The increasing risk of of ever more sophisticated attacks coupled with the escalating costs of protecting systems against them is leading companies to turn to Essant to manage their enterprise security. We minimise your exposure to common threats, identify and assess your system and application vulnerabilities, and provide 24/7 monitoring, management, and response – usually at a lower cost than it would take for you to effectively do it yourself.
Essant's Managed Security Services can be thought of as layers of defence, with the individual layers being:
Prevention - Keeps intrusions out
Detection - Identifies when an intrusion has occurred, or is occurring
Response - Takes action against potential intrusion when detected
Essant’s Managed Security Services delivers a Cisco Self Defending Network comprising of the following service components, best practice measures advises that a defense-in-depth strategy is adopted, utilising the collective intelligence of these combined service components, and the wider network infrastructure, tailored to individual customers requirements:
Today's organizations rely on highly available, secure computing environments to efficiently and safely conduct business. Firewalls are a key component of a secure network and must be managed properly to ensure they protect your critical information assets.
Firewalls are configured to allow "good" traffic in and to keep "bad" traffic out. Firewalls are updated continuously to support changing business requirements such as:
➤ New VPN Users ➤ Employee Status Changes | ➤ New Servers & Infrastructure ➤ New & Updated Applications |
Service Overview
Essant's Managed Firewall Service provides 24x7x365 proactive administration of your firewall infrastructure. To achieve consistent firewall availability Essant offers active/passive failover firewall configurations with a hot standby, and active/active load-balanced firewall configurations. Essant's certified security experts will perform all activities necessary to keep these devices operating at peak performance including:
➤ Site Assessments ➤ Configuration & Installation ➤ Comprehensive Reporting | ➤ Policy Design ➤ Monitoring & Management ➤ Emergency Response |
Our experts will monitor your firewall logs for security events in real-time. Firewall logs are an extremely valuable source of security information. By monitoring these logs we can identify malicious activity including previously unknown, zero-day attacks. Your firewall will also be monitored for performance and availability to ensure your business never goes offline.
Service Features
Essant provides monitoring, management and maintenance, as well as access to your firewall logs, policies and performance statistics for viewing 24 hours a day via the Essant Secure Portal. Choose from Standard Service Window (normal working hours) or Extended Service Window (7x24) to provide the most appropriate level of cover for your organisation.
➤ Rule Set Changes ➤ Firewall Upgrades ➤ Patch Management ➤ Backup & Recovery ➤ Performance & Availability Reporting | ➤ Configuration Changes ➤ Customer Dashboard ➤ General Maintenance ➤ 24x7 Security Event Monitoring |
Firewalls are a core component of an organisations security strategy. However, businesses are now developing a “Borderless Network” approach to provide access to mobile employees and to foster collaboration across suppliers, partners and customers. Although firewalls establish a strong perimeter security they are configured to allow certain applications to pass through, it is the vulnerabilities in these applications that attackers now target to compromise the services allowed through firewalls, which are also obviously powerless when dealing with an internal attack. To combat this, an IPS device is placed in a key location, or locations, in the network and analyses the content of individual packets for malicious traffic. However, configuring and initial tuning takes time and expertise to ensure total confidence in the protection provided, without the fear of legitimate traffic being dropped. Ongoing Signature Management requires expert, timely distribution, upgrading and re-tuning of the system sensors to ensure protection is maintained and benign alarms are avoided.
Service Overview
Essant offer both Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) as Managed Services, built around the Cisco Adaptive Security Appliance (ASA) 5500-series platform and the Cisco 4200-series sensors. The IDS provides out-of-band service designed as a forensic tool, it alerts a security analyst of suspicious behavior while the IPS service deploys sensors inline within the network between identified security zones, to mitigate attacks in real time - which service is right for your organisation depends on your specific circumstance and what is to be achieved our Security Consultants can explore this further with you.
The Essant IDS & IPS services compliment firewalls in offering a more granular inspection model than a traditional firewall by inspecting the data within a packet as well as risk rating of the destination to allow a sensor to alert (IDS), or make and instant decision on whether to allow the traffic to pass or not (IPS). Essant configure, deploy and tune sensors, in accordance with your security policy (which we can help you develop and document when required) as part of the Managed Service.
Post deployment Essant provide 24x7 expert monitoring and best-practice IDS/IPS device management, realtime response and escalation of unauthorised activities and security events in accordance with the pre-agreed customer alerting and escalation process. In addition Signature Pack Updates are remotely distributed to devices under management, typically during the agreed weekly Change Management Window, which are then re-tuned with appropriate filters applied to reduce repetitive false-positive alarms following evidence of benign event triggers
Service Features
All IDS/IPS devices are monitored and managed from the Essant Monitoring and Management Centres (EMMC) located in Wakefield and Leeds. The specific connectivity from the management centres to the managed devices is agreed on a per-customer basis, but in most cases a dedicated management VLAN is provisioned at the customer site to facilitate signature and sensor software updates. All communications between the management centres and the customer is secured using IPSec tunnels. The IP addressing for this network is assigned either by Essant or the customer; suitable Network Address Translations (NAT) are applied to the EMMC and customer firewalls to ensure correct working of polling, syslog, traps and alarm notifications.
➤ Security and Network Audit with Security Policy design (where required).
➤ Configure, install, manage, backup and maintain all equipment.
➤ Real-time intrusion monitoring, detection, alerting, blocking, response & escalation.
➤ 24x7 activity and availability monitoring.
➤ Automated signature pack management, distribution, updating and retuning.
➤ Global correlation of vulnerability & attack data to prevent the spread of attacks.
➤ Comprehensive executive, technical and compliance reporting.
➤ Secure online service management via the Essant Secure Portal
Host Intrusion Prevention takes your security defences beyond perimeter security by protecting critical servers from both internal attacks and where external attacks use encryption as an attack technique. This method of host-based intrusion detection and prevention is appropriate for mission critical systems, internet banking and other transactional services that communicate over an encrypted channel. Unless you know and can vouch for every internal employee or contractor who has access to these kind of systems then you are at risk of an internal attack and should consider Host IPS as an integral part of you defence in depth policy.
Essant's Host Intrusion Prevention Service provides an application firewall to ensure that the application is doing only what it is supposed to be doing. When encrypted traffic is received and decrypted by the operating system on the host machine, the Host IPS agent intercepts instructions prior to reaching the application to prevent malicious activity.
The main reason for deploying Essant's Managed Host IPS is because prevention is more effective than detection, more efficient than personal firewall software and less expensive than deploying a post incident response team on a compromised network.
Service Overview
Network Intrusion Prevention is designed to perform “deep packet inspection” on all network traffic to discover hacking attempts. Encrypted attacks that are traversing SSL cannot be inspected by Network based Intrusion Prevention techniques – making Host Intrusion Prevention an additional, recommended layer, in the self defending network environment.
Essant's Managed Host Intrusion Prevention Service leverages the Cisco Security Agent (CSA) to protect servers from attacks on applications, data, and operating systems. The CSA resides between the applications and the operating system, enabling maximum application visibility with minimal impact to the performance of the underlying operating system. The software's unique architecture intercepts all operating system calls to which the CSA applies intelligence to correlate the behaviors of these system calls, based on rules that define inappropriate or unacceptable behaviour for specific, or for all, applications. This correlation and subsequent understanding of an application's behavior is what allows the software to prevent new intrusions.
Essant has wrapped the Cisco Security Agent (CSA) with our leading 24x7 managed services to deliver Host Intrusion Prevention (Host IPS) Services. Host Intrusion Prevention is complex and difficult to configure, and it can cripple the applications on the host server when implemented incorrectly. Essant provides Host IPS as a service so that our skilled security team can define policies, configure rules, monitor your environment and tune the system to protect your critical assets. Threats are prevented in real-time and then evaluated by a security analyst as needed for escalation or policy tuning.
Service Features
➤ Customised security policy design, tuning and enforcement
➤ 24x7 Monitoring, Response and Customized Escalation: Helps ensure prevention and blocking of attacks
➤ Immediate response to prevent hacker attacks directed at your protected servers
➤ Real time, behaviour-based attack blocking
➤ Elimination of known and unknown, day zero, attacks
➤ Immediate updates as new attacks are identified
➤ In-depth 24x7 logging and reporting on attempted intrusions
➤ Protection against attacks that bypass perimeter security
Viruses, worms, and hackers continue to attack networks and disrupt business. While file-based viruses spread when users open infected e-mail attachments, many of the more serious worms and network viruses self-launch through operating system vulnerabilities. These are introduced by users who access the network with devices that have outdated patches or system vulnerabilities. With the growing numbers of mobile users, extranet partners and remote offices it is getting increasingly difficult to answer the question "Who is on my network?" Enforcing Security policies at the point of network login is a way to ensure that these devices, regardless of origin, type or ownership do not compromise network security, without this ability business productivity, network resilience, confidential information, and other corporate assets are at risk.
Network Access Control (NAC) is a solution that uses the network infrastructure to posture check clients before they are connected to the network. This allows checks for the presence of Anti Virus engines and up-to-date antivirus signatures. In addition, it can check for Critical OS updates, the presence of spyware and perform vulnerability analysis against any connecting device. As well as conducting posture assessment against a client, NAC also has an inbuilt mechanism for remediating clients. As a consequence, only devices that fit an approved security posture are allowed to join the network.
In addition to posture assessment and remediation NAC delivers role-base access controls where users can be dynamically assigned to VLAN's according to the users profile, job function and security posture. This allows an organisation to separate users based on their role, and ensures that security controls can be assigned to users without causing end-to-end performance degradation.
Service Overview
Essant's Managed NAC Service starts with a Security Policy review, we can also assist in defining and writing these policies if needed, because without them a successful NAC implementation is practically impossible. The Cisco NAC Appliance is installed on the customers network and is managed by Essant from the EMMC, providing a 100% out of band service which ensures there are no bottlenecks or degradation, in addition the Cisco NAC profiler identifies ports that are connecting to printers, IP phones, scanners and other dumb devices and ensures that these ports cannot be re-used to connect clients to the infrastructure, so bypassing posture assessment and security control.
Once deployed Essant's Managed NAC Service will:
➤ Discover, scan and authenticate users prior to granting network access.
➤ Quarantine infected devices attempting to spread malware, viruses, worms etc. before they connect to the network
➤ Redirect out of policy devices to a remediation zone where they can download updated files.
➤ Provide Single Sign On for VPN Clients, Wireless Clients and Active Directory Domains.
➤ Update security policies automatically in relation to critical operating system updates.
The service can operate in both a Cisco and non-Cisco environment, however the highest levels of functionality are experienced when using Cisco IOS switches for wired and wireless environments. As well as covering the Cisco NAC Appliance the service extends to the recently introduced NM module installed in the Cisco ISR platform, enabling NAC functions to be delivered to branch offices in a fully integrated solution.
Service Features
Essant's Managed NAC service alleviates the worry of threats, viruses and hackers while monitoring and ensuring compliancy of all connected devices. The managed service, which is powered by the Cisco NAC Appliance, provides tailored security policies with associated enforcement when violation occurs for organisations from 10 to 10,000 users across all types of networks and organisations.
➤ Security and network audit with security policy design and documentation (where required).
➤ Configure, install, manage, backup and maintain all equipment.
➤ NAC Guest server to provide secure, flexible access to authorised network guests (optional).
➤ Security policy changes, management with automated updates.
➤ Secure online service management via the Essant Secure Portal.
➤ 24x7 monitoring and proactive management.
➤ Monthly statistics and reporting.
As networks are gradually turning into more intricate and accessible infrastructures, the threat environment is changing dramatically. New security risks are discovered every day in commonly used applications, operating systems and network components. These are exploited by hackers and criminals to carry out attacks. With the increased dependency on information technology, the consequences of attacks are becoming increasingly severe. The victims are suffering from losses related to interruption in business, bad publicity and exposure of confidential information.
Organisations are forced to continuously maintain the protection of their networks. Traditionally, this has been accomplished by creating barriers against attacks by investing in reactive security tools such as firewalls, anti-virus tools and intrusion detection systems. In today’s environment these reactive mechanisms simply are not enough. Instead of waiting for attacks to occur, there is a need to take a proactive approach. Only by using proactive security tools that continuously identify security risks is it possible to effectively manage and reduce the risk exposure.
Legislation and compliance with security requirements are also becoming more demanding. The PCI (Payment Card Industry) security standards, Gramm Leach-Bliley act, HIPAA, Sarbanes-Oxley, among others all include requirements for regular testing of network security.
Service Overview
Essant provides an easy to deploy and user friendly solution to continuously assess your risk exposure. Using our automated services is like having a highly skilled security team constantly probing your network to discover vulnerabilities. Identified vulnerabilities are rated and reported together with the recommended remedy. The process of correcting identified vulnerabilities is supported by workflow tools for delegating remediation tasks to appropriate administrators. The results can also be compared over time, to monitor trends in risk exposure.
In contrast to manual penetration testing, automated vulnerability scanning is typically performed very frequently. This is important as new vulnerabilities are discovered much earlier and your risk exposure is minimised.
Essant’s extensive vulnerability database is updated on a daily basis. Other advantages of using our services include:
➤ Proprietary technology – All services delivered by Essant are based upon our leading core vulnerability scanning technology.
➤ 24/7 technical support – Unlimited phone and e-mail support provided by security experts.
➤ Ease-of-use yet flexibility – An easy-to-use web interface. By using the standard configuration you are quickly up and running, whereas more advanced features can be used on demand.
➤ Cross platform support – All commonly used operating systems, applications and network types can be successfully assessed.
➤ Maintains network availability – Several mechanisms to minimize possible network interruptions are implemented and the user can schedule the scans with respect to individual requirements.
➤ Alignment with standards – Vulnerability information is aligned with the CVE (Common Vulnerability and Exposures) standard for Information Security Vulnerability Names.
➤ Best value for money – Competitive pricing and reduced burden on your own organization.
Service Features
Essant's ‘Sentry Scan’ service offers two products within this field:
xSCAN – Perimeter Vulnerability Assessment
As a Software as a Service (SaaS) solution, xSCAN is immediately deployed and requires no installation or maintenance. xSCAN scans your perimeter which consists of the same Internet facing devices that hackers target. We help you to detect vulnerabilities and manage remediation to prevent hackers from penetrating your network from the outside. Delivered as an on-demand SaaS, the solution is seamlessly scalable to fit your needs at all times.
iSCAN – Internal Vulnerability Assessment
The majority of security breaches are caused by people that already have access to the internal network. In other words, people you trust or used to trust pose a potential threat to the very foundation of your network security if you do not take proper precautions. At the same time, most of the security measures and devices found in today's organizations are reactive and concentrating mainly on attacks from the outside.
Being placed inside the network, iSCAN is able to take a wider approach than xSCAN. Vulnerabilities can be successfully identified and managed on all servers, workstations and other devices that are available from within the network. The sensitive vulnerability information
discovered by iSCAN never leaves your internal network, but is securely stored on the iSCAN appliance.
iSCAN is delivered as a pre-installed rack-mounted standard server.
Both solutions can be used independently, but together will provide you with a complete assessment of your network.
Essant provides industry leading 24x7 security event and traffic flow monitoring to isolate truly malicious activity and provide prioritised response. You benefit from security events detected across the Essant and Cisco customer base and the wider professional security community.
Our team of trained and certified engineers focus solely on the protection and security of your critical network assets, allowing you to outsource complex network security operations and retain focus on your core-competencies, while reducing the cost and risk of retaining specialised staff.
Essant’s Managed Security infrastructure resides in our world class hosting Data Centres, and is resilient in its design. This ensures continuous availability and operation while providing you with reliable services at predictable operational cost.
You can open trouble tickets, view real-time security dashboard and historic reports, implement Moves, Adds & Changes (MACs) and monitor the performance of your Managed Security Service.
