San Francisco cyber security startup Remediant partners with Lockheed Martin to protect sensitive government information
Anyone who has ever worked for the government knows how critical is the protection of sensitive government information. While the threat landscape continues to evolve, some of the top government contractors have limited capabilities to battle the bad guys and protect vital and sensitive information that is required to protect the nation. The government agencies also enacted new policies and regulations to protect valuable information. A good starting point to protect sensitive information is having proper controls in place for tracking the usage privileged accounts. These accounts allow for users to be able to do work that, in some cases, may be abused and misused.
Last year, the Department of Defense (DoD) issues a new regulations regarding the management and protection of Controlled Unclassified Information (CUI) that caused a stir among defense contractor IT teams around the globe. The regulation, Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, requires that DoD contractors meet the specific security standards described in NIST Special Publication 800-171 to ensure that CUI is protected. Defense contractors undertook significant efforts to meet the December 31, 2017 deadline, only to find that the technology solutions available to meet the requirements were limited. However, the San Francisco-based startup, Remediant, has solved some of the greatest technical challenges in the new regulations in a completely unique and innovative way.
When global defense contractor Lockheed Martin began to research a solution to their compliance requirements, they quickly discovered that none of the solutions available in the marketplace met their needs, while solutions potentially developed in-house were deemed too expensive. Lockheed then found Remediant. Founded in by2015, Remediant helps enterprises protect their privileged accounts from misuse and abuse. Remediant’s product is called SecureONE, and it not only met, but exceeded, Lockheed’s technology requirements. SecureONE limits the amount of time an individual’s login has privileged access to a target system, thus restricting access to the absolute minimum needed. Even if credentials are compromised, this technique blocks the misuse of those credentials for any kind of privileged access. Unlike the conventional approach to privileged access problem, Remediant’s SecureONE approaches it in a completely new way by shrinking privileged access attack surface by more than 99%, while also significantly reducing compliance gaps.
“When seeking a PAM solution that could meet our requirements, ease of integration, reliability and scale were all critical, and we couldn’t afford to compromise in any of those areas,” said Mike Gordon, Deputy Chief Information Security Officer, Lockheed Martin. “We needed a solution that the information security marketplace simply didn’t offer at the time.”
In a matter of weeks, Remediant provided a dynamic, scalable PAM solution with minimal disruptions to Lockheed Martin’s 150,000+ endpoints. Today, Lockheed Martin meets its NIST SP 800-171 requirements while significantly enhancing operational security. “Remediant worked an aggressive timeline and a full-lifecycle implementation across the global enterprise to provide added security for our desktop administrators. We call it ‘Instrumented Compliance’, which means not only being compliant but, more importantly, being able to continue to assure our customers and employees that we are protecting their critical data,” said Joel Johnson, Cyber DFARS Program Manager, Lockheed Martin.