The Challenge
In 2007, the King County Elections (KCE) department had an initiative to replace their ballot tabulation and processing systems. King County wished to use the latest technologies from Premier Elections Solutions (formerly Diebold). Some constituents had raised concerns regarding the security of these systems and their ability to provide fair, honest and transparent elections.

This was a highly political issue, with many opinions and perceptions. KCE needed to perform independent security assessment of these elections systems. Almost all security assessments of the Premier solution up until then had been done in a laboratory style setting. KCE needed a “real-world” security analysis. Premier was also concerned about the fairness of this assessment, as many people had levied accusations against their company.

The Solution
Anitian relied on our scientific modes of analysis to conduct a neutral, fair and open-minded analysis of the elections system. We specifically build an analysis methodology that ruled out bias and personal agendas to focus on the reality of the system. Anitian avoided exaggerated and emotional claims to focus on the technical realities and provide KCE with a truly independent view of their elections systems.

The Impact
Anitian was able to conclusively prove that KCE had done an exceptionally good job in designing security practices and procedures to compensate for some technical weaknesses. The end result was a reliable system that the citizens of King County could rely on for fair, honest and transparent elections. Anitian’s final report is publically available at: http://tinyurl.com/m29j6s.

The Challenge
One of the largest electric power utilities in the country was under increasing pressure to become compliant with the requirements of the NERC-CIP regulations. One of the key issues was monitoring systems and providing real-time alerting of possible threats to critical infrastructure components.

The Solution
Anitian worked with company leaders and stakeholders to refine requirements and evaluate technologies. Anitian brought in RSA’s Envision solutions to provide a distributed, high-performance log and event management solution. The client evaluated three other competing products, finally selecting Anitian’s solution using RSA Envison. Anitian then worked on-site with the customer and RSA to install, configure and operationalize the solution. Anitian designed policies, developed custom data parsing solutions and programmed special alerts.

The Impact
Anitian consultants were instrumental in helping this power utility not only comply with a key aspect of the NERC-CIP regulations, but also improve organizational security and risk management. In the end, the client had a powerful event management solution that was providing measurable return on investment and risk reduction.

The Challenge
Anitian began working with a regional credit union in 2001. At that time, the company had many security problems. Existing security vendors had failed, repeatedly, to resolve endemic network and employee abuse problems.

The Solution
Anitian started with a basic strategic plan. Slowly over the course of many years, the organization would implement new controls to protect assets and resolve network problems. From 2001 to 2006 Anitian implemented new enterprise firewalls, intrusion prevention, web filtering, two-factor authentication, SSL-VPN and numerous policy and process improvements.

The Impact
Over the past seven years, the customer has become one of the largest credit unions in the Pacific Northwest. This company is now heralded as a leader in information technology. They have some of the most sophisticated and robust security controls in the nation. A recent federally mandated security audit noted in their comments: "This is one of the most security-savvy credit unions we have ever seen."

The Challenge
In the summer of 2004, Anitian won a small contract with a large municipal government to perform remediation analysis. Four other security vendors were also selected at that time to perform other projects. Anitian completed the remediation work under budget and was immediately called back to do a larger project. This involved helping the CIO unify multiple, disparate agencies to some common best practices for security. It was a monumental challenge that a global security consulting firm was unable to accomplish with a six-figure budget.

The Solution
Anitian, working off a five-figure budget, came up with a novel approach. A common "report" that would help all agency IT staff understand best practices for the entire government entity. The report was long (about 375 pages), but it described best practices for dozens of different domains such as perimeter security, encryption and change control. The report also included a security maturity self-assessment tool. This allowed each agency to perform their own internal assessment of their security maturity.

The Impact
The affect of this document was profound, to say the least. While it prompted many discussions and debates, it also encouraged a group of highly divergent agencies to start using the same language and concepts. This eventually transformed into a common set of policies, guidelines and standards (which Anitian also helped write). The project was extremely successful and has become a standard model for other municipal governments looking to unify information security management and governance.

The Challenge
Anitian began working with a medium sized manufacturing company in 2003. At that time, the company had a very minimal network and serious reliability issues on workstations. Company owners were looking to expand and grow the business. But they needed a secure and reliable network.

The Solution
Anitian worked with senior management to slowly introduce new technologies and new processes over the next two years. This included a migration to a new network, new firewall, end-point protection and spam filtering.

The Impact
Over the past three years, the customer has more than doubled their business. During this time, Anitian has helped their network become a reliable and secure part of the business. Downtime is almost non-existent, employees have almost no spam messages, desktop computers are reliable, and the business has been able to add many other new services.