New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
David Meltzer, Using change detection to dramatically improve enterprise security and compliance
In talking to many CISOs, Directors of Security, and Security Managers, David learned that their jobs were undergoing a transformation. Historically, these professionals were responsible for keeping their networks secure. However, over the last few years, their roles had been expanded to include ensuring compliance with external regulatory standards and corporate policies along with overall network security. With these added responsibilities, these security teams needed visibility into what was on their networks, how those assets were changing, and whether all the assets on their networks were in compliance with external policies. Further, they needed a way to demonstrate compliance to internal stakeholders and external auditors. But they faced some daunting challenges in achieving these goals. For instance, many of the products that are on the market today are snapshot software products, meaning that they provide a single picture of what a network looks like at a single point in time. The problem is that these products don’t always show everything that an IT security professional needs to know. If someone does a periodic network inventory assessment, for instance, s/he’s going to miss assets that are turned off when the assessment is done. In fact, depending on the size of a network and the nature of a company’s business, a reasonably large number of assets may not even be present during a periodic assessment. In addition, networks change constantly, making manual policy enforcement all but impossible. Change can take many forms: users installing new applications, users opening file shares or turning off agents, to name a few. Change also compounds the snapshot issue mentioned above. The minute after a “snapshot” of the network is taken, the network has probably evolved so quickly that the snapshot is already obsolete. Finally, preparing for audits is expensive—it’s often a manual, time-consuming process. David talked to many companies whose IT security professionals have prepared for audits by wandering around with clipboards and spreadsheets. This process is also made more expensive because of the constant change on a company’s network.
In talking to many CISOs, Directors of Security, and Security Managers, David learned that their jobs were undergoing a transformation. Historically, these professionals were responsible for keeping their networks secure. However, over the last few years, their roles had been expanded to include ensuring compliance with external regulatory standards and corporate policies along with overall network security.
With these added responsibilities, these security teams needed visibility into what was on their networks, how those assets were changing, and whether all the assets on their networks were in compliance with external policies. Further, they needed a way to demonstrate compliance to internal stakeholders and external auditors.
But they faced some daunting challenges in achieving these goals. For instance, many of the products that are on the market today are snapshot software products, meaning that they provide a single picture of what a network looks like at a single point in time. The problem is that these products don’t always show everything that an IT security professional needs to know. If someone does a periodic network inventory assessment, for instance, s/he’s going to miss assets that are turned off when the assessment is done. In fact, depending on the size of a network and the nature of a company’s business, a reasonably large number of assets may not even be present during a periodic assessment.
In addition, networks change constantly, making manual policy enforcement all but impossible. Change can take many forms: users installing new applications, users opening file shares or turning off agents, to name a few. Change also compounds the snapshot issue mentioned above. The minute after a “snapshot” of the network is taken, the network has probably evolved so quickly that the snapshot is already obsolete.
Finally, preparing for audits is expensive—it’s often a manual, time-consuming process. David talked to many companies whose IT security professionals have prepared for audits by wandering around with clipboards and spreadsheets. This process is also made more expensive because of the constant change on a company’s network.
Name: David Meltzer Title: Founder and Chief Technology Officer (CTO) Likes to be called: Dave Company: Cambia Security, Inc.
To solve these challenges, David applied two distinct technologies with which he was intimately familiar from previous software development experience—active network scanning and passive network monitoring—and fused them together to create a single new polymorphic scanning technology. This new technology, the basis for the Cambia’s security policy enforcement software, Cambia CM, is able to uniquely assess compliance with security policies automatically, continuously, and without requiring any agent installations. Cambia CM brings two critical benefits to customers: it safeguards the integrity of network asset configurations while dramatically reducing IT security audit preparation time through its continuous, change-centric process. The three phases in this process are: Discover: Cambia CM continuously discovers: all IP-addressable assets that are active on a network (including servers, desktops, laptops, routers and switches), the detailed configuration of each asset, and how this asset inventory is changing Examples of changes that Cambia CM detects include installation of unauthorized software, the absence of necessary software patches, rogue or new device entry onto the network, and file level changes. Analyze: As assets join and leave the network, as users install new software and disable mandatory modules, as networks change, Cambia CM continuously analyzes each asset against security policy. Each and every change is assessed for security risk and compliance impact, including registry settings, file share permissions, file integrity, user access levels, security vulnerabilities, OS and application patch levels, and application mis-configurations. Because the analysis is continuous, administrators always have a real-time view of compliance status. Enforce: With automated or administrator-approved remediation capabilities, Cambia CM helps ensure that security compliance levels are maintained at consistently high levels. Cambia CM also offers integration with a variety of management infrastructure components (such as trouble ticketing systems and vulnerability assessment tools), provides a prioritization framework for scheduling remediation efforts, and ships with a real-time compliance reporting infrastructure. A Breakthrough in Security and Compliance David’s development of Cambia CM was a breakthrough in the security and compliance software market because of two severe limitations inherent in existing systems which provide assessments of security: either these systems require an installation of a software product on every device to be protected, an agent-based approach, or they provide only periodic snapshot assessments. David has instead built a continuous, agentless system that provides this assessment. In this way, Cambia CM, which can monitor thousands of devices from a single point on the network, requires only one installation of software to be effective, rather than thousands of installations, an improvement of several orders of magnitude. In the second regard, Cambia’s continuous monitoring detects changes in time spans ranging from instantaneous to within a period of a few minutes after they occur. This compares to existing processes that typically detect such things within a few days to a few weeks after the actual occurrence. In this way, Cambia has improved upon the state of the art by several orders of magnitude. The combination of these two core innovations by Cambia, both improvements of orders of magnitude from the existing conventional techniques, is a revolutionary change. Bringing Cambia CM to Market David founded Cambia Security, Inc. as a way to bring his breakthrough technology to enterprises. An experimental prototype version of Cambia CM was released to public beta in 2004 under the name Intrusec Exposé. It received more than 50,000 downloads and was featured on TechTarget Television as the first product of its kind to offer continuous discovery of network inventory and asset configuration. David raised a small angel round of funding and was accepted to the nationally recognized science and technology incubator, the Advanced Technology Development Center (ATDC), headquartered at the Georgia Institute of Technology. More than 100 companies have emerged from ATDC, including MindSpring Enterprises, which is now part of EarthLink. In addition, ATDC has also been recognized by Inc. Magazine as one of the nation's top non-profit incubators. Incorporating feedback from the public beta, the enterprise version of Cambia CM shipped in December of 2004. Then, with the support of ATDC staff, David raised a venture round of funding from JK&B Capital. JK&B Capital is a venture capital firm focused in the software, IT and communications markets with over $900 million of capital under management. With venture funding secured and a product ready to sell, David was able to recruit top executive talent to take Cambia to the next level. The first was Joan Herbig, who joined as President and CEO. Joan was the driving force behind the re-emergence of XcelleNet after its divesture from Sterling Commerce in early 2000. She steered the company into aggressive pursuit of opportunities in the emerging mobile and wireless technology market, which led to its acquisition by Sybase in 2004. The next executive hires were Jethro Felton, the Vice President of Sales and Business Development, and Mark Wood, Vice President of Product Management and Marketing. Prior to joining Cambia, Jethro was Sr. VP of Worldwide Sales and Business Development at XcelleNet and brings more than 25 years of software industry sales experience to Cambia. Mark has more than 19 years of experience; he was Vice President of Product Management for EzGov, Inc and Director of Product Management at Internet Security Systems (ISS), where he had responsibility for all of the company's products and managed the entire product management department. During the first half of 2005, several companies joined the ranks of Cambia customers. In September of 2005, passive network discovery was added to the product. Cambia CM became the first product of its kind to offer integrated, continuous active and passive network scanning. In October of 2005, Cambia brought on Steve Ethridge as Vice President of Engineering. Formerly Director of Product Development with Lancope, Ethridge brings more than 20 years experience in software engineering and technical management. He now leads the organization that develops, tests and supports the market releases of the Cambia CM system. In May of 2006, Cambia engineers added a sophisticated compliance analysis capability to the product. This involved creating a policy language based on the emerging Open Vulnerability Assessment Language (OVAL) standard and translating several well-known prescriptive asset configuration policies into this new language. Cambia CM now ships with a library containing more than 1000 prescriptive asset configuration tests and has 2 patents pending for its core technology, Real-Time Change Detection For Network Systems. David, in the role of Founder and CTO at Cambia, evangelizes the power of Cambia CM in speaking engagements as well as with prospects, and he continues to lend his technical expertise to the advancement of Cambia CM. Cambia CM Architecture To understand the significance of David’s development, it’s helpful to delve into the details of the software. The Cambia CM system that David developed consists of four primary components: 1) the differential detection engine(s); 2) the management server; 3) the database; and 4) the user console. Differential Detection Engine The differential detection engine (DDE) is Cambia’s light-weight network scanning application that operates on a continuous basis, looking for changes to the scanned asset and the network itself. These engines are distributed through the network infrastructure and scan for a variety of system characteristics. The differential detection engine is the only product on the market to interweave active and passive scanning technologies for maximum effectiveness. It unites the benefits of both scanning approaches with directed signature-based scans (by invoking third-party vulnerability scanners) and a continuous operations loop. Via passive scanning, each engine listens to the local network segment and monitors traffic related to the target IP address range. Each engine listens for indications that a change has occurred to the monitored assets. This passive monitoring detects new devices appearing on a network, new network services being offered by an existing asset, and network-aware applications (such as IM) actively running on monitored assets. Passive detection requires the use of a span port in a switched environment. Passive detection of a change triggers an active scan of the changed asset to gather in-depth information. All results are sent to the management server for processing. Via active scanning, the DDE examines the entire target network segment, using a ping sweep of the designated IP space to look for hosts. The DDE actively scans any host in the designated range to which it has TCP/IP connectivity, even across routers and switches. Once discovered, each system is actively scanned by the DDE for inventory information and changes. During active scanning of Windows systems, Cambia CM uses either administrator privileges for either the host or the domain, or uses Windows trust characteristics. Once logged in, the distributed differential engine looks for changes, including changes to the system registry, file system, user permissions, and running services. An active scan is valuable because it provides greater detail and easier deployment scenarios. However, a passive scan can provide more real-time data, makes more prudent use of network bandwidth, and sees everything that happens on the network, even if it is outside the normal purview of an active scan. By combining the benefits of both with signature-based scanning and continuous operation, polymorphic scanning offers the most effective and efficient network discovery and inspection on the market today. As mentioned above, the differential engine uses continuous polymorphic scanning to identify assets on the network as well as the configuration of those assets, including Network configuration (e.g., IP address, MAC address, open ports) Operating system details (e.g., OS type, OS version, patch level, user settings, accessible management protocols) Application details (e.g., applications installed, versions, patch levels, configuration settings). However, the extensible architecture of the DDE also permits the seamless addition of scan modules to dive deeper into specific applications. Scan modules are currently available for specific types of network devices, applications, and servers, such as: Routers and switches – Monitor for changes to routing tables, VLANs, interface configurations, and other network device settings. Anti-virus – Monitor for removal or disabling of anti-virus software and for the presence of the most recent signature update. Management Server The management serveris a Windows-based application that embodies the heart of the Cambia CM system. The management server collects information from the distributed differential engines deployed across the organization and identifies all changes to the configuration of network assets. Note that the definition of “change” can be quite broad and is an aspect of the system that administrators can configure. With the proper credentials and access, Cambia CM can detect virtually every change on a networked asset, down to the level of changes on individual files. Administrators can configure the system to detect the appropriate level of change. When a change has been detected and it merits further analysis, Cambia CM initiates a signature-based scan focused on the affected asset only. The results of the scan are integrated into Cambia CM’s database for further analysis. As noted, Cambia CM makes use of third-party signature-based vulnerability scanners to conduct the detailed change scans. After the change has been analyzed, it is prioritized according to a risk quotient algorithm. Since this algorithm takes asset business value into account, it is possible for administrators to harmonize remediation efforts with business priorities. Once a change has been detected, analyzed, and prioritized, the management server notifies the appropriate administrative entities. Cambia CM is designed with extensibility in mind, incorporating a foundational framework that allows for the rapid integration with third-party applications. The system can also: Issue an SNMP trap describing the event; Issue an XML message describing the event; Execute any local system command; Be configured to open a trouble ticket with a variety of systems. The availability of this data set for each event facilitates integration with network management systems, ticketing systems, and security information managers (SIMs). Database Server and User Console The Cambia CM system is Windows-based and uses Microsoft SQL Server as its production database. The Cambia CM Consoleis a dedicated Windows application used to configure and monitor the Cambia CM system. The console handles all management functions, displays and reporting for the Cambia CM system. Why Customers Choose David’s Technology Companies use Cambia CM for a variety of security- and compliance-related applications. Cambia CM customers typically use the software to accomplish any of three distinct goals: Security Policy Compliance Cambia CM provides visibility and control into the assets on a network and how they are configured. Enterprises need this increased visibility and control for security and compliance purposes – either to establish or refine a security ‘best practices’ process or to comply with an external mandate. Either way, Cambia CM can automate and accelerate much of this security compliance process. Rogue Device Detection/Endpoint Security Other customers use Cambia CM’s continuous network inventory discovery capabilities to identify and scan new systems the instant they join the network. Assessment scans can be done with or without credentials and can involve a signature-based vulnerability scanner if desired. Administrators are notified about the appearance of non-compliant systems immediately so that appropriate actions can be taken. Change Process Validation Many companies have an established change management process. Unfortunately, this is not always a closed loop – companies do not know whether approved changes have been made in a timely fashion and if unapproved changes are taking place. Cambia CM records and analyzes all changes to inventory and asset configuration. These changes are compared with the authorized list of changes in a company’s change management system, and unauthorized changes are investigated to determine if they need to be rolled back. Major companies have chosen Cambia CM since the product’s launch in late 2004. David’s technical experience and expertise, the growth of Cambia Security and the trust major corporations have placed in his software illustrate that he is a leader who is shaping the information security marketplace, now and in the future.
To solve these challenges, David applied two distinct technologies with which he was intimately familiar from previous software development experience—active network scanning and passive network monitoring—and fused them together to create a single new polymorphic scanning technology. This new technology, the basis for the Cambia’s security policy enforcement software, Cambia CM, is able to uniquely assess compliance with security policies automatically, continuously, and without requiring any agent installations.
Cambia CM brings two critical benefits to customers: it safeguards the integrity of network asset configurations while dramatically reducing IT security audit preparation time through its continuous, change-centric process. The three phases in this process are:
Discover: Cambia CM continuously discovers:
all IP-addressable assets that are active on a network (including servers, desktops, laptops, routers and switches),
the detailed configuration of each asset, and
how this asset inventory is changing
Examples of changes that Cambia CM detects include installation of unauthorized software, the absence of necessary software patches, rogue or new device entry onto the network, and file level changes.
Analyze: As assets join and leave the network, as users install new software and disable mandatory modules, as networks change, Cambia CM continuously analyzes each asset against security policy. Each and every change is assessed for security risk and compliance impact, including registry settings, file share permissions, file integrity, user access levels, security vulnerabilities, OS and application patch levels, and application mis-configurations. Because the analysis is continuous, administrators always have a real-time view of compliance status.
Enforce: With automated or administrator-approved remediation capabilities, Cambia CM helps ensure that security compliance levels are maintained at consistently high levels. Cambia CM also offers integration with a variety of management infrastructure components (such as trouble ticketing systems and vulnerability assessment tools), provides a prioritization framework for scheduling remediation efforts, and ships with a real-time compliance reporting infrastructure.
A Breakthrough in Security and Compliance David’s development of Cambia CM was a breakthrough in the security and compliance software market because of two severe limitations inherent in existing systems which provide assessments of security: either these systems require an installation of a software product on every device to be protected, an agent-based approach, or they provide only periodic snapshot assessments.
David has instead built a continuous, agentless system that provides this assessment. In this way, Cambia CM, which can monitor thousands of devices from a single point on the network, requires only one installation of software to be effective, rather than thousands of installations, an improvement of several orders of magnitude.
In the second regard, Cambia’s continuous monitoring detects changes in time spans ranging from instantaneous to within a period of a few minutes after they occur. This compares to existing processes that typically detect such things within a few days to a few weeks after the actual occurrence. In this way, Cambia has improved upon the state of the art by several orders of magnitude. The combination of these two core innovations by Cambia, both improvements of orders of magnitude from the existing conventional techniques, is a revolutionary change.
Bringing Cambia CM to Market David founded Cambia Security, Inc. as a way to bring his breakthrough technology to enterprises. An experimental prototype version of Cambia CM was released to public beta in 2004 under the name Intrusec Exposé. It received more than 50,000 downloads and was featured on TechTarget Television as the first product of its kind to offer continuous discovery of network inventory and asset configuration. David raised a small angel round of funding and was accepted to the nationally recognized science and technology incubator, the Advanced Technology Development Center (ATDC), headquartered at the Georgia Institute of Technology. More than 100 companies have emerged from ATDC, including MindSpring Enterprises, which is now part of EarthLink. In addition, ATDC has also been recognized by Inc. Magazine as one of the nation's top non-profit incubators. Incorporating feedback from the public beta, the enterprise version of Cambia CM shipped in December of 2004. Then, with the support of ATDC staff, David raised a venture round of funding from JK&B Capital. JK&B Capital is a venture capital firm focused in the software, IT and communications markets with over $900 million of capital under management. With venture funding secured and a product ready to sell, David was able to recruit top executive talent to take Cambia to the next level. The first was Joan Herbig, who joined as President and CEO. Joan was the driving force behind the re-emergence of XcelleNet after its divesture from Sterling Commerce in early 2000. She steered the company into aggressive pursuit of opportunities in the emerging mobile and wireless technology market, which led to its acquisition by Sybase in 2004.
The next executive hires were Jethro Felton, the Vice President of Sales and Business Development, and Mark Wood, Vice President of Product Management and Marketing. Prior to joining Cambia, Jethro was Sr. VP of Worldwide Sales and Business Development at XcelleNet and brings more than 25 years of software industry sales experience to Cambia. Mark has more than 19 years of experience; he was Vice President of Product Management for EzGov, Inc and Director of Product Management at Internet Security Systems (ISS), where he had responsibility for all of the company's products and managed the entire product management department.
During the first half of 2005, several companies joined the ranks of Cambia customers. In September of 2005, passive network discovery was added to the product. Cambia CM became the first product of its kind to offer integrated, continuous active and passive network scanning.
In October of 2005, Cambia brought on Steve Ethridge as Vice President of Engineering. Formerly Director of Product Development with Lancope, Ethridge brings more than 20 years experience in software engineering and technical management. He now leads the organization that develops, tests and supports the market releases of the Cambia CM system.
In May of 2006, Cambia engineers added a sophisticated compliance analysis capability to the product. This involved creating a policy language based on the emerging Open Vulnerability Assessment Language (OVAL) standard and translating several well-known prescriptive asset configuration policies into this new language.
Cambia CM now ships with a library containing more than 1000 prescriptive asset configuration tests and has 2 patents pending for its core technology, Real-Time Change Detection For Network Systems. David, in the role of Founder and CTO at Cambia, evangelizes the power of Cambia CM in speaking engagements as well as with prospects, and he continues to lend his technical expertise to the advancement of Cambia CM.
Cambia CM Architecture To understand the significance of David’s development, it’s helpful to delve into the details of the software. The Cambia CM system that David developed consists of four primary components: 1) the differential detection engine(s); 2) the management server; 3) the database; and 4) the user console.
Differential Detection Engine The differential detection engine (DDE) is Cambia’s light-weight network scanning application that operates on a continuous basis, looking for changes to the scanned asset and the network itself. These engines are distributed through the network infrastructure and scan for a variety of system characteristics.
The differential detection engine is the only product on the market to interweave active and passive scanning technologies for maximum effectiveness. It unites the benefits of both scanning approaches with directed signature-based scans (by invoking third-party vulnerability scanners) and a continuous operations loop.
Via passive scanning, each engine listens to the local network segment and monitors traffic related to the target IP address range. Each engine listens for indications that a change has occurred to the monitored assets. This passive monitoring detects new devices appearing on a network, new network services being offered by an existing asset, and network-aware applications (such as IM) actively running on monitored assets. Passive detection requires the use of a span port in a switched environment. Passive detection of a change triggers an active scan of the changed asset to gather in-depth information. All results are sent to the management server for processing.
Via active scanning, the DDE examines the entire target network segment, using a ping sweep of the designated IP space to look for hosts. The DDE actively scans any host in the designated range to which it has TCP/IP connectivity, even across routers and switches. Once discovered, each system is actively scanned by the DDE for inventory information and changes. During active scanning of Windows systems, Cambia CM uses either administrator privileges for either the host or the domain, or uses Windows trust characteristics. Once logged in, the distributed differential engine looks for changes, including changes to the system registry, file system, user permissions, and running services.
An active scan is valuable because it provides greater detail and easier deployment scenarios. However, a passive scan can provide more real-time data, makes more prudent use of network bandwidth, and sees everything that happens on the network, even if it is outside the normal purview of an active scan. By combining the benefits of both with signature-based scanning and continuous operation, polymorphic scanning offers the most effective and efficient network discovery and inspection on the market today.
As mentioned above, the differential engine uses continuous polymorphic scanning to identify assets on the network as well as the configuration of those assets, including
Network configuration (e.g., IP address, MAC address, open ports)
Operating system details (e.g., OS type, OS version, patch level, user settings, accessible management protocols)
Application details (e.g., applications installed, versions, patch levels, configuration settings).
However, the extensible architecture of the DDE also permits the seamless addition of scan modules to dive deeper into specific applications. Scan modules are currently available for specific types of network devices, applications, and servers, such as:
Routers and switches – Monitor for changes to routing tables, VLANs, interface configurations, and other network device settings.
Anti-virus – Monitor for removal or disabling of anti-virus software and for the presence of the most recent signature update.
Management Server The management serveris a Windows-based application that embodies the heart of the Cambia CM system. The management server collects information from the distributed differential engines deployed across the organization and identifies all changes to the configuration of network assets.
Note that the definition of “change” can be quite broad and is an aspect of the system that administrators can configure. With the proper credentials and access, Cambia CM can detect virtually every change on a networked asset, down to the level of changes on individual files. Administrators can configure the system to detect the appropriate level of change.
When a change has been detected and it merits further analysis, Cambia CM initiates a signature-based scan focused on the affected asset only. The results of the scan are integrated into Cambia CM’s database for further analysis. As noted, Cambia CM makes use of third-party signature-based vulnerability scanners to conduct the detailed change scans.
After the change has been analyzed, it is prioritized according to a risk quotient algorithm. Since this algorithm takes asset business value into account, it is possible for administrators to harmonize remediation efforts with business priorities.
Once a change has been detected, analyzed, and prioritized, the management server notifies the appropriate administrative entities. Cambia CM is designed with extensibility in mind, incorporating a foundational framework that allows for the rapid integration with third-party applications. The system can also:
Issue an SNMP trap describing the event;
Issue an XML message describing the event;
Execute any local system command;
Be configured to open a trouble ticket with a variety of systems.
The availability of this data set for each event facilitates integration with network management systems, ticketing systems, and security information managers (SIMs).
Database Server and User Console The Cambia CM system is Windows-based and uses Microsoft SQL Server as its production database. The Cambia CM Consoleis a dedicated Windows application used to configure and monitor the Cambia CM system. The console handles all management functions, displays and reporting for the Cambia CM system.
Why Customers Choose David’s Technology Companies use Cambia CM for a variety of security- and compliance-related applications. Cambia CM customers typically use the software to accomplish any of three distinct goals: Security Policy Compliance Cambia CM provides visibility and control into the assets on a network and how they are configured. Enterprises need this increased visibility and control for security and compliance purposes – either to establish or refine a security ‘best practices’ process or to comply with an external mandate. Either way, Cambia CM can automate and accelerate much of this security compliance process.
Rogue Device Detection/Endpoint Security Other customers use Cambia CM’s continuous network inventory discovery capabilities to identify and scan new systems the instant they join the network. Assessment scans can be done with or without credentials and can involve a signature-based vulnerability scanner if desired. Administrators are notified about the appearance of non-compliant systems immediately so that appropriate actions can be taken.
Change Process Validation Many companies have an established change management process. Unfortunately, this is not always a closed loop – companies do not know whether approved changes have been made in a timely fashion and if unapproved changes are taking place. Cambia CM records and analyzes all changes to inventory and asset configuration. These changes are compared with the authorized list of changes in a company’s change management system, and unauthorized changes are investigated to determine if they need to be rolled back.
Major companies have chosen Cambia CM since the product’s launch in late 2004. David’s technical experience and expertise, the growth of Cambia Security and the trust major corporations have placed in his software illustrate that he is a leader who is shaping the information security marketplace, now and in the future.
Here are several examples of how enterprise companies have benefited from the technology that David developed: Rogue Device Detection/Endpoint Security One organization uses Cambia CM to instantly discover when a new asset joins the network. Before using Cambia CM, this was a manual process. The IT security group actually had to do sweeps of the network and look through IP address and asset lists to determine which devices were new. This was particularly difficult in an environment where IP addresses were changing all the time. Using Cambia CM they have been able to automate this process. Change Process Validation Compliance mandates required increased visibility into changes made on thousands of critical production servers at a financial services company. While an in-house developed change control process existed, there was no third-party validation that this process was working properly. No verification that authorized changes were being executed successfully and no detection of unauthorized changes. Cambia CM continuously monitors production servers for all unauthorized changes and is integrated into the change management process to automatically verify that authorized changes are being implemented correctly. Cambia CM provides a single console that allows this company to validate that their environment is configured as desired and that unauthorized changes are NOT taking place. Security Policy Compliance The third example is an organization that was facing quarterly external audits. By using Cambia CM, they were able to reduce the amount of time it took to prepare for audits by 90%--from 65 hours down to 5. In preparing for the audits they knew they would have to answer questions such as “What is your level of compliance against your security policies? What assets are on your network and which are in compliance and which are out of compliance?” In the past they would have had to spend hours doing an internal audit to determine the answers, but Cambia CM has the capability to generate reports to show the level of compliance throughout the quarter.
Here are several examples of how enterprise companies have benefited from the technology that David developed:
Rogue Device Detection/Endpoint Security One organization uses Cambia CM to instantly discover when a new asset joins the network. Before using Cambia CM, this was a manual process. The IT security group actually had to do sweeps of the network and look through IP address and asset lists to determine which devices were new. This was particularly difficult in an environment where IP addresses were changing all the time. Using Cambia CM they have been able to automate this process.
Change Process Validation Compliance mandates required increased visibility into changes made on thousands of critical production servers at a financial services company. While an in-house developed change control process existed, there was no third-party validation that this process was working properly. No verification that authorized changes were being executed successfully and no detection of unauthorized changes. Cambia CM continuously monitors production servers for all unauthorized changes and is integrated into the change management process to automatically verify that authorized changes are being implemented correctly. Cambia CM provides a single console that allows this company to validate that their environment is configured as desired and that unauthorized changes are NOT taking place. Security Policy Compliance The third example is an organization that was facing quarterly external audits. By using Cambia CM, they were able to reduce the amount of time it took to prepare for audits by 90%--from 65 hours down to 5. In preparing for the audits they knew they would have to answer questions such as “What is your level of compliance against your security policies? What assets are on your network and which are in compliance and which are out of compliance?” In the past they would have had to spend hours doing an internal audit to determine the answers, but Cambia CM has the capability to generate reports to show the level of compliance throughout the quarter.
David Meltzer has more than 10 years of experience in developing innovative technology for the security market. David founded Cambia Security, Inc. in January 2003 to bring his vision of using change detection to enhance security operations into reality. The company’s product, Cambia CM, continuously monitors the network for change and works with administrators to remediate those that impact security or compliance posture. Under David’s leadership the company obtained venture funding from JK&B Capital of Chicago and brought the first version of its security policy enforcement software, Cambia CM, to market in December of 2004. David is an IDS pioneer, an original author and the lead developer of the market-leading RealSecure IDS from Internet Security Systems. During his three-year tenure at ISS, David architected RealSecure, developed the engine and a majority of the signatures. He also led the development of both the network and host-based intrusion detection products for ISS. David is also a respected researcher, discovering numerous vulnerabilities and co-founding ISS's X-Force security research group, the largest commercial security research group in the world. Immediately prior to Cambia, David was the founder and CTO of Sonicity, a secure multicasting software company whose technology was acquired by Sony in November 2001. He has a B.S. in Computer Science from Carnegie Mellon University.
David Meltzer has more than 10 years of experience in developing innovative technology for the security market. David founded Cambia Security, Inc. in January 2003 to bring his vision of using change detection to enhance security operations into reality. The company’s product, Cambia CM, continuously monitors the network for change and works with administrators to remediate those that impact security or compliance posture. Under David’s leadership the company obtained venture funding from JK&B Capital of Chicago and brought the first version of its security policy enforcement software, Cambia CM, to market in December of 2004.
David is an IDS pioneer, an original author and the lead developer of the market-leading RealSecure IDS from Internet Security Systems. During his three-year tenure at ISS, David architected RealSecure, developed the engine and a majority of the signatures. He also led the development of both the network and host-based intrusion detection products for ISS.
David is also a respected researcher, discovering numerous vulnerabilities and co-founding ISS's X-Force security research group, the largest commercial security research group in the world. Immediately prior to Cambia, David was the founder and CTO of Sonicity, a secure multicasting software company whose technology was acquired by Sony in November 2001. He has a B.S. in Computer Science from Carnegie Mellon University.
Cambia Security, Inc. 11675 Rainwater Drive Suite 675 Alpharetta, GA 30004 USA Tel: 1-404-815-8372 or 1-678-356-1600
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
