New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
Xceedium GateKeeper Helps Department of Homeland Security Battle Insider Threats and Maintain National Security

Background: The U.S. Department of Homeland Security (DHS) is a cabinet department of the U.S. federal government. Founded in 2003, the DHS was created in response to the horrific attacks of September 11th. Its mission is to secure the nation, protect it from terrorist attacks and respond to natural disasters. Headquartered in Washington, D.C., the DHS employs more than 230,000 people who are dedicated to keeping the nation safe. It is the third largest cabinet department, after the Department of Defense and Veterans Affairs, and it has a geographically dispersed network with 21 component agencies.

Challenges: The DHS has a vital mission: to secure the nation. At the core of this mission, it was critical that DHS first improve and secure its own infrastructure that supports 21 geographically dispersed component agencies.In 2009, the DHS’ Office of the Chief Information Officer, Information Technology Services Office and Risk Management Control Division were faced with the challenge of unifying the 21 component agencies. Their challenge was to strengthen the components through the creation of one secure network and reduce the number of data centers.In order to do this, the DHS needed to coordinate centralized, integrated activities across components that are distinct in their missions and operations. With scores of administrators accessing key infrastructure at these core data centers, the DHS’ Risk Management Control Division was tasked with ensuring contained access and monitoring, logging and tracking all administrative changes to its systems.In addition to stringent security policies, the DHS is subject to compliance regulations including Federal Desktop Core Configuration (FDCC) standards. Launched by the Office of Management and Budget in 2007, the FDCC ensures that federal workstations have standardized, uniform, desktop configurations to enable more consistent and better documented security while reducing costs.The DHS needed a solution that would allow it to support the component consolidation effort, transforming the 21 sites by unifying and controlling access to key servers at those sites while maintaining the separation of duties within and across the component agencies. It also needed a solution that could quickly and easily be dropped into technology already in place. This was a challenging task because the DHS has a wide range of platforms and operating systems, including mainframes, UNIX, LINUX and Microsoft Windows.

Best Deployment Scenarios and Case Studies

Solution provided by Xceedium, Inc.: The solution criteria were crystal clear. The DHS needed a solution that supported remote access, desktop virtualization, two-factor authentication and auditing. It also needed out-of-the-box multi-platform support along with integration with existing security products. As part of the selection process, the DHS vetted several products from a variety of market leading vendors. The obvious choice, however, was GateKeeper – Xceedium’s Zero Trust Access Control solution. The DHS selected Xceedium’s GateKeeper to provide access control for privileged users, including company employees, partners, consultants and IT staff, along with computing infrastructure. GateKeeper controls, contains and audits the activity of privileged users, whether they originate from inside or outside of the network. GateKeeper enforces fine grained access control policy on users, contains them to authorized systems and applications, and monitors, logs, records and reports their activities for compliance and security risk management. This gives DHS control over its privileged users and high risk assets. It also allows DHS to enforce access control policies and contain users in a manner that enables them to see only the network resources to which they have access. An identity-based access control solution, GateKeeper provides the DHS with access control, user containment and audit-quality logging in a single appliance-based offering. From an operations and risk perspective, this allows the DHS to granularly control who gets access to what servers, when and for how long in an easy-to-manage unified offering. GateKeeper’s patent-pending LeapFrog Prevention technology also enables DHS to contain users from its 21 sites to authorized systems and applications without any reconfiguration of its network.GateKeeper’s Command Line (CLI) and DVR-like Graphical Session Recording capabilities also addressed the DHS requirement to maintain end-to-end accountability. 

Summary: Xceedium’s GateKeeper has increased security awareness at the DHS. With GateKeeper, the DHS has been able to provide privileged users with highly secure access to key servers in its facilities. As a result, the DHS has increased network security while enforcing security policy. The DHS has used GateKeeper to maintain FDCC compliance. It does this at the desktop level since the secure access is provisioned via a Web browser without an additional desktop client required.The DHS has also used GateKeeper to streamline operations. This has been possible because GateKeeper provides a single solution for controlling, monitoring, logging and tracking all administrator changes. Now, DHS can easily determine when a change was made and the implications of that change.“After several months of use, Xceedium GateKeeper has made a quantifiable impact on our data center consolidation efforts. Not only do we contain administrators to approved systems, we now have an audit trail that provides lessons learned for any issues, putting us in good stead for compliance,” a DHS security expert explains. The DHS derived several additional benefits from the appliance. First, DHS found the anti-leapfrogging capabilities beneficial, which contain users to authorized resources. Another benefit was being able to add keystroke loggers to administrative accounts and prevent them from doing any intentional or unintentional damage. An unexpected benefit was that the Xceedium training increased the awareness of a PIM policy to administrators.Purpose built with the needs of highly complex, geographically dispersed and heterogeneous technology infrastructures in mind, GateKeeper is the only turnkey-solution that provides unmatched access control and audit capabilities. Using GateKeeper, DHS is able to centralize and streamline all administrator activities required to provide real-time accountability for access, delivering the necessary proof for compliance.

Xceedium, Inc.
2214 Rock Hill Road, Suite 100
Herndon, VA 20170 U.S.A.

Bookmark and Share  

Follow us on twitter   Join us on LinkedIn   Photos on flickr   Watch us on YouTube   Become our fan on Facebook   Google   

Volunteer To Be A Judge
Apply today to be a preliminary-round judge for the 2011 awards. If you qualify, you'll be assigned categories based on your experience and industry. Apply now to be a Judge>>
More Best Deployment Scenarios...
Current threat scenarios, best deployment scenarios and case studies Learn more>>