Security Company Wins Government Infrastructure Evaluation Project
This security specialist installed data encryption products to plug major security holes at a bank, a power company, and a city municipality.
CyberDefenses, Inc., located in Round Rock, TX, is a network security company that focuses on information assurance products and managed services. The company provides a number of security assessment services, including a complete cyber (computer, network, and Internet) security evaluation. Recently, CyberDefenses performed a cyber security evaluation as part of a Congressionally funded project to research the network infrastructure in the United States. CyberDefenses won this contract as a result of existing relationships it had with DoD contractors and government agencies.
In this case, the federal government wanted to look more deeply into vulnerabilities in the banking industry, power grid companies, and city municipalities. The goal of Congress was not to point out deficiencies in specific organizations, but to better understand the network security deficiencies we face as a nation. The organizations picked for this study ranged in size from 600 to 4,500 computer nodes. CyberDefenses performed cyber evaluations and made remediation recommendations to each organization.
"The results of our research showed that each of these organizations was lacking in network reliability and data confidentiality," says Randall Casey, CEO of CyberDefenses. "As part of our evaluation, we gave each organization a cyber security score. In the banking example, all data was being passed to and from remote locations in the clear [data passed without encryption]. Power companies also have systems that are communicating to each other in the clear. In these examples, each organization scored in an acceptable range on data availability. However, each failed on the reliability and confidentiality aspects of the evaluation."
Casey determined that data encryption was necessary to solve the reliability and confidentiality problems. In both cases, Casey recommended packet-based encryption as opposed to channel-based encryption. Packet-based encryption is less expensive, and the appliances have a smaller physical form-factor than channel-based encryption devices. "In both scenarios, we recommended the CipherOptics Ethernet Security Gateways," explains Casey. "We recommend CipherOptics because its products are compliant with regulations such as BASEL II [International Convergence of Capital Measurement and Capital Standards - A Revised Framework], California SB1386, GLBA [Gramm-Leach-Bliley Act], HIPAA [Health Insurance Portability and Accountability Act], and SOX [Sarbanes-Oxley Act of 2002], and they are FIPS [Federal Information Processing Standards] 140-2 Level 2-certified. The CipherOptics gateways also do not degrade network performance."
In the banking and power company examples, CyberDefenses installed four CipherOptics ESG100 gateways to encrypt packet traffic transmitted via WAN connections between the main offices and branch locations. In the municipality example, CyberDefenses used the ESG1002 to encrypt Gigabit Ethernet traffic transmitted between departments on a LAN. The ESG100 provides full-duplex protection up to 190 Mbps. The ESG1002 provides full-duplex, Gigabit speed protection. In both instances, CyberDefenses installed the gateways for 30-day trial periods. Those trials will end later this month, but the results to date have been exactly what CyberDefenses expected — no data theft. As security companies know, no data theft and no user complaints mean the gateways are passing muster.
Data Encryption Can Be Plug And Play
Encryption seems complicated, but the installation and configuration of the CipherOptics gateways was simple, according to Casey. "Because they are purpose-built appliances, both the ESG100 and the ESG1002 integrated into the existing networks without a lot of complicated work," he says. "The gateways plug in at each end of the WAN or LAN, can be installed in 15 minutes, and operate transparently to users. We look for security solutions that do not require a long period of time to implement, nor do they require a lot of in-depth customer training."
As a result of those cyber security evaluations and CipherOptics product trials, CyberDefenses has gained validation for its cyber security evaluation process, and the company expects to double sales in 2007. With annual revenues of more than $5 million and a sales growth rate that has averaged 250% for the last five years, CyberDefenses is a great example of the explosive growth potential that exists in providing network security solutions.