CYBERSECURITY
In order to successfully manage the risks of cybersecurity today, organizations must look at their security model as a whole and ensure visibility and control for the entire duration of a cyber attack: before the attack occurs, during the attack, after it starts damaging IT systems or stealing information, as well as blocking the attack, investigating events and applying measures to prevent a recurrence. It is also necessary for the security model to cover the entire organization’s data network, terminal equipment, mobile devices, data centers, virtual environments, and Cloud applications.
Adopting an IT security architecture provides you with advanced protection against the security threats of the entire IT system and involves the cooperation of security systems in all stages of computer attacks.
Datanet Systems’ experience in cybersecurity
Datanet Systems is a Cisco Gold Certified Partner, and its team of security experts designs and implements complete security architectures for medium and large companies and for public sector organizations, adapting these solutions to organizations’ requirements, goals and budgets.
Our extensive security and integration capabilities for complex IT infrastructures allow us to provide turn-key, pre-tested and integrated solutions into coherent security architectures. Our portfolio includes Cisco, Crowdstrike, Cyberark, Cymulate, F5 Networks, Fortinet, Meraki, Netscout Systems, Palo Alto Networks, Sentinel One, Solarwinds, and Splunk products and services.
Also, for organizations that need an integrated quality system to manage security risks but have limited resources from internal technical expertise, Datanet Systems provides IT security infrastructure as a service and Security Operations Center (SOC) services.
Datanet’s cybersecurity portfolio
MORE DETAILS
NEXT-GENERATION FIREWALL & IPS
Cisco Next-Generation Firewall:
- Provides advanced protection against computer vulnerabilities and breaches;
- Allows the creation of security zones and access policies between areas;
- Offers monitoring, analysis and blocking of traffic at application level (Facebook, WhatsApp, Twitter) and categories of domains (social media, gambling, drugs, etc.);
- Facilitates the automatic application of security policies throughout the organization;
- Allows integration with Active Directory to link security policies with defined user categories.
Cisco Intrusion Prevention System:
- Conducts real-time traffic inspection and blocks it when an IPS signature that signals a known threat is detected ;
- Benefits from constant updates of the IPS signature base to stop the most recently launched attacks;
- Provides real-time recommendations based on existing network traffic for the IPS inspection algorithm to dynamically adapt to existing infrastructure.
WEB APPLICATION FIREWALL
F5 Advanced Web Application Firewall (WAF):
- Protects organizations against attempts to steal accounts and login passwords;
- Provides protection against software robots that attempt to gain unauthorized access by automatically filling in the fields on web pages with bogus login data;
- Dynamically encrypts connection data;
- Automatically blocks DoS (Denial of Service) attacks at levels 3, 4, and 7, analyzing traffic profiles generated by Web applications.
ADVANCED MALWARE PROTECTION
Cisco Advanced Malware Protection (AMP):
- Performs a continuous analysis of the files that enter the network with advanced traceability capabilities (also presenting retrospective analyzes);
- Provides file and archive protection, with the possibility of analyzing them in the Cisco sandbox environment;
- Dynamically scans all executable files.
Cisco Advanced Malware Protection (AMP) for Endpoints:
- Identifies malware files/code and blocks them before infection;
- Integrates anti-malware functionality to inspect files on devices running Windows, Linux, Android and iOS;
- In case of “Zero-Day” attacks, it offers the possibility to send files for inspection in the Cisco sandbox environment;
- It works in parallel with the antivirus solution installed on the terminal device but is powered by Tetra, another antivirus engine, that also includes the retrospective file analysis function.
EMAIL SECURITY
Cisco Email Security Appliance (ESA):
- Detects and blocks real-time threats/malware distributed via email;
- Blocks emails with potentially risky links or block access to newly infected sites;
- Provides protection against spam, anti-virus and phishing attacks, as well as filtering content from email messages;
- Provides an additional file-level scanning solution by integrating with AMP for Endpoints.
ACCESS AND POLICY MANAGEMENT
Cisco Identity Services Engine (ISE):
- Provides network access control for users connected to wired, wireless or remote (VPN) networks;
- Allows authentication of users/devices in accordance with the individual access rights defined by the authorization policies;
- It simplifies the identification of devices connected to the network and their classification according to the supplier, type and model, the tec operating system. (profiling);
- Verifies that the devices connected to the network comply with the compliance policy (defined either in the ISE or in the MDM solution);
- Allows the creation of “Guest” portals or networks for visitors;
- Provides authentication, authorization and accounting (AAA) services to simplify administrators’ access to network equipment.
SECURE REMOTE ACCESS & DNS SECURITY
Secure Mobility Client – Cisco AnyConnect Apex:
- Provides remote access to resources through the company’s internal network;
- Simplifies and enhances the mobile user experience;
- Dynamically adapts to VPN services, depending on the latency requirements of the applications;
- Provides a wide range of endpoint security services, from a single unified agent;
- Access to next-generation encryption technologies through the IKEv2 VPN protocol suite;
- Provides access to Network Visibility Module, to monitor the usage of end applications, if there is an integration with Identity Services Engine.
Domain Name System (DNS) Security – Cisco Umbrella Insights:
- It ensures the protection of mobile users at the DNS level by blocking their access to dangerous web content;
- It blocks the traffic at the level of the web categories;
- Facilitates the application of user-customized security policies by integrating with Active Directory;
- Ensures the visibility of the IP address of the computer that generated the DNS request, by installing Umbrella VM. Moreover, by integrating the VM with Active Directory, the identity of the user connected to the respective station can be established;
- In case of accessing a domain with an uncertain status (neither bad nor safe), it allows traffic through a proxy for real-time scanning – files in transit are checked with Advanced Malware Protection;
- Possibility of storing logs in Amazon Web Services.
MULTI-FACTOR AUTHENTICATION
Adaptive Multi-Factor Authentication – Cisco Duo:
- Provides dual authentication (device and person) for remote connections through AnyConnect VPN and Windows Logon;
- Possibility to add double authentication to client applications.
SECURITY INFORMATION AND EVENT MANAGEMENT
Solutions in the SIEM (Security Information and Event Management) category analyze the activity of various resources in the IT infrastructure: security applications, management systems, network equipment, servers, controllers, etc., collect and aggregate contextual data and, by using analysis algorithms and Machine Learning, identifies trends, detects threats and triggers alerts for further investigation.
Splunk Enterprise Security is a SIEM platform that collects, consolidates and analyzes data from several sources, both in on-premises and cloud infrastructures, facilitating the identification of potential threats. The solution increases the operational efficiency of the teams and / or security departments (Security Operations Center), automating the processes of monitoring, investigation, analysis and response. The SIEM platform reduces the number of false positive alerts, increases reaction speed and provides support for integration with over 240 IT security products.
Splunk User Behavior Analytics (UBA) runs as an add-on over the Splunk Enterprise Security platform and improves the ability of companies to identify threats. The solution automatically detects and signals abnormal behaviors at the user, account, equipment, and application levels. Splunk UBA and uses multiple Machine Learning algorithms with which it detects over 65 predefined sets of anomalies which it then automatically frames into over 25 categories of computer threats.
According to analysis by Gartner and IDC, Splunk Enterprise Security currently ranks first in terms of market share in the SIEM segment. Splunk Enterprise Security has also been listed in the Leaders quarter of the Gartner Magic Quadrant for SIEM for 6 consecutive years.
CROWDSTRIKE
The industry’s most advanced cloud-native solution for protection across endpoints, cloud workloads, identity and data
The solution includes:
- Endpoint and identity security
- Security and IT operations
- Threat intelligence
- Cloud security.
Main benefits:
- Lightweight agent, no user and endpoint impact – less than 1% CPU overhead
- Agile, with simple and rapid deploiment, simple to use
- Provides embedded expertise: expert threat hunters, fully managed protection & remediation, threat intelligence
- Next Generation solution, delivers enterprise security for what is most critical for the next digital wave – endpoint security, cloud security, zero trust.
ILLUSIVE NETWORKS – identity risk management
Illusive Networks delivers an active defense solution to cyberattacks by creating a hostile environment for attackers. This active defense consists of three components: Attack Surface Manager (ASM), Active Detection System (ADS) and Attack Intelligence System (AIS).
ASM, also called Illusive Spotlight, proactively reduces the cyberattack surface by performing continuous and automatic scans and fixes to identify and remove unnecessary information about identities, connections, and pathways from computer systems.
ADS, also called Illusive Shadow, turns existing PCs into a network of deceptions to deterministically detect the attacker’s lateral movement. After reducing the actual attack area with ASM, ADS expands the attack surface visible to the attacker with a series of deceptions that lead to the detection of the attacker at his attempt to access them. Thus, Illusive Shadow makes it almost impossible for an attacker to perform a successful lateral movement without being detected. Unlike other similar technologies that use agents / honeypots, Illusive does not use agents, so it cannot be detected by the attacker. The solution offers three types of deceptions – endpoint, user and file (MsDocx / Excel). When an attacker tries to access any of these types, an alert is generated that allows the isolation and quick fix of the attacked computer system.
AIS provides telemetry data about the activities of the attacker, at the detection of an attack or on demand, in order to fasten the investigation and remediation. The product provides screenshots of the attacker’s real activity, as it takes place, and a timeline of all events and processes involved. Viewing activities on a timeline provides a perspective not only about the activities, but also about the attackers’ intents. The detailed data provided on demand usually reduces the investigation time by 60% – 90%.
Main benefits of the solution:
- Automatically fixes the risks of unauthorized access by removing unnecessary connections and accounts,
- Works both in the cloud and on-premises,
- Does not use agents, it cannot be deactivated, has a very low impact on the performance of the systems it protects,
- It is easy and fast to implement, does not require changing security policies and reconfiguring firewall equipment,
- Integrates with most Endpoint Detection and Response (EDR) solutions, allowing fast response to detected cyberattacks.
CYMULATE
Is a Software as a Service security testing platform that provides continuous security validation by launching comprehensive attack simulations to discover security gaps.
Main benefits:
- Easy to deploy,
- Simple to use, launch with one-click out-of-the-box extensive testing scenarios,
- Provides clear remediation guidance to fix misconfigurations and close security gaps,
- Automates security assurance assessments unique to your environment,
- Provides full kill chain APT attack path visibility and remediation,
- Safe to use in the production environment during business hours,
- Provides security scoring, enabling objective data-driven decision-making,
- Provides immediate, actionable insights, continuously or on-demand for the technical team:
- Where are you most vulnerable?
- What should be your top priority?
- How can you lower your exposure score?
- Provides immediate, actionable insights for the executive team:
- Performance over time,
- Baseline vs. current exposure score (CVSS, NIST),
- Benchmark against others in your industry.
CYBERARK
Is the most complete platform to secure identities – human and machine – from end-to-end.
From anywhere in the world, from any location, users are going to be demanding access to applications and systems located on premises or in the cloud. And it won’t just be human based identities, the drive to automation and digital transformation increases the demands from autonomous systems to get secured access.
The Number of Identities used to access these hugely varying systems has exploded. This brings with it a proliferation of Privileged and Entitlements which will prove a burden to understand and manage. Automated Systems will continue to need secured access without impeding velocity. The challenge adressed by CyberArk is to maintain a unified approach to security and protecting this access.
Without a true perimeter to defend, cyber breaches are inevitable. But damage isn’t. Companies that take a privilege-centric approach to securing identities are in a better position to protect themselves from wide range of attacks.
Main benefits of the solution:
- Prevent Credential Theft: Safeguard all privileged credentials for human and non-human identities.
- Isolate Threats: Adopt a Zero Trust model to prevent attackers’ lateral and vertical movement.
- Enforce Least Privilege: Introduce just-in-time controls, granting temporary access only when needed.
The solution includes:
- Privileged Access Manager: Isolate threats and prevent the compromise of privilege by managing accounts, credentials, and sessions and remediating risky activities.
- Cloud Entitlements Manager: Remediate unused and misconfigured permissions to proactively defend against internal and external threats.
- Endpoint Privilege Manager: Enforce least privilege, control applications, and prevent credential theft on Windows and Mac desktops and Windows servers to contain attacks.
- Multi-Factor Authentication: Validate identities with strong AI powered, risk aware passwordless.
- Vendor Privileged Access Manager: Securely connect remote vendors to your organization with cloud-based, biometric authentication via smart phones.
MOBILE DEVICE MANAGEMENT
Meraki Systems Manager Enterprise:
- Provides centralized management of mobile devices and workstations (Windows and macOS) from a single control point;
- Allows the creation and centralized implementation of compliance settings for mobile devices (password requirements, mandatory security code on the device, blocking access to the room, data limit on SIM cards);
- Integrates the geolocation functions of the devices, for better control;
- Simplifies the installation/uninstallation of mobile applications through a centralized interface;
- It blocks access to different mobile applications, according to the rules in place.
SECURITY INFRASTRUCTURE AS A SERVICE & SECURITY OPERATIONS CENTER
Through the IT infrastructure solutions provided as a service by Datanet (Infrastructure as a Service – “IaaS”), the following objectives are achieved:
–you obtain a set of the latest technological products, used exclusively by your company, integrated within a security architecture that protects your entire computer system, and
–you have access to a team of IT security experts, who provide you with configuration, monitoring and updating of these products.
With these services, your company optimally utilizes a modern, integrated and up-to-date IT security architecture maintained by a team of experts. This goal is achieved at a considerably lower cost than in the case of IT security provided by IT specialists within your company, trained within the available budget and frequently overloaded with papers.
Security Operations Center (SOC) services provided by Soitron
The Security Operations Center (SOC) solution provides your company with IT infrastructure monitoring, IT security monitoring and IT threat information. It is designed to analyze journal events 24 hours/24 hours or 8 hours/day for 5 days/week, depending on your business needs.
Using the security monitoring component, we collect logs from security systems, such as firewalls, IDS / IPS, web security, email security, firewalls for web applications, and access logs from servers.
We receive data on security and infrastructure events, as well as threat information, and our team of IT security experts analyze them. After identifying a relevant security incident, the client receives an email notification of how to fix the security event. Security incident notifications sent to the client contain priority information, incident categorization, analysis, recommendations and technical details.
We provide customers with a response time of:
- 2 hours in severe computer security incidents;
- 1/2 hour to severe IT infrastructure incidents;
- 1 – 31 days for information about cyber threats (new vulnerabilities and relevant security information), depending on their CVSS severity score.
Optionally, we can block attackers if the client requests this service component, by integrating our blocking modules with the products in the client’s IT infrastructure (firewalls/webproxy, etc.).
More details about Datanet Security IaaS and Soitron SOC services can be found on the IT SECURITY INFRASTRUCTURE AS A DATANET SERVICE.
