Red Hat Ready partner, Agile Defense, helps U.S. Government customers innovate through technology. The leading information technology (IT) services business partnered with Red Hat to create a Security Technical Implementation Guide (STIG) configuration, reporting, and remediation tool. Built on Red Hat Ansible Automation Platform, Agile Defense’s Compliance-as-a-Service (CPaaS) helps customers within the U.S. Department of Defense (DoD) keep their systems more secure and compliant. Red Hat technical and business experts helped Agile Defense bring CPaaS to market faster and increase visibility of the tool in a competitive market.
- Reduced customers’ time spent on audits by 98%
- Brought CPaaS to market faster
- Increased visibility in a competitive market
Helping U.S. Government customers avoid threats
Preventing cybercriminals from gaining unauthorized access to their systems and infrastructure has never been more pertinent. Many breaches that occur are the result of configuration errors. For the U.S. Department of Defense (DoD) and federal agencies, avoiding threats requires them to adhere to strict information, security, configuration, and compliance standards in the Defense Information Systems Agency (DISA) STIGs.
Regular audits check for misconfigurations and other errors, but these audits are repetitive, resource-intensive, and costly. Agencies can spend months preparing for an audit. “Our customers’ production tasks would grind to a halt ahead of an inspection while they got all their documentation in line,” said Shawn Draper, Solutions Engineer at Agile Defense. “It was a very time-consuming, manual process.” Moreover, this reactive, manual approach was leaving customers open to known vulnerabilities between checks.
A Red Hat Ready partner, Agile Defense recognized this common challenge with its U.S. Government customers. “Misconfigurations and audits are a pretty pervasive pain point for a lot of the government customers we’ve talked to,” said Sara FitzGerald, PhD, Technical Writer, Agile Defense. The leading IT services business, which prides itself on innovation through information technology, began developing a solution. The resulting STIG automation solution performs ad-hoc systems audits, optionally remediates misconfigurations, and reports on the current state of devices.
Using automation to mitigate the impact of audits
Otherwise known as Agile Defense’s Compliance as a Service (CPaaS), the STIG automation solution uses Red Hat Ansible Automation Platform because of its flexible and scalable automation capabilities. “We chose Red Hat Ansible Automation Platform to tackle this problem because it can communicate with everything,” said Draper. “Network devices, Windows machines, databases, web servers… Red Hat Ansible Automation Platform can talk to them all.”
Additionally, Red Hat recently collaborated with DISA on a STIG for Red Hat Enterprise Linux® and understands the importance of creating standards for every device, OS, and software version.
CPaaS uses Red Hat Ansible Automation Platform configuration management automation capabilities to audit for open vulnerabilities. “Red Hat Ansible Automation Platform connects to devices and executes commands specified in an Ansible Playbook,” said Draper. Having identified misconfigurations automatically, CPaaS can also automatically remediate them by following commands in a bespoke Ansible Playbook. Agile Defense has built a variety of playbooks, each designed to test a different type of device. These include playbooks for Red Hat platforms, Windows devices, VMware hypervisors, Cisco routers and switches, and firewalls.
“Fixing the deficiencies is only part of the battle ahead of audits,” said Draper. “CPaaS helps with all of the paperwork too by automatically producing all the documentation needed.” Specifically, CPaaS uses Red Hat Ansible Automation Platform to write an XML check file (viewable in DISA’s STIG Viewer) for every device on the network and vulnerability identified to present to the auditor. These artifacts produced by CPaaS can show current-state information and demonstrate that particular security configurations have been implemented. Red Hat Ansible Automation Platform also allows customers to extend the capabilities of CPaaS to manage workflows and inventory, schedule audits, and introduce role-based access control.
Partnering to accelerate time to market
Red Hat has supported Agile Defense throughout this project. The partners’ technical teams speak at least every other week, and a named technical single point of contact provides support whenever the Agile Defense technical team needs it. “Our Red Hat technical contact has been a fantastic source of information,” said Draper. “He either knows or knows how to find all of the minor details you need when you’re developing this type of solution.” The Red Hat technical contact may also call upon Red Hat subject matter experts to meet with Agile Defense’s engineers to discuss customizations, deployments, scaling, enhancements, and security capabilities.
Complimentary online training through Red Hat Online Partner Enablement Network (OPEN) helped Agile Defense increase productivity. “The Red Hat training was a great foundation for learning Red Hat Ansible Automation Platform and understanding how it functions and how the language works,” said Draper. “It was very thorough, very helpful, taking you from setting up Red Hat Ansible Automation Platform through to building playbooks.” The training included self-paced online modules, slides, videos, and a lab component. The lab environment was set up for attendees in the Red Hat Product Demo System (RHPDS), the same system Red Hat uses internally, to connect to and practice using Red Hat Ansible Automation Platform.
Agile Defense also meets twice a month with the Red Hat account leads to discuss upcoming DoD opportunities. During these meetings, the dedicated Red Hat partner team provides detailed reviews of Red Hat products and technologies. “This sharing of information is instrumental in our partnership as, together, we shape opportunities and keep each other up to date of changes in the industry,” said Hector Collazo, Director of Technology at Agile Defense.
Accelerating value from a critical compliance tool
Reduced customers’ time spent on audits by 98%
The proactive monitoring of an agency’s security posture that CPaaS provides is critical to maintaining readiness in the face of cyber threats. Historically, this monitoring has been resource-intensive and required additional software on endpoint devices. By using Red Hat Ansible Automation Platform to scan for open vulnerabilities, Agile Defense’s CPaaS saves Agile Defense’s government customers a considerable amount of time.
“CPaaS saved one of our customers around 98% in terms of person-hours,” said FitzGerald. “They no longer need to manually click boxes and enter information in an XML tool for every device on their network.”
CPaaS is also ensuring consistency across devices. “One of the great things about automation is that it does the same thing every time,” said Draper.
Brought CPaaS to market faster
In combination with support from the technical contact, the Red Hat OPEN training helped Agile Defense bring CPaaS to market faster. “I went through the Red Hat training in about a week, and it probably saved me three or four months of reading documentation and struggling to get started with Red Hat Ansible Automation Platform,” said Draper. “The training was like a springboard that allowed us to quickly make a product that works. And just having our Red Hat contact available to act as a sounding board and help us work through the challenges we encountered with using the tool was invaluable.”
Increased visibility in a competitive market
Red Hat is helping Agile Defense increase visibility of the CPaaS tool, including it in the Red Hat booth at the Air Force IT Conference (AFITC). Potential Air Force customers will experience the STIG automation features of the CPaaS solution on Red Hat Ansible Automation Platform first-hand. After the conference, the partners will coordinate follow-up visits with customers.
“The AFITC is a highly competitive Air Force environment,” said Collazo. “Allowing Agile Defense to display the CPaaS Solution in the Red Hat booth provides a powerful, effective advertisement for a small company that would ordinarily be overlooked at this conference.”
Enhancing value for customers by building on a successful partnership
With positive feedback from customers on CPaaS and a lot of excitement from potential customers, Agile Defense is expanding its catalog of audited devices. “We’re always developing new Ansible Playbooks to audit and remediate the next big thing,” said Draper. Agile Defense is even looking at expanding its team to accelerate development times and to be able to better support both current and future customers.
The partners will continue working closely together not only at a technical level but also at a business level, following potential leads and new opportunities. “We appreciate the support and the dedication that the Red Hat account teams have provided our company,” said Collazo. “Our partnership with Red Hat is perfect. Agile Defense has the contract vehicles for pursuing opportunities, and Red Hat has the products and emerging technologies. Together we can both be successful.”
Red Hat Ansible Automation Platform makes Agile Defense more competitive. “Red Hat Ansible Automation Platform is a very powerful configuration tool,” concluded FitzGerald. “It gives us an edge in an emerging market.”
About Agile Defense
Agile Defense is a leading information technology (IT) services business based in Reston, VA. It has a number of U.S. Government clients, including several U.S. civil agencies and various branches within the U.S. Department of Defense.