Government agencies at every level face rising cyber threats, evolving compliance demands, and limited IT resources, all while maintaining critical public services.
Join us to explore how CimTrak empowers government entities to strengthen cybersecurity, detect unauthorized changes, enforce configuration integrity, and recover quickly from incidents. Learn how CimTrak aligns with Zero Trust, NIST 80-53, CMMC, FISMA, and more to support compliance and operational resilience.
The webinar can be listened to in its entirety below.
Madeline: Hello everyone, and thank you for joining us today. We will start in a minute or two, as I see some more people logged in. And I want to give everyone a chance to get settled.
Thank you. Good afternoon, everyone. My name is Madeline Turner, and on behalf of Carahsoft Technology Corporation, I would like to welcome you to our Cimcor webinar, Securing Government Systems at Scale, How CimTrak Delivers Unprecedented Visibility, Security, and Cyber Resilience.
Before we start, I would like to review a few housekeeping items. The audio portion of this webinar can be heard through your computer speakers. And please note that all your lines have been muted to reduce background noise.
If you would like to ask a question throughout the presentation, please feel free to do so using the Q&A pod at the bottom of your screen. We will set aside time at the end of the presentation to host a Q&A session, and our speaker will answer your questions over the line. If you are unable to get to your question, our Cimcor team at Carahsoft will follow up with you offline.
This webinar is being recorded, and a link will be sent out in a follow-up email for you to view. Carahsoft is a trusted government IT solutions provider, delivering software and support solutions to federal, state, local, and education customers. Carahsoft maintains dedicated teams to support sales and marketing for all of its vendors.
We are pleased to offer one continuing professional education, or CPE, credits to those that attend today's webinar. In order to qualify the credits, you must be present, registering your attendance by signing in with your full name and actively participating in the polling questions throughout the entirety of the webinar. For more information on the CPE credits we are offering, our CPE sponsor NASBA, and the submission process, please feel free to contact us after the webinar.
If you meet all of today's requirements, you will receive your certificate of completion within two weeks. At this time, I would like to introduce our speakers for today's presentation, Robert E. Johnson III, CEO at Cimcor, Justin Chandler, Senior Solutions Engineer at Cimcor as well. With that, I would like to turn it over to our presenters of the day, Robert and Justin.
The floor is all yours.
Robert: Thank you. Appreciate the opportunity to speak with you all.
Again, my name is Robert Johnson, and I'm the President and CEO of Cimcor. So today we're going to be focusing on operational resilience or resiliency. And by that, we're going to be exploring things such as how do we add real-time system visibility into what's happening in your infrastructure? Techniques for implementing rapid recovery and leveraging capabilities to allow you to do just that.
And automated configuration control. So let's dig deeper. First, let's discuss why.
Well, we're in this battle where the compound annual growth rate of our security spend for the last 10 years has been on average about 9.1%. Now, we're spending 9.1%. However, the growth rate in terms of security breaches is much more. We're looking at 21.8%. Here's another interesting fact to level set. So often we think about the cloud being more secure, where according to the IBM cost of data breach report, we've learned that it actually takes 29 days longer to even realize you've been breached in the cloud versus on-prep.
And then perhaps one of the more telling stats and really sets the stage for what's so important here in this presentation is that of the 100 largest security breaches in both federal and commercial sectors last year, each and every one of them, each and every one of them had endpoint protection, had a SIEM, had vulnerability management, had threat detection and response. So our industry has some challenges here. And on top of that, we have some cybersecurity-related challenges as well.
We, at this point, 90% of all cyber attacks are beginning with phishing attacks and social engineering attacks are becoming more effective because they're leveraging AI. And our systems are aging. 60% of all federal systems at this point are outdated or use unsupported software.
So we're fighting this level of technical debt. It's becoming increasingly difficult to patch, in fact, and handle the configuration management process. In fact, misconfigurations cause 80 to 90% of all breaches according to the Verizon data breach report.
And the insider threats, which doesn't just mean malicious threats, it can simply be unintentional issues related to insider threats, comprise about 30% of all federal breaches. And then, of course, we're all concerned more and more about supply chain attacks. It became very clear with Colonial Pipeline and several incidents since then, including the incident that just happened on Friday, where we saw federal systems starting to be compromised one after another, in fact, dozens, because of an exploit of Microsoft SharePoint.
So these supply chains, third-party risks are becoming more prevalent. We can no longer work in a silo, of course, but if we're not going to work in a silo, these risks are real and we need to find a way to compensate for them. And then, of course, we also have a compliance challenge.
We're all marching quickly toward implementing zero trust, and we have multiple objectives. It feels as if the number of compliance frameworks and regulatory requirements that we somehow need to comply with is just growing every year, where there's RMF or FSMA or FATRAMP or for some of our vendors, CMMC. And we also know that one of the key objectives is to find a way to achieve continuous compliance, continuous monitoring, and continuous authority to operate.
And then how do we prove that our configurations and our baselines are exactly how we expect them to be? And the theme for this year has been, do more with less. We have fewer resources in terms of less budget, but also fewer resources in terms of the workforce. How do we accomplish more with less and adequately secure our enterprises? It all boils down to operational resiliency.
Now, let's define that, folks. Operational resiliency is the act of maintaining essential operations under duress, under stress, in scenarios that unexpected things happen. That's operational resiliency.
And some of the core components to achieving that is visibility, integrity, and recoverability. And many of these are also the foundations of zero trust. However, if we would like to achieve operational resiliency, we have some headwinds.
One of the headwinds is this delayed detection and response. So often, because we don't have complete visibility into unauthorized and unexpected changes throughout our infrastructures, things happen, changes occur, and we just don't even realize it. So it takes a while to identify it and respond.
So significant headwind. Another headwind in terms to operational resiliency is we put a tremendous amount of effort into building the systems, configuring them according to best practices, and tuning them just right. But then over time, we see these systems in production gradually drift away from that certified, authorized state.
That's called configuration drift. And that configuration drift introduces much more risk into our organizations. And as I mentioned, we have the headwinds related to all of the new compliance frameworks and requirements that we're constantly bombarded with on top of the increased burden to provide evidence that we're doing the right things.
And then finally, the technical debt is becoming a little overwhelming for many organizations. And implementing patch management is becoming a challenge as well because it's so difficult to patch systems for which they're out of date, there are no known patches for it. So you have to put in mitigating controls, which also increases the burden and is one more headwind.
So our product, CimTrak, the CimTrak Integrity Suite, is really focused on how do we deal with some of these headwinds? So CimTrak is focused on helping to identify unwanted and unexpected changes throughout your enterprise. And when something is detected, it lets you know about it right away in real time, sends the appropriate notifications to your SIEM or to your SOAR or to some other backend system. Now, uniquely, it also has the ability when something unexpected happens to automatically fix it, literally changing things right back to how it was.
Now, this is in your control, in your option, but the ability to automatically roll things back to an authorized state. In other words, CimTrak allows you to layer on resiliency into an existing infrastructure. What do we gain? We gain the ability for CimTrak to reduce your risk.
It reduces the detection time. What are those headwinds? It increases resiliency and enables you to finally implement continuous compliance, continuous monitoring. Now, this chart here really kind of indicates really a day to life in security teams.
This is something that this really corresponds very closely to your incident response plans. You know, there's an event. And from your endpoint protection, say.
And that event is picked up by the NOC or SOC or analyst. They investigate, triage, or respond. And then they remediate, recover, repair, and restore.
This is a plan that's implemented over and over again by your security teams. It's nothing new. This is their incident response plan.
They do it on autopilot. And they do this plan over and over again. IBM says that this entire process takes about 64 days to work through this plan.
Now, the concern though, is that even though this is standard fare, this is what your teams do day in and day out, this is a plan they know like the back of their hands. The issue is that according to the same cost of data breach report from IBM, the real issue starts before then. They illuminate that it's actually 194 days before organizations even realize they've been breached.
So that's 194 days that bad actors can prepare. There's 194 days where bad actors can modify things in your systems. 194 days that they can escalate privileges.
194 days that they can increase privileges and install back doors. Mike Tyson once said that everyone has a plan until they're punched in the face. Well, ladies and gentlemen, this 194 days, this is a punch in the face of the entire security industry.
Things aren't working. And to add insult to injury, that punch to the face costs on average $4.88 million for every breach. Our objective at Cimcor is to take that 194 days and shrink it to just seconds and minutes.
That's the whole mission of our product and of our company. Now, you remember that 64 days where you're implementing that plan? Well, we also feel as if, if you haven't given bad actors 194 days to do basically whatever they want on your networks, well, then you probably don't need the entire 64 days to actually remediate or mitigate or repair the damage they've done. Because now you've understand, you'll have complete visibility into what's happened in that period of time.
So now we're shrinking things on a back end that 194 days we're shrinking, and we're also shrinking that 64 days. Together, that is a tremendous reduction in manpower, visibility, capability, and resiliency. So again, CimTrak detects and prevents unwanted and unexpected changes in real time throughout the enterprise.
And we do that via our patented real-time detection system, layering on automated remediation capabilities, rollback capabilities. Giving you the tools needed to do continuous compliance, continuous monitoring, remediation, enforcement. And then finally, providing you with a single pane of glass that you can use to create policies throughout your enterprise to ensure that everything is in a state that you expect.
What's the result? Well, hyper-visibility and the self-healing resilient infrastructure that reduces man hours, and that frees your team with limited resources to focus on other initiatives in your organization. More and more folks are understanding this paradigm shift and what we're trying to explain. So companies across multiple sectors, whether in banking, technology, government, energy, education, healthcare, across all vertical markets, folks are starting to realize that this hyper-visibility, understanding the state of your systems and when they drift away is a critical component of the cybersecurity strategies.
So I keep, I've mentioned the word integrity a few times. So what is integrity management? Well, some of you on the line are thinking, well, I've heard that word. And you hear it in terms, often in terms of file integrity monitoring.
Well, we mean much more than that. We're interested in providing you with the visibility, not just for files, but files, settings, directories, configurations, users, groups, active directory users, database schemas, LDAP configurations and privileges, servers, network devices, cloud configurations, hypervisors, VMware containers. Listen, our objective is really to provide visibility into changes into all the components to drive a modern day infrastructure.
And when you have that level of visibility into what's happening, well, we can translate that into three core pillars of capabilities. From a security perspective, we can layer on real-time detection, system hardening, assessment, enforcement, and even configuration. Configuration management, change control, release management, change prevention, rollback remediation.
This is security-related functionality that really improves the resiliency of your infrastructure. And we can also, from a threat intelligence perspective, digest your sticks and taxi feeds, perhaps from some ISAC, perhaps from DHS, and leverage all of those hashes that happen to be inside of those threat feeds to identify potential threats throughout your network. And then, to leverage things such as CIS benchmarks and DISA sticks, leverage these benchmarks to provide insight into the security posture of your entire organization.
And then translating that data into one additional form, and that's into evidence for your auditors or inspectors for all the various compliances and frameworks that you need to comply with. And then, of course, we integrate into zero-trust platforms. We're going to explain that a little bit later.
But then we tie it all together with a strong workflow reporting layer where we can integrate to various ITSM systems. We can connect to SEMs, a strong and flexible reporting subsystem with a REST API-first design. Now, here's a diagram I find quite interesting.
This is from Gartner's Cloud Workload Protection Platforms Report. Now, when you look closely at this pyramid here, you'll see the most foundational items at the bottom and the least critical items at the top. But let's think about that last trade show you went to or the discussion you had around the water cooler about cybersecurity.
Well, if you look at the top of this chart, chances are your conversations or that booth you passed by, they all were in these top three boxes for the most part. Anti-malware scanning, vulnerability shielding, EDR, threat detection and response. This is where our conversations really tend to dominate.
When was the last time you sat around a water cooler talking about system integrity assurance or network visibility or configuration and heartening? Those just don't receive the mind share. But again, those are the foundational elements that are required to create a resilient infrastructure. This is where CimTrak fits.
In terms of allow listing, system integrity assurance, heartening, configuration, change management. Now, as I mentioned, we're in a mission to monitor everything. Whether it's cloud providers or containers, databases, database schemas, directory services, hypervisors, not just virtual machines, but we're talking about the settings and configurations of the hypervisor itself.
For instance, network devices, and this is not a complete list. This list is growing all the time. Servers, workstations, even monitoring platforms such as zero trust platforms, such as Zscaler.
And we also believe that it's important to integrate with other devices and other platforms. We don't want to be a security platform that is a siloed type of product. We believe that if we can connect, not just send data to another tool, but our real objective is to find a way to integrate in a meaningful way.
When we're integrating with certain vendors, what we're thinking is if they implement CimTrak and they have this other tool, now there's a synergy and we're hoping to unlock capabilities that you have never seen before, even in the other tool. That's the mindset as we approach integrations. Not let's just send data.
Let's find a way to solve additional problems together. So how does this work? Well, you may have tools out there, for instance, legacy old school FEM tools. And yes, they'll tell you when some things change, but they'll tell you when things change without any context.
And without context, what does that mean? It's just noise. So CimTrak focuses on detecting the changes that matter. So that means suppressing things such as patches and updates, heartening, changes, known good files, suppressing that, leaving you with malicious changes, unwanted changes, bad changes, perhaps incorrectly configured machines according to something like DISA STIGs.
Let's dig a little bit deeper into DISA STIGs. CimTrak can assess all of your systems to ensure that they're configured according to the best practices as defined by DISA STIGs. You can also do that for CIS benchmarks, if that's what your organization uses.
And not only can it assess each of the endpoints to make sure that they're complying and configure properly according to DISA STIGs, but here's the big time saver that's very relevant in today's environment. It also has the ability to identify of the 400 tests, 300 have failed, and now it can automatically configure those systems to meet the requirements of the DISA STIGs. That, ladies and gentlemen, saves you time.
It saves you many hours of configuration and adds predictability into your infrastructure. So, as I mentioned, Cimcor really unlocks this real-time capability and recovery capability, giving you the insight into when things change unexpectedly and the capability to roll back to a trusted state. It basically is a paradise shift.
So far, our industry has really been focused on the right of boom, where this is where the incident response plans, disaster recovery plans, and business continuity plans are the de facto method for handling situations. But it takes an inordinate amount of time in those scenarios because it's all reactive. What if we were to move more activities left of boom, left of the event, moving toward a more proactive capability? So when I say moving some of these activities left of boom, what I mean is spending more time on the configuration management side, spending more time creating authoritative baselines of how your system should look and tying that with the visibility of a product like CimTrak.
That allows us to flatten each one of these curves, which represent time for incident response, disaster recovery plans, business continuity plans. You know, another way to look at it is this is your stress level, pretty high. And in the proactive mode of operation after an event, imagine your stress level being lower.
We also have to deal with variety of compliance mandates, RMF, CMMC, FISMA, CimTrak. You're gonna learn that a product like CimTrak, because of its integrity capabilities, can help you meet up to 47% of the requirements of CMMC level one, for example. And that same pattern is for all of the other compliances out there as well.
I wanna point out one more main point, is that we're moving toward the Zero Trust world. And Zero Trust as defined in this 800-207, it has seven key tenants that define the core capabilities of Zero Trust infrastructure. Well, tenant number five states that the enterprise monitors and measures the integrity and security posture of all owned and associated assets.
That sounds just like a description of the product CimTrak. That is exactly what we do. Now, I did mention that there were seven tenants related to Zero Trust.
So we help with tenant number five, but it takes a village to implement Zero Trust throughout the enterprise. So it takes more than one tool. So here are the seven tenants of Zero Trust as defined in NIST 800-207.
And some of them, for instance, tenant three and four, this is really your micro segmentation. And you have your micro segmentation vendors. Tenant six, this is identity and access management.
Tenant seven, this is your SEM. But tenant number five, I almost feel like this is sometimes considered the forgotten tenant, because there's only one tool that really meets the requirements of tenant number five in that CimTrak. So CimTrak can be figured in a variety of different manners.
We have three different core plans, Standard, Pro, and Enterprise. And a variety of additional capabilities that you can purchase optionally. But I really like to jump directly into a demo.
So at this point, I'm going to turn things over to our Senior Solutions Engineer, Justin Chandler, and you'll see this all in action.
Justin: Thanks, Rob. As a quick look at the architecture, there's really a couple of components that makes all this work. Our database, which is CimTrak's master repository, our web console, the GUI, which lives in your environment on a dedicated Windows or Linux host. But agents are installed on the endpoints that you want to monitor, protect, or scan for hardening. And our collector is a different agent who can do remote monitoring across the network to support things where you can't always install an agent.
And we have lots of other modules to help enhance this suite to help you track these changes as they get detected, making sure they're good or bad, if they're threats, if they're not, integrating the ticketing systems, zero trust platforms, and SIEMs. But let's look at a real-world example before we dive into some of the capabilities that we have. So, like Rob mentioned, just over the weekend, something bad happened.
New CVE was registered, and it's related to SharePoint, the on-premise solution where, you know, there's some vulnerability where they could start putting out some API requests. All of a sudden, they have remote code execution capabilities where they can implement new privileges, make changes, unwanted changes, configuration changes, steal data, change your information. And there's a couple of reported known file hashes that were involved with this compromise.
And while it was identified over the weekend, Microsoft has already responded and fixed both versions of SharePoint. But remember, unpatched systems are still vulnerable. But what actually happens in this scenario? Well, in this particular CVE, this hack happens to be a particular API request that goes out, magically gives them some abilities due to this bug or exploit to get remote code execution on the server where SharePoint lives.
Well, now that they have that, they can do a lot such as malicious file deployment. In particular, there's a file that they want to put out that will let them execute PowerShell commands to gather more cryptographic secrets from SharePoint to get deeper level of access into the database, making more modifications at the SharePoint SQL Server database level or at the system level itself. And now that they're here, they can already swap keys, get access to other systems, and it's really move laterally throughout the environment.
And by this point, it's complete chaos. They're making changes to everything. They got the keys to the kingdom, exfiltrating data, changing things, system configs, hardening, maybe throwing ransomware on there.
I mean, get creative. There's a lot of things you're going to do. Well, CimTrak actually helps with the majority of this entire attack.
How? You'll see in a moment, but CimTrak's going to detect this change in real time, providing full forensic details about the changes that are occurring on the system related to this hack I'm going to simulate. Changes that happen to the backend SQL Server database can be monitored by CimTrak. If you have external storage outside of SharePoint using EBS or RBS, those large files that are stored outside of it can be monitored by CimTrak for integrity as well.
And you're integrating some of the different threat intelligence services and integration CimTrak has to help enhance the data that we receive and learn if these threats are showing up in your environment. So how does it work? Well, here I am in a Windows environment, and I have some critical files I'm monitoring on Windows. And just today, my unpatched system has been attacked.
A lot of things just changed all of a sudden in front of my eyes. And if we go back to CimTrak now and take a look at the logs about what happened, we're going to see a lot of information. Coming down to the bottom, we can see a file SP install zero ASPX was added.
That's the file that this entire vulnerability talks about. And a lot more changes occurred, all caused by PowerShell and the administrator user. All my critical files have been encrypted.
Some were removed and changed. All types of craziness is going on. All from this one vulnerability.
Now, in this scenario, three days ago, this was a zero-day attack. No one even knew about it. Well, just know that on day zero, while we may not know it's a threat, this would be the only tool in your environment to actually wake up and tell you that this action, activity, and forensics actually has occurred.
But if it was a known threat, like it is three days later today, we could actually learn that from some of our integrations and let you know that this file was added to some system in your environment in real time with the full forensic details gathered from that external source. This is stuff that's happening right now today, and every new day, a new CVE gets launched. And all the time, my team wants me to see how CimTrak can help with it.
And every time, there's a huge use case because of the sheer information, data, and the visibility that we have. But that's the real-world example. You know, the scope is bigger than this.
Our agent on Windows, Linux, AIX, Mozilla, can monitor much more than just files. It could be registry keys, installed software, drivers. And in CimTrak, it's super easy to navigate, configure, and get these things selected to monitor.
But we monitor in different ways beyond just logging. We can even tell you what changes in a file. Isn't that the most important part? Some guy came in here, ruined your configuration, changed it all crazy.
Well, some tool might tell you that the file changed. But here, CimTrak actually tells you what changed. Side by side, line by line, talking about that 200 days to identify and 64 days to contain and remediate.
You may not even know what caused the outage. Well, here, it's very clear. If some configuration changed, application goes down, here it is.
And seconds later, you know exactly, side by side, line by line, what content, attributes, permissions, all the things that changed around that file. And we even provide the ability to do manual or automatic rollbacks. With CimTrak's update baseline mode, you'll have the ability to go look back through every iteration of your directory and maybe go back to before some bad thing occurred, some bad action occurred, like this file from the CD you were talking about or some other file that was infected and rolling back to some previous state with our deploy function.
But we can even do that automatically with restore mode. It will restore any change automatically. Hands off the keyboard files are removed and CimTrak sees that and automatically puts them back in the folder where they belong based on your baseline.
This is the only tool in the world that can do this. And we can go better than that with deny access mode, we can completely block the change, whether you're an admin, domain admin, system, doesn't matter. CimTrak can protect these files from ever being changed in the first place.
And providing all these logs in true real time, the action, the user, the who, the what, the when, the where, that can go outbound to SIEM tools, Syslog, SNMP, email to get all this awareness out about these changes. And it's beyond files. It could be Active Directory, SQL, a network device, talking about the SQL server.
Here's an example, AdventureWorks database could be the SharePoint database for your production host. What if there was new database admins being created, modified, schema, stored procedures, triggers? You know, this is visibility beyond files that we can provide. Or a Cisco device, the front facing configuration of a firewall is changed, boom, network goes down.
Yet again, having the visibility of exactly what in this config is changing side by side, line by line. But beyond integrity monitoring, something else that's important is a secure posture of your system. How hardened is your system? And we can track how hardened it is based on two sources, CIS and DISA STIGs.
Here's a 2019 host, shows about 26% passing. That's not good. We can look in the details to see all what's wrong, sort, look at the failures.
Oh, got to rename the admin account. And why would I do that? They tell you why it's important. It's an easy account to hack.
Okay, how do I fix it? Here's the remediation step. It's a local security policy; go change it. Oh, but you can't change it.
You got a critical program, it needs it. Well, with a waiver, you can mark down a super special program or reason you have to bypass this thing. You're not going to do it.
You don't want it to say fail. Now it's in wait and you built an audit story around it. And now that we've captured how hardened that host is, we can even see how compliant it is too.
We've already looked at all these system settings. Yeah, we told you if they're hardened or not, but now let's see if they're compliant or not based on all these different frameworks we support. It's all the same data.
They're just asking for the things in different languages. As an example, if I take a look at a CMMC report, it shows the date, the host, the compliance in order like the auditor would want. And what we'll do is input the actual evidence that they're looking for to show that you meet compliance for this particular item because you pass these hardening tests.
And we even show you the system value on the host showing that your registry key or group policy is this value. And in this particular case, CMMC expects it to be this value. So the clear picture for the auditor and engineer for everyone to see if this is in a good state or a bad.
But we can even fix this for you. With our mediation plan, it gives you the ability to do just that. Here, we can set a plan to go fix all the problems that CimTrak identified.
By default, all the failures are enabled. I do a little shortcut to do a wavery here if you want to skip. Once I identify everything I want CimTrak to fix for me, now I click a single button, Remediate, and CimTrak does that.
It'll touch over 400 security policies, which you already know how long it takes to make a GPO template, push it out. That doesn't work. You got to reboot.
It still doesn't inherit. GP update slash force doesn't work. Reboot again on a scheduled time.
It's insane. All here in a couple of minutes, CimTrak took my system from 26%, I think, up to 97. And I got two more GPOs to change.
That is huge. The amount of time, effort it takes to get this done while making your system more secure and compliant. But if we can identify these integrity violations and identify these compliance violations, do these systems belong on your zero trust network if they're not hardened, if they're not in a state of compliance, if they're not in a good state of integrity? And the answer is no.
With integration with something like Zscaler, we can actually automate your security and mitigate damage based on these violations working with Zscaler. So in this case, it's a ZIA laptop employee, and we plug in some credentials. We tell CimTrak what standards we wanna track.
So we scan the box, but now we're gonna set an extra rule. If this system fails, let's update the ZIA trust level. You'll see why in a moment.
Because when these trust levels are set, you can tell Zscaler to make actions based on these trust levels. So now CimTrak scans the box. It fails.
It's not good. It's not hardened. It's not compliant.
We'll look at that seconds later. CimTrak updates the ZIA trust level. Well, what happens now? Well, in a medium trust level, we can issue some warnings when they go access their production applications.
Watermark, show what time, what user, what IP. Your system's messed up. You can't access it.
You're in isolation mode. Too bad. But if it's even worse, if it's in low trust, you can just block it entirely.
You don't even get to connect. Here's an error. Go talk to the IT team.
But that's an example of automating security. What about Zscaler itself? What if that configuration changes? We can even capture that too. So kind of like when we go monitor files, we can tell CimTrak to monitor Zscaler settings, whichever ones we want, probably all of them.
Enter in some API keys, choose what you want. CimTrak will baseline it. Now we go make changes in ZIA.
I deleted a real user. Now he can't access his apps or do his job. Here, CimTrak sees that.
Unlike a file alert, now it shows an admin user alert that this user has been removed from the environment. You may not have learned about that change until he goes and logs in, tries to complain that he can't. Now we can learn about this stuff when it happens and take action.
And most people are required to report on their cloud tool configurations per NIST 800-172. And we can do that, whether it's for Zscaler, Okta, Meraki, Windows, Linux, all these things that we can baseline, we can offer reports for. What is my configuration today? What is it tomorrow? How has it changed? And is it good? And is it bad? One last comment I missed, I realized, back to the SharePoint example.
Since they do provide the known hashes that were involved in that compromise, something else we can utilize is CimTrak's deny list. Providing the ability ahead of time to let CimTrak know that I know these files are bad. And if you see them anywhere, let me know so I can take action, whether it comes up in the future, or if it was on my system right now and we see it.
So you can enter in your own manual entries to this blacklist, or we can fulfill this by learning data from Threat Intelligence Services, File Reputation Services, and autofill this list to identify newly discovered threats being discovered in the world today, just like this SharePoint example that happened over the weekend. I'm gonna take a pause and switch it over to Rob for questions, topics, and more discussions.
Robert: Thank you, Justin.
At this point, I think you've seen unprecedented reliability, unprecedented resiliency, unprecedented visibility, and we've done it in an incredibly simple to deploy manner. So I think Justin's demo shows some incredibly powerful scenarios, including the brand new SharePoint exploit, which literally impacted hundreds of federal systems over the last three days. So I appreciate everyone's time, and now we're just opening it up for questions.
Any questions out there? Well, while questions start rolling in, Justin, can you show a little bit more about some of the reporting that we can do, perhaps 853, and how simple it is to actually get insight into what actually has to be done in terms of STIGs?
Justin: Yeah, whether it's NIST 853, 171, NIST CSF, or many other compliance frameworks out there, since we're checking the system settings based on these benchmarks, which checks how hardened these hosts are, we can utilize that data and just do another comparison to easily report on, are these the settings that XYZ framework wants, NIST 853 wants? You know, kind of utilizing both the integrity side and the compliance side of this to show evidence to the auditor that you're doing what NIST 853 wants, whether it comes down to baselining requirements, integrity monitoring, system integrity requirements, and of course, hardening requirements.
Robert: All right, and I see a question here. How does CimTrak scale, and what operating systems does it support? Justin?
Justin: We support a ton of operating systems.
The primary backend database is Windows or Linux, but our agent-wide coverage, Windows, Linux, AIX, Solaris, Mac, FreeBSD, multiple architectures even, like a new Silicon, a Mac, or 64-bit, 32-bit. And then for cloud, local, or hybrid, it really just comes down to communication. You know, if you have systems in your local office and in the cloud, you know, your firewall can allow communication to allow both these sources talk to a single CimTrak server.
And also, CimTrak can even monitor the configuration of your cloud, AWS, Google, Azure. You know, when people make changes in these cloud environments that affects your VMs, we can capture change there as well.
Robert: All right, I see another question here.
My agency leverages CIS benchmarks, not just the STIGs. Do you support it and are they up to date?
Justin: Yes, we include both CIS and just the STIGs. And it's funny you ask that, you know, whether it's fresh install or not, you can download the latest versions of these benchmarks from CimTrak as we have a very close partnership of both.
So the day when Windows 2025 benchmark came out, we were the first tool to be able to have it, receive it, and offer it to clients without even an upgrade. And that continues to happen day in and day out because just like over the weekend, stuff changes. Operating systems evolve, they get patched, the cybersecurity landscape changes.
And as it does, we're going to receive these new hardening standards on the day of release. So you can deploy them and integrate them as soon as possible.
Robert: Great. And there was a question here about network devices, Juniper devices in particular.
Justin: Okay. Yeah, we support Juniper, JunOS, ScreenOS, and a ton of other network devices.
The idea is the same. We just need to log in over SSH because we can't install an agent on it. So it's a credential scan.
We gather the configuration, see when it changes, and give you that same side-by-side comparison to see exactly what's changing on that Juniper.
Robert: Right. And one other question, I think this might wrap it up. There's a question about the SharePoint example. They're saying that you're showing it now after the, we all know about the SharePoint event. What would you have shown before the actual, before it was actually known to the public?
Justin: Well, it actually would have been exactly the same.
The only differences, because I was trying to show for demonstration purpose, that compromised file was highlighted red on my screen because today it's known, but three days ago it wasn't. So the only difference is it wouldn't be red, but we still have the full forensic details that the fact that this file was added, what user, what process, what privilege, what time in real time learning about this rather than 200 days later.
Robert: Right. Oh, there's one more question here. This is about resources. The question is, my team has been reduced in size. What amount of effort is required in order to use this product?
Justin: Oh, yeah. Deployment installation is super easy. Honestly, it takes probably a total of five minutes to get all the installers ran and deployed. At that point, it's using deployment tools to push agents out, which we have silent installed scripts for you. And then doing the configuration in our council, which we have bulk operations for to easily manage the entire environment with just a couple of clicks for all of our most common actions. So it's very simple, quick and easy.
You know, to be honest, I can get people set up with a POV installed and about 90% trained on the whole product in about an hour or two.
Robert: That's very good. Okay. Well, I don't see any more questions rolling in. I appreciate everyone's time. Again, my name is Robert Johnson and I'm the CEO of Cimcor.
And again, that is Justin. We're both open to answering any additional questions that may come to mind after the webinar's over. And with that, I will turn the floor back over to our host.
Madeline: Thank you again to our speakers, Robert and Justin for being with us this afternoon and all of our participants who joined us today. For those who met the CPE requirements today, you will receive your certificate of completion within two weeks. We hope the webinar has been helpful for you and your organization.
As a reminder, everyone will receive a recording of the presentation in a follow-up email. If you have any further questions, please don't hesitate to call us or email us. Thank you and have a wonderful rest of your day.
