New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
ACC Capital Holdings (ACH)
Background: ACC Capital Holdings (ACH), headquartered in Orange, California, is a national mortgage lender committed to helping Americans reach their financial goals and achieve their home ownership dreams. To fulfill that mission, ACH originates and services home mortgage loans through offices across the United States. The ACH family of companies includes Ameriquest Mortgage Company, Argent Mortgage and AMC Mortgage Services. One of the first companies in its industry to create innovative processes to expand its business, ACH has made major investments in technology and information security.
Background: ACC Capital Holdings (ACH), headquartered in Orange, California, is a national mortgage lender committed to helping Americans reach their financial goals and achieve their home ownership dreams. To fulfill that mission, ACH originates and services home mortgage loans through offices across the United States. The ACH family of companies includes Ameriquest Mortgage Company, Argent Mortgage and AMC Mortgage Services.
One of the first companies in its industry to create innovative processes to expand its business, ACH has made major investments in technology and information security.
Challenges - Controlling Users Activity: ACH’s business requires strict control over endpoint compliance and the use of a number of client-based solutions that monitor and report on endpoint activity to ensure company policies and procedure are followed. In an organization as large as ACH, users are dispersed geographically, making it difficult to monitor them or know their endpoint installation. In addition, the ability to inspect each endpoint in-depth and identify the actual or historical presence of specific endpoint items was missing. Specific items included a new start-up application or command, unfamiliar processes or applications that users accidentally or maliciously added to their workstations. Promisec’s solution was to quickly identify issues by running a Spectator evaluation in a sample environment. Workstations with unapproved applications were highlighted in the report, as were files and processes that provided evidence to possible misuse or security breach. Without the ability to retrieve such information, it is difficult to address a breach with the best solution. Detailed forensic information of weaknesses and incidents is a requirement to manage endpoint infrastructure to prevent breaches from occurring, and to minimize damage and identify the breach origin.
Solution provided by Promisec: Spectator Professional – Clientless Endpoint Security Management: ACH evaluated Spectator Professional because of its clientless approach to detecting potential endpoint weaknesses and the depth and granularity offered by its endpoint inspection. Spectator offers a comprehensive endpoint security management solution that does not deploy any type of client on the inspected host machines. Designed to be installed on any point in the network that has the domain rights to all endpoints, Spectator has clear advantages over similar Gateway and client-based solutions. Its unique features offer remote problem remediation and around-the-clock monitoring of deviations from the predefined baseline. Although ACH has a number of endpoint security solutions addressing most of its needs, it found that Spectator offered complementing functionality to its existing security posture that ensured the availability of those existing solutions. Spectator’s inspection capabilities probe deep into each endpoint to identify missing hotfixes, service packs and updates to the operating system. Rogue processes, applications and services that should not be present, as well as any type of file defined by solution administrators, are also flagged. Additionally, Spectator stores configurations set by administrators who define a baseline of authorized applications, services, processes and start-up commands for each user group. Each user group has a different set of authorization rules enforced by Spectator to point out any deviation directly to the administrator. Automatic enforcement of an endpoint’s operation can also function using Spectator’s Registry wizard. The wizard defines registry data and values for specific applications so that if any are changed, Spectator will automatically change them back. Further benefits to security administrators included Spectator’s forensic ability that detects historical use of applications and devices—not just those that existed during inspection. This provided insight into the cause of security events, where they may have originated and through what process. Spectator Professional undoubtedly proved itself as a highly valuable solution in identifying endpoint misuse, even after an event may have occurred.
Solution provided by Promisec: Spectator Professional – Clientless Endpoint Security Management: ACH evaluated Spectator Professional because of its clientless approach to detecting potential endpoint weaknesses and the depth and granularity offered by its endpoint inspection. Spectator offers a comprehensive endpoint security management solution that does not deploy any type of client on the inspected host machines. Designed to be installed on any point in the network that has the domain rights to all endpoints, Spectator has clear advantages over similar Gateway and client-based solutions. Its unique features offer remote problem remediation and around-the-clock monitoring of deviations from the predefined baseline. Although ACH has a number of endpoint security solutions addressing most of its needs, it found that Spectator offered complementing functionality to its existing security posture that ensured the availability of those existing solutions.
Spectator’s inspection capabilities probe deep into each endpoint to identify missing hotfixes, service packs and updates to the operating system. Rogue processes, applications and services that should not be present, as well as any type of file defined by solution administrators, are also flagged. Additionally, Spectator stores configurations set by administrators who define a baseline of authorized applications, services, processes and start-up commands for each user group. Each user group has a different set of authorization rules enforced by Spectator to point out any deviation directly to the administrator. Automatic enforcement of an endpoint’s operation can also function using Spectator’s Registry wizard. The wizard defines registry data and values for specific applications so that if any are changed, Spectator will automatically change them back. Further benefits to security administrators included Spectator’s forensic ability that detects historical use of applications and devices—not just those that existed during inspection. This provided insight into the cause of security events, where they may have originated and through what process. Spectator Professional undoubtedly proved itself as a highly valuable solution in identifying endpoint misuse, even after an event may have occurred.
Summary: At ACH, Spectator Professional is used to identify rogue applications, processes, start-up commands and services beyond those approved. It is the organization’s primary tool for user-defined compliance. Spectator alerts on items not included in the baseline of an inspected user group, offering remote remediation to resolve the problem. Depending on the item found, remediation would differ from eliminating processes to uninstalling applications. The reports provided by Spectator offer full detailed analysis of events, showing times of use, hostname and IP address. The speed of installation and rollout gave ACH these results within minutes, which meant no time wasted on client deployment to all nationwide endpoints. During these tests, enhanced levels of endpoint hardening were identified by Spectator and employed by ACH. Spectator Professional is employed at ACH for two purposes: forensic analysis within the incident management field and monitoring of the baseline deployed to each disparate user group. Although the solution offers more, ACH has added functionality covered by other solutions, which Spectator also offers and can provide a back-up if necessary. The Incident management team runs Spectator on ad hoc to inspect deep into workstations for specific weak links in the network. ACH employed the User Defined module to identify specific objects which were plugged into the “black list” so that alerts would trigger when any one of the items were found in the network. Spectator provides a database of threats as part of the solution, for example, all types of P2P applications, such as file sharing, instant messenger and Internet telephony, remote PC applications and hardware that should not be used on company machines, especially modems. It also provides a User-Defined module offering an administrator flexibility to define known threats that, if found, will be alerted for timely resolution. ACH uses Spectator to complement its existing endpoint security solutions to provide more in-depth inspection and act as a primary solution to monitor applications, processes and start-up commands. ACH is impressed by the power and flexibility of Spectator Professional to provide the functionality needed without a heavy overhead of deploying clients to its machines. Stephen Charles, senior information security engineer at ACH, said, "The support received from Promisec has been immensely valuable. The staff is readily available to answer any questions we have about Spectator and its functionality. Their professionalism has exceeded our expectations." Spectator Professional is now an integral part of ACH’s security infrastructure, providing complete transparency to activities on its endpoints. This creates a platform for other endpoint security solutions to rely upon, knowing that Spectator maintains their availability and integrity at all times.
Summary: At ACH, Spectator Professional is used to identify rogue applications, processes, start-up commands and services beyond those approved. It is the organization’s primary tool for user-defined compliance. Spectator alerts on items not included in the baseline of an inspected user group, offering remote remediation to resolve the problem. Depending on the item found, remediation would differ from eliminating processes to uninstalling applications. The reports provided by Spectator offer full detailed analysis of events, showing times of use, hostname and IP address. The speed of installation and rollout gave ACH these results within minutes, which meant no time wasted on client deployment to all nationwide endpoints. During these tests, enhanced levels of endpoint hardening were identified by Spectator and employed by ACH.
Spectator Professional is employed at ACH for two purposes: forensic analysis within the incident management field and monitoring of the baseline deployed to each disparate user group. Although the solution offers more, ACH has added functionality covered by other solutions, which Spectator also offers and can provide a back-up if necessary.
The Incident management team runs Spectator on ad hoc to inspect deep into workstations for specific weak links in the network. ACH employed the User Defined module to identify specific objects which were plugged into the “black list” so that alerts would trigger when any one of the items were found in the network.
Spectator provides a database of threats as part of the solution, for example, all types of P2P applications, such as file sharing, instant messenger and Internet telephony, remote PC applications and hardware that should not be used on company machines, especially modems. It also provides a User-Defined module offering an administrator flexibility to define known threats that, if found, will be alerted for timely resolution. ACH uses Spectator to complement its existing endpoint security solutions to provide more in-depth inspection and act as a primary solution to monitor applications, processes and start-up commands.
ACH is impressed by the power and flexibility of Spectator Professional to provide the functionality needed without a heavy overhead of deploying clients to its machines. Stephen Charles, senior information security engineer at ACH, said, "The support received from Promisec has been immensely valuable. The staff is readily available to answer any questions we have about Spectator and its functionality. Their professionalism has exceeded our expectations."
Spectator Professional is now an integral part of ACH’s security infrastructure, providing complete transparency to activities on its endpoints. This creates a platform for other endpoint security solutions to rely upon, knowing that Spectator maintains their availability and integrity at all times.
Promisec Ltd. Moshe Levi 11 st. UMI Building Rishon Le Zion 75658, Israel Tel: +972-3-9519533
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
