terms of cyber intelligence. Neither it is cost prohibiting if one knows the right sources where to digest from and how to do that. There are plenty of quality open source and private threat feeds available. For example, ShadowServer produces over 40+ different types of feeds alone.
Recognizing but more importantly, owning, the collection of threat intelligence is critical. You should be empowered to dictate the collection effort, regardless of formats or methods. And through automation, to help you focus on the intelligence that matters most for your organization.
One of the biggest challenge is how to make sense of the indicators collected. Sure, there are tonnes of indicators of compromise out there, such as the ones provided by Brute Force Blocker by Daniel Gerzo or vulnerable Netis router services by ShadowServer. But a system that could automate every single indicator you collect and inform you about the details behind every IP address can make a real difference. The details include things like the country of origin of an IP address, its network operator, which critical infrastructure it may belong to, a geo-location of the affected machine, or even its organization owner. With contextual information you can get, you can focus on the real intelligence which requires human touch.
No more alert fatigue, no more mundane tasks of searching or querying or reading large amount of texts or reports. Focus on actionable events which you can take action on, either as an analyst, a sysadmin or a network admin. The very same platform also allows your risk management team to conduct threat assessments and helps your organization posture and formulate security strategies and policies respectively. Justifying a security investment with the hard evidence and metrics is now much easier.
The big challenge was the number was wide for the Government Agency, they were also concerned about its current solutions, including traditional solutions such as VPN, firewalls and jumpers.
The basic need was to have central control of all user privileges.
The Governmental system has between 1,500-2,000 remote users at any give time and 20,000 users overall this the organization needed to ensure secure access to all its shared services. It required a solution to control and simplify remote, third-party and privileged user access.
The Agency wanted increased security, multi-factor authentication, granular controls for advanced roles and rights management:
Secure access of +20,000 users to applications, email, web servers and datacenters across departments
Centralize management of all network devices across the +20,000 users and third-parties
Integrate seamlessly with existing two-factor Authentication System Solution
“With more than 20,000 users, this government agency needed to ensure secure access to its shared services
It required a solution to control and simplify remote, third- party and privileged user access”
During the agency’s evaluation of technologies, it investigated AppGate SDP, a Software-Defined Perimeter solution that dynamically creates one-to-one network connections between the user and the resources they access.
Everything else is invisible including the system itself. AppGate SDP provides consistent, adaptive and context-aware access in hybrid environments.
AppGate SDP enables this government agency agility and flexibility to adapt to the dynamic demands of the workforce, constituents and third-party vendors. AppGate SDP provides real-time access on a need-to-know basis and enables a unified way to control access while maintaining an extreme tight security profile.
Cyxtera AppGate SDP Benefits:
Control privileged user access using secure, encrypted, point-to point tunnels to protect network resources and dynamically provision access;
Centrally managed solution to remotely secure privileged, remote employee and third-party network access
Extensible monitoring and alert management so that access to network resources can be tracked and monitored
Hopefully free resources, for other important purposes
- Because the security solution is based on individual / user and not the opposite, AppGate SDP was chosen
- AppGate SDP was easy to set up and apply security rules – all without needing to expose apps to the internet or rewrite legacy apps that are agency critical
- The agency was able to leave apps where they were, define authorization policies, record access logs and pinpoint who accessed what and when
- AppGate SDP integrated with the agency’s existing two factor authentication system which had already been deployed at a significant cost
- When tested, AppGate SDP proved to be one of the only out of the box solutions able to integrate with this system easily
- As a result: Higher Security and All at a Lower Total Cost -