In order to successfully manage the risks of cybersecurity today, organizations must look at their security model as a whole and ensure visibility and control for the entire duration of a cyber attack: before the attack occurs, during the attack, after it starts damaging IT systems or stealing information, as well as blocking the attack, investigating events and applying measures to prevent a recurrence. It is also necessary for the security model to cover the entire organization’s data network, terminal equipment, mobile devices, data centers, virtual environments, and Cloud applications.
Adopting an IT security architecture provides you with advanced protection against the security threats of the entire IT system and involves the cooperation of security systems in all stages of computer attacks.
Datanet’s Systems experience in information security
Datanet Systems is a Cisco Gold Certified Partner, and its team of security experts designs and implements complete security architectures for medium and large companies and for public sector organizations, adapting these solutions to organizations’ requirements, goals and budgets.
Our extensive security and integration capabilities for complex IT infrastructures allow us to provide turn-key, pre-tested and integrated solutions into coherent security architectures.
Also, for organizations that need an integrated quality system to manage security risks but have limited resources from internal technical expertise, Datanet Systems provides IT security infrastructure as a service and Security Operations Center (SOC) services.
Benefits of Datanet Systems products and services
The benefits of Datanet Systems products and services in the field of information security are dealt with in the following pages:
- F5 SSL Orchestrator and CISCO Firepower Secure Encrypted Traffic
- Endpoint security, the weak link in organizational protection
- Could you detect hidden threats in encrypted traffic?
- 5 Solutions for the Security Infrastructure Automation
- 3 reasons to improve users’ access to your organization
- Changes Brought by the new General Data Protection Regulation
- Experience and automation, advantages in information security
- How do you get rid of data center „zombie” servers?
- Security breaches take 15 months to be discovered
- Vulnerabilities in Internet-connected equipment
- Why does it take 3 months to detect Cyber-attacks?
Datanet Systems partners: Cisco, Juniper Networks, F5, Fortinet, Symantec, FireEye, Gemalto, RSA/EMC.
Datanet’s information security portfolio
NEXT-GENERATION FIREWALL & IPS
- Provides advanced protection against computer vulnerabilities and breaches;
- Allows the creation of security zones and access policies between areas;
- Offers monitoring, analysis and blocking of traffic at application level (Facebook, WhatsApp, Twitter) and categories of domains (social media, gambling, drugs, etc.);
- Facilitates the automatic application of security policies throughout the organization;
- Allows integration with Active Directory to link security policies with defined user categories.
- Conducts real-time traffic inspection and blocks it when an IPS signature that signals a known threat is detected ;
- Benefits from constant updates of the IPS signature base to stop the most recently launched attacks;
- Provides real-time recommendations based on existing network traffic for the IPS inspection algorithm to dynamically adapt to existing infrastructure.
WEB APPLICATION FIREWALL
- Protects organizations against attempts to steal accounts and login passwords;
- Provides protection against software robots that attempt to gain unauthorized access by automatically filling in the fields on web pages with bogus login data;
- Dynamically encrypts connection data;
- Automatically blocks DoS (Denial of Service) attacks at levels 3, 4, and 7, analyzing traffic profiles generated by Web applications.
ADVANCED MALWARE PROTECTION
- Performs a continuous analysis of the files that enter the network with advanced traceability capabilities (also presenting retrospective analyzes);
- Provides file and archive protection, with the possibility of analyzing them in the Cisco sandbox environment;
- Dynamically scans all executable files.
- Identifies malware files/code and blocks them before infection;
- Integrates anti-malware functionality to inspect files on devices running Windows, Linux, Android and iOS;
- In case of “Zero-Day” attacks, it offers the possibility to send files for inspection in the Cisco sandbox environment;
- It works in parallel with the antivirus solution installed on the terminal device but is powered by Tetra, another antivirus engine, that also includes the retrospective file analysis function.
- Detects and blocks real-time threats/malware distributed via email;
- Blocks emails with potentially risky links or block access to newly infected sites;
- Provides protection against spam, anti-virus and phishing attacks, as well as filtering content from email messages;
- Provides an additional file-level scanning solution by integrating with AMP for Endpoints.
ACCESS AND POLICY MANAGEMENT
- Provides network access control for users connected to wired, wireless or remote (VPN) networks;
- Allows authentication of users/devices in accordance with the individual access rights defined by the authorization policies;
- It simplifies the identification of devices connected to the network and their classification according to the supplier, type and model, the tec operating system. (profiling);
- Verifies that the devices connected to the network comply with the compliance policy (defined either in the ISE or in the MDM solution);
- Allows the creation of “Guest” portals or networks for visitors;
- Provides authentication, authorization and accounting (AAA) services to simplify administrators’ access to network equipment.
SECURE REMOTE ACCESS & DNS SECURITY
Secure Mobility Client – Cisco AnyConnect Apex:
- Provides remote access to resources through the company’s internal network;
- Simplifies and enhances the mobile user experience;
- Dynamically adapts to VPN services, depending on the latency requirements of the applications;
- Provides a wide range of endpoint security services, from a single unified agent;
- Access to next-generation encryption technologies through the IKEv2 VPN protocol suite;
- Provides access to Network Visibility Module, to monitor the usage of end applications, if there is an integration with Identity Services Engine.
Domain Name System (DNS) Security – Cisco Umbrella Insights:
- It ensures the protection of mobile users at the DNS level by blocking their access to dangerous web content;
- It blocks the traffic at the level of the web categories;
- Facilitates the application of user-customized security policies by integrating with Active Directory;
- Ensures the visibility of the IP address of the computer that generated the DNS request, by installing Umbrella VM. Moreover, by integrating the VM with Active Directory, the identity of the user connected to the respective station can be established;
- In case of accessing a domain with an uncertain status (neither bad nor safe), it allows traffic through a proxy for real-time scanning – files in transit are checked with Advanced Malware Protection;
- Possibility of storing logs in Amazon Web Services.
Adaptive Multi-Factor Authentication – Cisco Duo:
- Provides dual authentication (device and person) for remote connections through AnyConnect VPN and Windows Logon;
- Possibility to add double authentication to client applications.
SECURITY INFORMATION AND EVENT ANALYSIS
- Provides log storage, correlation and normalization capabilities;
- Alerts the personnel responsible for IT security incidents;
- It reacts automatically when events occur.
MOBILE DEVICE MANAGEMENT
- Provides centralized management of mobile devices and workstations (Windows and macOS) from a single control point;
- Allows the creation and centralized implementation of compliance settings for mobile devices (password requirements, mandatory security code on the device, blocking access to the room, data limit on SIM cards);
- Integrates the geolocation functions of the devices, for better control;
- Simplifies the installation/uninstallation of mobile applications through a centralized interface;
- It blocks access to different mobile applications, according to the rules in place.
SECURITY INFRASTRUCTURE AS A SERVICE & SECURITY OPERATIONS CENTER
Through the IT infrastructure solutions provided as a service by Datanet (Infrastructure as a Service – “IaaS”), the following objectives are achieved:
–you obtain a set of the latest technological products, used exclusively by your company, integrated within a security architecture that protects your entire computer system, and
–you have access to a team of IT security experts, who provide you with configuration, monitoring and updating of these products.
With these services, your company optimally utilizes a modern, integrated and up-to-date IT security architecture maintained by a team of experts. This goal is achieved at a considerably lower cost than in the case of IT security provided by IT specialists within your company, trained within the available budget and frequently overloaded with papers.
Security Operations Center (SOC) services provided by Soitron
The Security Operations Center (SOC) solution provides your company with IT infrastructure monitoring, IT security monitoring and IT threat information. It is designed to analyze journal events 24 hours/24 hours or 8 hours/day for 5 days/week, depending on your business needs.
Using the security monitoring component, we collect logs from security systems, such as firewalls, IDS / IPS, web security, email security, firewalls for web applications, and access logs from servers.
We receive data on security and infrastructure events, as well as threat information, and our team of IT security experts analyze them. After identifying a relevant security incident, the client receives an email notification of how to fix the security event. Security incident notifications sent to the client contain priority information, incident categorization, analysis, recommendations and technical details.
We provide customers with a response time of:
- 2 hours in severe computer security incidents;
- 1/2 hour to severe IT infrastructure incidents;
- 1 – 31 days for information about cyber threats (new vulnerabilities and relevant security information), depending on their CVSS severity score.
Optionally, we can block attackers if the client requests this service component, by integrating our blocking modules with the products in the client’s IT infrastructure (firewalls/webproxy, etc.).
More details about Datanet Security IaaS and Soitron SOC services can be found on the IT SECURITY INFRASTRUCTURE AS A DATANET SERVICE.