REMEDIANT IS NOW PART OF NETWRIX  READ PRESS RELEASE

Blog
Get a Demo
Contact Us
Get a Demo
Menu
Contact Us
Blog
Get a Demo
Cybersecurity
lockheed-logo

Security Without Compromise

Remediant helps Lockheed Martin achieve instrumented compliance for privileged access.

At a Glance

Cyber DFARS Program Office sought a highly-scalable solution that coupled multi-factor authentication (MFA) and dynamic privileged access, and could meet compliance requirements (NIST SP 800-171) while minimizing impact to operations.

150,000

Devices managed globally

1

FTE managing globally

4

Hours to deploy & scan

The Background

In response to an ever-increasing number of data breaches involving government data, the Department of Defense (DoD) mandated, effective December 31, 2017, the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting, which levies far-reaching security requirements on all defense contractors and their subcontractors who store, process or transmit “covered defense information” (CDI) on a DoD contract.

The clause requires, among other components, compliance to 110 security controls defined in NIST Special Publication 800-171, with emphasis on network access and administrator privileges. In late 2016, industry giant Lockheed Martin established a Cyber DFARS Program Office to implement enterprise-wide solutions.

lockheed-martin-dims

The Challenge

Lockheed Martin needed a highly-scalable solution that coupled multi-factor authentication (MFA) and dynamic privileged access, and could meet compliance requirements while also minimizing impact to ongoing operations. The team started by evaluating a broad selection of legacy password vault solutions, as this mature technology was already in use across parts of the company.

It was determined that legacy password vault solutions could not meet the requirement for dynamic privileged access, and that the Remediant solution would be easier to deploy, more secure and able to continuously inventory the distribution of privileged access across Lockheed Martin’s systems. Lockheed Martin considered in-house resources to design and develop a Privileged Access Management (PAM) solution. However, internal development would be an expensive and time-consuming process that would distract from other security priorities in the near-term and build in an ongoing cost to the department.

While the option of in-house development remained on the table, Lockheed Martin’s Corporate Information Security team continued to look for an innovative partner that approached the problem from a new angle.

“When seeking a PAM solution that could meet our requirements, ease of integration, reliability, and scale were all critical, and we couldn’t afford to compromise in any of those areas. We needed a solution that the information security marketplace simply didn’t offer at the time.”

Mike-Gordon-lockheed-martin

Mike Gordon
Deputy Chief Information Security Officer,
Lockheed Martin

The Solution

Working in various information security-related roles in biotech and security consulting-led Remediant’s founders to the same conclusion: it was time to forge a new path in the world of privileged access. 

SecureONE is based upon three main principles:

  • Utilize the user’s own account for privileged access - not a generic or shared account which creates audit/traceability and compliance challenges.
  • Make the tool extremely easy to use, including a responsively-designed web interface and API-first architecture that is easy for administrators, DevSecOps, operations and information security teams to manage. 
  • Without installing agents, continuously scan for changes in privileged access across the enterprise, bringing a new level of insight and control over privileged access.

Stopping lateral movement calls for being careful about how privileged access is allocated. SecureONE takes a fully dynamic approach, assigning privileged access solely to the endpoints the administrator needs, and only for a specific time period. Even if administrator usernames or passwords are stolen, the zero-privilege baseline for protected endpoints
ensures that compromised accounts cannot be used to access systems, nor move laterally through the network.

During a security conference in Las Vegas, Lockheed Martin had their first glimpse of SecureONE, Remediant’s solution for managing privileged access. Impressed with what they saw, Lockheed Martin immediately requested a Proof of Concept deployment to test the solution’s features and scalability.

“It’s rare to find a simple solution that simultaneously improves compliance, operations, and security. Granting full administrator rights, Just-In-Time, to individual systems, improves administrator support coverage while drastically limiting lateral movement risk! Remediant SecureONE builds on the solution by offering multi-factor authentication, continuous admin inventory, full logging of when individuals access specific systems, and enterprise scalability.”
chad anderson lockheed martin

Chad Anderson
Cyber Mitigations Architect, Lockheed Martin

The Result

Compliance does not equal security, but solutions that clearly demonstrate improved security and compliance are surprisingly difficult to find. By making it easy to protect privileged access with MFA and continuously detecting any unauthorized privileged access, SecureONE accomplishes both.

In a matter of weeks, Remediant provided a dynamic, scalable PAM solution with minimal disruptions to Lockheed Martin’s 150,000+ endpoints. Today, Lockheed Martin meets its NIST SP 800-171 requirements while significantly enhancing operational security.

Today, SecureONE provides just-in-time administrator rights across the Lockheed Martin ecosystem, in countries around the world.

Lockheed-Martin-cyber-security-centre
lockheed-martin-customer-story
“Remediant worked an aggressive timeline and a full-lifecycle implementation across the global enterprise to provide added security for our desktop administrators. We call it ‘Instrumented Compliance’, which means not only being compliant but, more importantly, being able to continue to assure our customers and employees that we are protecting their critical data.”
Joel Johnson

Joel Johnson
Cyber DFARS Program Manager, Lockheed Martin.

Get a demonstration of Remediant SecureONE today!

See first hand how to stop lateral movement & prevent ransomware attacks by removing 24x7 admin access.

More

Customers →

Read

Use Cases →

Browse

Resources →