Boardroom
CrossTec Corporation

 

In the Boardroom With...
Jeff Richards
VP Security Sales
CrossTec Corporation

SecurityStockWatch.com: Thanks for joining us today, Jeff. Please give our audience an overview of your background and your role at CrossTec.

Jeff Richards: I have been in the technology space with CrossTec for 9 years now beginning as Director of Channels, then General Manager of an affiliate company, and most recently VP of Security Sales. I have direct responsibility for development of the security sales segment of our business, including domestic sales and foreign channels.

SecurityStockWatch.com: CrossTec's Activeworx Security Center is a security event management system for government agencies, commercial enterprises, and educational institutions. Please give us an overview of Activeworx and its' key advantages?

Jeff Richards: Activeworx provides a vast, moderately priced Security Information and Event Management (SIEM) feature set including real-time monitoring, forensic analysis, and detailed reporting. This amount of functionality is typically offered in the SIEM space by appliance based solutions at price points that are very often 10 times our cost. At the heart of Activeworx is the powerful Activeworx Event Framework (AEF) which recognizes, normalizes and compiles event data from various vendor devices such as Firewalls, IDS, IPS, Syslog, SNMP, Vulnerability Assessment, Antivirus, Routers, Switches, VPN's, and Windows Event Logs, into one real time database. Working in conjunction with the AEF, the Correlation Engine is the most powerful of ASC's many features. The correlation engine adds intelligent automation to the AEF's centralized, normalized data using simple flow chart symbols to create complex rules that have the ability to correlate against existing data and additional events. When a suspect event is detected at one device, the software takes action based on those rules to check other security information in the system to help verify that a threat is real, and if so alerting security personnel of this actionable item.

In short, Activeworx supplies you with detailed security alerts, vital reports for investigations and regulatory compliance and deep forensic tools. ASC's intuitive design is both easy to install and easy to use offering you mission-critical security tools at an affordable price.

SecurityStockWatch.com: In the Government market, CrossTec has had impressive wins with every major branch of the U.S. Military, the Department of Defense, FBI, FEMA, FAA, FCC and numerous others. Without divulging any confidential or sensitive information, please give our audience an overview of the solutions Activeworx has provided to the US Government sector?

Jeff Richards: As you might imagine, compliance and reporting are huge issues in the Government sector. With Activeworx we are able to help agencies sort out the huge amounts of raw security data that they are faced with every day. Security for these agencies, as well as for many publicly traded companies, is difficult. First they need to be secure, but they also have the added burden of proving that they are secure. Activeworx helps them solve that riddle. In fact just this month we had big win providing regulatory help at a 9 site Army medical installation distributed around the country.

SecurityStockWatch.com: What about wins at the State and Local level? Are there one or two success stories you'd like to talk about?

Jeff Richards: Yes. These are tough times at the state and local level, and with great open source tools out there like Snort, NMap, and Nessus, many agencies have a large investment in the open source world for their security needs. Our price point and modular licensing, along with our dedication to open source support make us a natural fit in this environment. To give one instance one large western state, that for cost purposes utilizes open source tools along side commercial security devices, recently chose us to help manage their entire open source IDS log environment statewide. For an affordable price, they were able to turn their open source IDS install into a centralized, actionable tool that can be correlated against their other commercial products. In this circumstance ASC helped them fuse their commercial devices with their very cost effective open source tools into an overall security posture.

SecurityStockWatch.com: Let's turn to the enterprise verticals for a moment. Are there success stories in the finance, healthcare, and other verticals you'd like to mention?

Jeff Richards: Since the beginning of the year we have had wins in finance and banking with a large financial institution in Atlanta, in healthcare systems in Alabama and Washington State among others, in manufacturing with a key segment of a Fortune 5 company, one of the largest health insurance providers in the nation, international B2B consulting, in retail in one of the largest theater chains in the country, several installations in higher education, and of course with our key partners in the MSSP space.


SecurityStockWatch.com: We see that CrossTec recently received nine (9) nominations for best software solutions available to educational facilities and that Michigan State University recently selected Activeworx Security Center for security event management at one of its main data centers. Is the education market a key focus for CrossTec?

Jeff Richards: Education, like state and local government, is very tied to the open source world for their security tools so again we are a perfect fit here. But colleges and universities also have the added responsibility of credit card or PCI compliance. In higher education today kids can use credit cards to pay for everything from soda and pencils to books and rent - and institutions are required to both secure this credit card data as well as report on that security. ASC's extensive reporting capabilities are proving crucial to colleges and universities in the fight to stay PCI compliant. Taking Michigan State as an example, ASC allows the university to store information on security events from multiple vendors in a single database making it easier to utilize the information for monitoring, alerting, forensics, and specifically PCI compliance reporting. This is both a huge time saver for them, as well as helping mitigate the risk of credit card data theft and credit card industry sanctions.

SecurityStockWatch.com: Any success stories you'd like to mention in the International market?

Jeff Richards: Yes, absolutely. We recently inked distribution deals with Richmond Systems in the UK, Checkmark Technologies in Australia, and MIEL eSecurity in India and the Middle East in our effort to better service our international markets. These companies have long track records in technology and these deals, along with other signings in the works, will dramatically increase our exposure around the world. In addition we recently signed an enterprise deal with a major international hotel chain as well as providing IDS support for a large European cell phone carrier.

SecurityStockWatch.com: Government mandates and new legislation are driving public and private sector enterprises to improve the security of their networks. Recent Federal regulations such as: Sarbanes Oxley, HIPAA, GLBA, and PCI, among others, are surely market drivers for the Activeworx solutions right now. Please give us an overview of these regulations.

Jeff Richards: These acts are certainly market drivers that compel companies to secure and report on their data in some manner. For instance the Sarbanes-Oxley Act of 2002 or SOX was passed in response to a number of major corporate and accounting scandals involving prominent companies. The act specifically charges Chief Information Officers with the security, accuracy, and reliability of the systems that manage and report accounting and financial data. HIPAA (Health Insurance Portability Act) includes a provision that requires the technical safety of Protected Health Information (PHI), specifically that information systems housing PHI be protected from intrusion and that medical institutions must have a log of access to PHI. GLBA or the Gramm, Leach, Bliley Act for financial institutions contains a provision that compels the security and proof of security of consumer financial records. PCI or Payment Card Industry compliance, although not governmental, requires that companies adhere to a specific set of information security requirements or risk heavy fines and face the possibility of becoming barred from processing credit card transactions. Among the requirements are to maintain a firewall and intrusion detection system, and to monitor file integrity including non-data files.

All of these compliance standards involve real jeopardy for companies that are not able to collect and report on their security device logs.

SecurityStockWatch.com: Event management and incident response are primary mitigation tools that help identify and contain hacking, worms, or other attacks on a network. Still, many organizations have not yet developed an incident response plan to act on security breaches. How can organizations build intelligence from their security events to help them respond to attacks as they are happening?

Jeff Richards: From a SIEM perspective it boils down to the identification of threats and response. I think SIEM can help someone achieve valid identification and quick response in three ways. First, I think it is vital to have a structure in place to see your events quickly. Secondly, you need the ability to intelligently decipher the real threats from the false so that you can decisively deal with security breaches. Thirdly, in the event of a breach, you need the ability to track intruders via your security event information. Activeworx Security Center's passive event collectors listen for security event traffic as they happen, searching for events of interest from all security devices. As these events occur within differing devices, ASC's correlation engine gives a security administrator the ability to reach across security event sources like IDS, firewalls, or other host systems, to apply rules to a set of events that help an admin decipher when an event is a real threat. Identifying real threats is vital. Attempting to determine the validity of threats from raw data, without having the ability to reference other security sources will either lead to an overly sensitive security posture, which may hamper the everyday business of a network, or more likely lead to a posture of no response at all until a security breach causes some level of damage or theft. Once an event is deemed a real security threat, an admin can take corrective action but beyond that an admin can use ASC to track stored events backwards to find out what, if anything has been compromised.

SecurityStockWatch.com: Please tell us CrossTec's key strategic relationships and the Company's partner channel network.

Jeff Richards: CrossTec has an award winning channel program consisting of 300+ partners worldwide covering a multitude of verticals. CrossTec has always been committed to our channel, and these partnerships serve to strengthen our ability to service our North American, international, and multi-national customers. One new alliance I am particularly proud of is our strategic partnership deal with Richmond Systems in the UK. Richmond has been a help desk, education, and security distributor for 15 years and services hundreds partners across Europe as well as providing direct sales and technical support. They are also developers of a moderately priced, large scale Service Help Desk product that integrates with ASC, as well as other products in CrossTec's broad network offering, tying in all facets of network administration.

SecurityStockWatch.com: What resources; such as newsletters, case studies, and white papers, are available at www.CrossTecCorp.com for end-users?

Jeff Richards: We have a wide variety of white papers and case studies on our website www.CrossTecCorp.com. One very interesting case study in particular details how Protect Point, a large southern MSSP, uses Activeworx in their environment to manage the security posture of their 300 customers.

SecurityStockWatch.com: Thank you very much for your time today, Jeff. Is there any other subject you would like to talk about?

Jeff Richards: Yes, as a service to the public we offer regularly running webinars that not only educate the public on ASC and SIEM in general, but also their use in real world applications like PCI compliance or attack detection. If a company is facing security or compliance issues these webinars can help make some sense out of what you are up against. You can find our webinar schedule as well as a free evaluation copy of ASC on our website, www.CrossTecCorp.com. Thanks for having me.