Robert E. Johnson, III, President and CEO, Cimcor, IncRobert E. Johnson, III, President and CEO
Ever since its inception, Cimcor, Inc. has been a valued security solutions partner to some of the leading organizations across the globe. The company provides a comprehensive set of security, auditing, and compliance tools to ensure the integrity of an organization’s entire IT Infrastructure.

In an interview with CIO Applications, Robert E. Johnson, III, (President and CEO of Cimcor) shares some valuable insights about the industry and the company’s advanced security solutions to help readers understand how Cimcor could play a game-changing role in safeguarding organizations against rising cyber-attacks. Under his dynamic leadership, the firm today is a well-regarded name in the cybersecurity market and offers one of the best suites of solutions and services.

1. What do you think are some of the challenges prevailing in the cybersecurity space today?

From just 390,000 new threats every day in 2014, the number today has risen to a whopping 1.2 million new variants of malware, forcing organizations to lay never-before-like emphasis on IT infrastructure security. These pieces of malware are morphing so quickly that they are exceeding the capabilities of most antivirus tools, firewalls, and intrusion detection systems. I think some of the current challenges are zero-day attacks and IoT related attacks and breaches. Devices making up the IoT ecosystem often don’t have the proper security controls embedded into them, making it difficult for enterprises to thwart exploits. Finally, 52 percent of all breaches are simply the results of internal threats. We all need to stay vigilant, train our employees, and teach them to identify anomalies in our working environment.

2. Could you give an overview of the range of security solutions and services that Cimcor offers?

Compliance initiatives such as PCIDSS, NERC-CIP-007, and NERC-CIP-010-2 stipulate organizations to monitor, identify, and track unexpected changes proactively. Our product, CimTrak, is designed to comply with such regulations. It is a comprehensive security, integrity, and compliance application that enables organizations to identify both expected as well as unexpected changes occurring in servers and network devices in real-time. It monitors servers and network devices for any type of changes on a variety of operating systems such as Windows, Linux, or Mac OS and across a host of network devices including Cisco, Fortinet, Juniper, and a variety of others. With CimTrak, when those inevitable zero-day attacks occur, our customers will have the knowledge and insights into what is happening inside their infrastructure. It can also identify when additional privileges given in database schemes are altered.

When CimTrak identifies any change, it generates an event log and sends that information to SIEM. However, unlike no other tool in the industry, our solution takes it a step further. CimTrak can effectively change things right back to how they should be—the ultimate remediation piece that really makes us stand apart. Moreover, it can also prevent changes from occurring in the first place. Another feature that is unique to us is our ability to identify when users access restricted content.

3. Please elaborate on your strategies as well as implementation methodologies.

CimTrak stands apart in the industry due to its ease of usage, simple deployment, and low total cost of ownership.

CimTrak stands apart in the industry due to its ease of usage, simple deployment, and low cost of ownership

Every customer is different with varied controls in place to help them meet specific compliance or regulatory requirements. We start any customer assistance process by understanding exactly what they need and what is important to them; that includes understanding the customer’s regulatory requirements, security objectives, and infrastructure. We then identify the right components of our solution that can cater to those requirements. Our CimTrak product is very modular and acts as a framework for detecting and tracking changes in an enterprise. We have a variety of modules for monitoring firewalls, database routers, and switches that seamlessly plug into the framework.

4. Please share a case study that reflects Cimcor’s value proposition in assisting clients to overcome their security challenges and attain desired outcomes.

We assisted a credit card company, who processed a large number of transactions, that reached out to us asking for support in successfully completing a PCI audit. Had they had failed the audit; the company would have no longer been able to process credit card transactions. Because our software is easy to deploy and simple to configure, our team was able to take it live in a matter of few days. With CimTrak in place, the client was able to complete and pass the PCI audit without any hassles.

5. What spurred the conception of Cimcor? Can you give us an inside view of what is going on in your innovation lab? Moreover, what is Cimcor’s next big step?

Cimcor was initially focused on process automation and control. But we noticed that though manufacturing facilities had high value, specialized computers on the floors, they were very insecure and lacked controls which could ensure seamless production. These observations led us to innovate a solution to protect plant floors and identify changes in those environments. We have expanded on these innovations in order to secure the entire enterprise.

Another innovation we just introduced is a new concept—a change monitoring solution blended with a ticketing system. The new solution not only identifies changes but also provides documentation regarding those changes. This helps bridge the gap between security and compliance.

As a recognition of our innovations, we were ranked seventy-fifth in the Cybersecurity Ventures’ Top 500 cybersecurity companies for 2016 and 2017.

Today, we have a growing number of customers in banking, military, and government agencies among others. We will focus on expanding the number of modules or the types of modules that plug into our change management framework because we are committed to helping enterprises detect all changes within their IT infrastructure. We will also be expanding the number of databases that we can support and rolling out features that will provide even greater insight about changes throughout the enterprise.