Case Study

DCX-CHOL Enterprises, Inc.

DCX-CHOL Enterprises, Inc. specializes in manufacturing military and aerospace interconnect parts including custom connectors, cable assemblies, and wired enclosures. As a small, privately held company, they are comprised of five divisions, each focused on specialized verticals and products, ranging in complexity from straight assemblies to sophisticated high-density harnesses and circuitry.

Industry: Manufacturing

Website: https://www.dcxchol.com

Executive Summary

Industry

  • Manufacturing

Challenge

  • Replicate and stand up new IT department in division sell off while continuing compliance to stringent government security regulations

Solution

  • Pulse Access Suite Plus
  • Pulse Connect Secure (PCS)
  • Pulse Secure Appliance (PSA)

Results

Met priorities for IT department:

  • Security
  • Compliance with government requirements (CMMC, NIST 800-171)
  • End-user satisfaction
  • Integration capability
  • Affordability

Overview

As a part of a recent division spin-off and the resultant contract, the IT Team at DCX-CHOL was tasked with standing-up the IT suite for the newly-formed operation (now under ownership by a subsidiary of another company); namely mirroring the original deployment at DCX-CHOL.

For a few years prior to the above installation, Pulse Secure’s VPN solution, Pulse Connect Secure (PCS), and Pulse Secure Appliance (PSA) had already been proven to be reliable and cost-effective for DCX-CHOL. More importantly, Pulse Secure was chosen at the time as a best-of-breed vendor for secure access, having been vetted through various government certification requirements—an achievement unto itself—which made logical sense for duplicating the products used.

With the implementation of PCS, PSA, via the Pulse Access Suite Plus, DCX-CHOL was able to realize a holistic, interoperable, and future-forward secure access platform that made good business sense. The level of confidence, familiarity, and trust in Pulse Secure, now identified as a “Preferred Vendor” allowed the IT Team to replicate their past success for the new installation.

Adhering to Strict Government Compliance Guidelines

With the bulk of their business comprised of federal and public sector customers, DCX-CHOL operates under stringent security guidelines adhering to various mandated certifications that include:

  • The Cybersecurity Maturity Model Certification (CMMC), a certification and compliance process developed by the Department of Defense (DoD), designed to certify that contractors have the controls in place to protect sensitive data.
  • International Traffic in Arms Regulations (ITAR), a U.S. regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML). ITAR mandates that access to physical materials or technical data related to defense and military technologies is restricted to US citizens only.
  • Defense Federal Acquisition Regulation Supplement (DFARS), a set of restrictions for the origination of raw materials intended to protect the US defense industry from the vulnerabilities of being overly dependent on foreign sources of supply.

As a smaller defense contractor, meeting government and DoD criteria for business operations can be a challenge. Non-compliance can result in stiff criminal and civil fines and penalties, so adherence is critical. With approximately 500 employees, DCX-CHOL faces many of the same challenges as enterprises exponentially larger, yet without the benefit of extensive staffing, resources, or budgets at their disposal. As such, they have to operate more efficiently by making smarter choices to maximize security investments while minimizing overhead costs and additional personnel required.

Rodney Arthur, Director of Information Technology at DCX-CHOL, and his team were tasked with “building everything from scratch” for the new IT department:

“In the last year we sold off one of our divisions, agreeing to stand up their IT department as a part of the spin-off. It also meant building nearly the entire IT infrastructure from scratch. One of the things we had to install was a VPN solution, immediately opting for the Pulse virtual VPN. That was a good choice because it was easy for the customer base to transition since they were already familiar with the product. When the acquiring parties initially toured our operations, they asked that we model their systems as closely to our systems, including the VPN. Going with Pulse was always the obvious choice.”

For CMMC certification we need to be level 3. Pulse meets all of our needs from a VPN standpoint, and supports security requirements all the way to level 5. Pulse can grow as we do, including helping our audits from entities like the DoD, because of their familiarity with Pulse Secure.

Providing a Comprehensive and Seamless SSL VPN Solution

With an older customer base, having to on-board new systems can be a challenge. Adapting to new technology requires a learning curve that is sometimes counterproductive by adding time and complexity. By choosing to stay with Pulse, users were able to continue operations in a familiar and consistent setting. With a simple UI, users can click on an icon, enter credentials to log in, and be up and running.

Another important security function is the ability to pull logs into their SIEM. Because Pulse Secure works with an organization’s existing wired and wireless infrastructure, NGFW, SIEM, MDM and vulnerability solutions are seamlessly integrated, in many cases working right out of the box.

Using the Rapid7 SIEM, DCX-CHOL can pull up the dashboard, showing 360-degree endpoint insight and intelligence including where clients are logging in over the VPN. Being able to enforce dynamic network segmentation, in real-time, can help prevent threats from moving laterally, and enable bi-directional integration with their SIEM infrastructure for an expedited response.

The rich behavioral analytics by Pulse provides correlation of user access, device context, and system logs to an analytics engine to find anomalies and mitigate risk. Having the ability to integrate this data into the company’s existing data results in a more cohesive security posture, helping consolidate their security stack.

Pulse runs consistently. Going into COVID, our mobile workforce was already up and running, while I noted other companies were clamoring. I didn’t realize how much difficulty other people were having with mobility. With Pulse as our foundation for remote access, we were already covered. So essentially, all we needed to do was to add a few more laptops.

With a long-term goal of moving towards a Zero Trust model of security, Rodney and his team have been making incremental changes including removing several other products that didn’t align with future needs. A shorter-term goal, as a defense contractor, is to achieve CMMC level 3 with its strict audit requirements. Because Pulse covers some of the controls already, DCX-CHOL is in a favorable position to reach CMMC level 4, a personal goal for Rodney and his team.

Another compliance hurdle is to get to FIPs 140-2 encryption, which Pulse has been certified for—something not all VPN vendors can declare. Adherence to standards such as FIPS are regulated requirements but also form best practices to ensure that security products are themselves able to withstand attack.

With locations in Southern California, Illinois and Indiana, Rodney is considering standing up a second virtual appliance in Illinois as a part of their disaster recovery solution. Having the ability to add it to their Hyperconverged Infrastructure (HCI) cluster helps reduce the need for more physical space, while increasing processing capacity. With this HCI private cloud approach, buoyed by Pulse Secure’s Secure Access suite, Rodney and his team have been able to cut out at least half of the servers in his infrastructure while maintaining compliance to government security regulations.

About Ivanti

In the Everywhere Workplace, employees use myriad devices to access IT networks, applications, and data to stay productive as they work from anywhere. Ivanti makes the Everywhere Workplace possible.