Market Intelligence You Can Act On Secure Remote Support for CJIS Compliance December 11, 2014

Welcome to our Webinar Webinar Recorded Link ed directly CJIS GROUP Webinar Library Survey

Agenda CJIS GROUP OVERVIEW CJIS POLICY & AUDIT FINDINGS REMOTE ACCESS CONSIDERATIONS PATHWAYS FOR HACKERS REMOTE SUPPORT SECURITY BOMGAR IN A CJIS ENVIRONMENT CASE STUDY REMOTE SUPPORT SOLUTION Q&A

Presenters Bryan Hood Senior Solutions Engineer Scott Braynard Vice President, Public Sector Lauren Franco Marketing Manager

CJIS GROUP How do we support State and Local Government? CJIS GROUP Database helps officials: Fund new initiatives by seeing how other agencies paid for these services. Locate vendors who are successful in the state and local market. Connect more with agencies working on similar objectives.

FBI CJIS POLICY The CJIS Security Policy provides a secure framework of: laws, standards, and elements of published and vetted policies for accomplishing the mission across a broad spectrum of the criminal justice and noncriminal justice communities.

Overcoming Funding Barrier “ Baking in” to a larger solution Leveraging other agency’s technology investments Investing in a platform that provides flexibility for the future = good investment over time Types of Agencies Procuring Help Desk Support in 2014

Remote Support for CJIS Compliance

BOMGAR – Revolutionizing Remote Support Securely support remote Windows, Mac, Linux & Mobile Devices Trusted by 8,500+ customers around the world:

Criminal Justice Information Services (CJIS) Security Policy Remote Access The agency shall authorize, monitor, and control all methods of remote access to the information system. Remote access is any temporary access to an agency’s information system by a user (or an information system) communicating temporarily through an external, non-agency-controlled network (e.g., the Internet). The agency shall employ automated mechanisms to facilitate the monitoring and control of remote access methods. The agency shall control all remote accesses through managed access control points. The agency may permit remote access for privileged functions only for compelling operational needs but shall document the rationale for such access in the security plan for the information system.

Remote Access Considerations INTEGRATION CONSOLIDATION SECURITY SERVICE LEVELS Support Multiple Platforms On or Off Network Legacy Leftovers Little or no logging Shared Accounts No Central Configuration Insecure communication Security Providers Ticketing Systems Inventory Systems Time to resolution First Call Resolution Productivity Customer Satisfaction

Support All of Your Devices with a Single Solution

Unsecure Remote Access – Pathway for Hackers “When targeting companies, typically SMBs, the criminals access victim networks via Microsoft’s Remote Desktop Protocol (RDP) either via unpatched vulnerabilities or weak passwords.” 2013 Data Breach Investigations Report “Organizations that use third-party support typically use remote access applications like Terminal Services (teamserv) or Remote Desktop Protocol (RDP), pcAnywhere, Virtual Network Client (VNC), LogMeIn or Remote Administrator to access their customers’ systems. If these utilities are left enabled, attackers can access them as though they are legitimate system administrators.” 2013 Global Security Report "The bad guys have continually used remote access login to perpetrate their crimes and breaches against POS systems, since they gain the privileges and visibility they need with software like LogMeIn. It's a huge vulnerability that most enterprises don't currently have enough control over, given their relationships with service providers and contractors. They need to tighten up that glaring hole by enforcing strong user authentication into remote- access facilities into their systems and auditing the access that does take place." Avivah Litan in BankInfoSecurity, July 2014

Remote Support Security Architecture – Centralized, hardened appliance keeps data behind your own firewall Authentication – Integrates with your identity management systems (e.g. Active Directory) Access Controls – Rep Permissions to control who accesses what, when and from where Audit – Full session log and video recording of each session

Bomgar in a CJIS Environment

Case Study: County IT Department Supports approximately 400 county employees and 700 computers, servers and other devices located in 17 county sites Sites include the sheriff’s office, health department, landfill, animal control and the airport Need to meet CJIS and HIPAA requirements Previously used Windows built-in freeware tools - not always effective, and hour-long trips to the county sites were often required Bomgar is saving technicians more than 50 percent of the time they used to spend in the field while increasing CJIS compliance “For security reasons, I knew I wanted a remote support solution that was not cloud-based. Having the Bomgar appliance on-premise has proven to be an important feature because the FBI CJIS rules have increased requirements for secure communications. As our county government continues to grow, I know I have a remote support solution in place that ensures secure, effective remote assistance for our users. The bottom line is that Bomgar just makes my job a whole lot easier.” County IT Systems Administrator

Case Study: State IT Department Large state IT teams were using various remote access tools to support 47,000+ employees Employees were targeted by hackers posing as Microsoft support technicians Needed to consolidate to a single remote access tool that employees could recognize and trust Original tools didn’t capture audit trails or enable vendor management Needed a solution that could be used to support all employees, on and off the network, while meeting CJIS compliance requirements

Case Study: Software Vendor Operates the nation’s largest law enforcement real-time, information sharing, communication and data interoperability network Supports law enforcement officers using Windows desktops and laptops, in an office and on the road Texas Department of Public Safety informed them that current remote support solution didn’t meet CJIS requirements Bomgar makes it easy for the team to securely access computers at any time to readily resolve issues “If you are looking for a secure remote support solution that is easy to use, Bomgar is the way to go. For our specific needs, the fact that Bomgar meets compliance standards made it the best solution for us.” V.P. of Operations

Remote Support Solution

Q&A Bryan Hood Senior Solutions Engineer Scott Braynard Vice President, Public Sector Lauren Franco Marketing Manager

Thank you for attending Webinar recording will be available on For additional questions please or call For Remote Support Questions please Scott Braynard