Services Provided: CMMC compliance/NIST compliance and Penetration Test Preparation and ERP, Windows, Active Directory, and Network Security Hardening

Note: For operational security reasons, the name of the DoD contractor has been withheld

CHALLENGE

Located in Iowa, the DoD contractor provides vortex flow meters and sensors for automotive, military, industrial and mining applications. They were in the process of being bought out by another company that was requiring them to be CMMC compliant and to pass a penetration test by a well-known third-party cybersecurity and compliance company. The contractor also had an end-of-life WatchGuard Firebox that needed replacement and a custom business line critical application that was proving impossible to security harden. The contractor’s Director of Engineering, Dave Medin, finding it difficult to identify a MSSP with the depth and breadth of knowledge needed to implement CMMC compliance and to security harden their environment.

“I had spent a fair amount of time, rather frustrating I may add, and was unsuccessful in identifying people to help us improve our Windows security posture, double check my work, and ultimately provide IT services to us in areas where we need to improve. We had a really frustrating time finding people who are qualified, and it ends up being really interesting how this played out with Felicia and the QPC Security team. It started with Felicia convincing us that we needed to take a more comprehensive look at our overall firewall environment rather than just buying a firewall. At the same time, she also queried me on what we were looking for with respect to our overall cyber security strategy. These conversations just happened to hit at the exact same time I was growing frustrated with the lack of local expertise that could guide use through the CMMC adoption era and I was beginning to realize that I did not know the full depth of the Windows security environment because it has been evolving so rapidly.”

“I was thinking our security architecture was basically watertight. I did not know about having someone come in and do all this ‘extra’ stuff. To start, Felicia offered to do a remote assessment of our current configurations and that started the whole OH WOW, OH, OH, OH NO! …our environment turned out to be horribly insecure. I recognized how little I knew and how inaccurate the advice was that we were previously provided by other IT services companies regarding securing our assets or even baseline standard mitigation practices.”

One project we had hired a previous consultant to work on was a multifactor authentication system for our local Windows computers. They were supposed to deploy Windows Hello for local biometric authentication They said they were a Microsoft Partner. After starting the configuration, they found out it was much more complex than they represented to Dave and could not deliver a working system. Dave said, “They overrepresented their experience with Microsoft products and their connection to Microsoft.”

SOLUTION

QPC Security provided a replacement WatchGuard Firebox with hardware carefully matched to the needs of the company. The Firebox was programmed with a custom configuration designed to meet the most stringent security hardening requirements. And as Dave explains, QPC Security then went further. “Felicia convinced us we needed a better look at our firewall environment rather than just buying a firewall and using it strictly for the perimeter.” QPC Security then implemented micro segmentation on the network to further security harden the system.

QPC Security then remediated the entire on-premise Windows Active Directory, servers, backups, printers, and workstations configuration for security and compliance.

QPC Security was able to get a Windows NT era Enterprise Resource Planning (ERP) business critical application to function in a modern security environment. As part of the security remediation, settings were implemented for lockdown in a controlled change process with time between the changes to let any issues come to light. To start the process, Felicia conducted an audit of the critical ERP platform and wrote a document which was used in a conference call with the application support vendor to fully vet all of the things that were concerns. By doing this, problems were identified, yet presented to the application vendor to get their feedback so that clarity could be attained around what was required and not required for the application to work. NTLM is a deprecated, insecure authentication protocol yet used by nearly all Windows environments that have not been adequately hardened. As part of the security hardening project at the company, NTLM was disabled which caused a portion of the ERP system to break. The problem was escalated to the application support team who was not able to help. Dave notified Felicia of the problem and she dug into it and figured out how to modify the configuration of the ERP application to make it work in accordance with security standards and best practices. Throughout this process, Felicia documented the configuration in order to add to the company’s business continuity documentation. Dave noted, “Felicia built a secure model around an insecure code base”, and “She is a Swiss army knife of IT information, and all of it being security-centric”.

Throughout this entire process, QPC Security was able to provide us ongoing monitoring and management services for all of our technology needs including phone system, server, cloud, networking, and more. Think of it as comprehensive NOC and SOC services plus ongoing monthly project services as needed.

IMPACT

The DoD contractor passed the penetration test administered by the third-party cybersecurity and compliance company after just one month of collaborative work between QPC Security and Dave. Dave commented that the Penetration testers had said of the company’s network it is “the toughest system they ever ran across and very well put together.”

To learn more about the Cybersecurity, Security Hardening, and Managed IT services offered by QPC Security, contact us today.