Network Security
Today's network-based business operations require an integrated security approach to ensure the business is protected, meets regulatory compliance, and mitigates against data leakage.
Essant’s holistic approach to Network Security ensures that all points on the network are secure providing visibility and control by enforcing business policies and protecting critical assets.
Essant’s Network Security Solutions include:
Perimeter Security:
The perimeter is classed as the most high risk zone on your network. This is the demarcation point between the inside and the outside, the known and the unknown. It is therefore imperative that the front line of your network is protected with devices that restrict the flow of information in and out of your organisation against your strict security policies. As networks have evolved, more types of external connections have materialized. These range from public internet connections, Site-to-Site VPN’s, Remote Access VPNs and corporate extranets.
The main device used on the perimeter is the Firewall, which could be managed by Essant, which provides connectivity different security zones, the inside and the outside, and restricts what can flow between each zone based upon a predefined and configured security policy. This security policy is implemented as a set of rules that are applied to the Firewall, which in the case of the Essant Managed Firewall are configured and deployed by Essant who also ensure the availability and integrity of the device along with changes and updates.
Intrusion Prevention Sensors compliment firewalls in offering a more granular inspection model than a traditional firewall by inspecting the data within a packet as well as risk rating of the destination to allow the sensor to make an instant decision on whether to allow the traffic to pass or not. This gives you visibility of what is happening on your network allowing any activity, whether internal or external, that is abusing rights of access to be dealt with. The Essant Intrusion Prevention Service (IPS) can be configured as part of the Essant Managed Firewall providing alerts and logs that are reported on against the pre-agreed customer escalation process.
Internal Security
Internal security, at its simplest, is everything behind the perimeter. This can be the Local Area Network (LAN) any Demilitarized Zones, and any other networks - such as Wireless networks.
It is not unusual for organisations to have a flat network on the inside, normally due to organic growth rather than planned design, with every network device connected to the same network where all clients can access all services throughout the network. It is important to segment these networks into Security Zones each with a common trust model. It is easy to start by creating a separate Security Zone for your users and your servers and then take this further by having different security zones within server Zones for servers with different trust models.
Essant design, deploy and manage devices to create this Security Zoned Network Solution. Firewalls are used between Security Zones as well as Intrusion Prevention. Intrusion Detection is used across networks with multiple segments to pick up on any local segment malicious traffic. Network Admission Control (NAC) is implemented on user network segments to ensure that users are connected to the network only when they meet the corporate policy. All of this is wrapped up with regular scheduled internal Vulnerability Scans to ensure that there are no known vulnerabilities on the internal network.
Wireless Security
Although strictly speaking part of Internal Security because many organisations are extremely cautious about a wireless approach, due to concerns over security, it warrants special attention. Essant provide a complete solution for securing wireless access for employees and guests, so you can benefit from the freedom, flexibility and corresponding productivity gains that access to network resources from anywhere in the organisation can provide.
A wireless network is a great business enabler and recent advances in technology mean that wireless networks are not only approaching the speeds of conventional wired networks but they can also can be secured to the same standard as your wired infrastructure. Essant is an Advanced Wireless Specialist and we fully understand the risks of deploying a wireless network and how to ensure that it remains protected. Our team of wireless professionals can help you to:
Essant’s holistic approach to Network Security ensures that all points on the network are secure providing visibility and control by enforcing business policies and protecting critical assets.
Essant’s Network Security Solutions include:
Perimeter Security:
The perimeter is classed as the most high risk zone on your network. This is the demarcation point between the inside and the outside, the known and the unknown. It is therefore imperative that the front line of your network is protected with devices that restrict the flow of information in and out of your organisation against your strict security policies. As networks have evolved, more types of external connections have materialized. These range from public internet connections, Site-to-Site VPN’s, Remote Access VPNs and corporate extranets.
The main device used on the perimeter is the Firewall, which could be managed by Essant, which provides connectivity different security zones, the inside and the outside, and restricts what can flow between each zone based upon a predefined and configured security policy. This security policy is implemented as a set of rules that are applied to the Firewall, which in the case of the Essant Managed Firewall are configured and deployed by Essant who also ensure the availability and integrity of the device along with changes and updates.
Intrusion Prevention Sensors compliment firewalls in offering a more granular inspection model than a traditional firewall by inspecting the data within a packet as well as risk rating of the destination to allow the sensor to make an instant decision on whether to allow the traffic to pass or not. This gives you visibility of what is happening on your network allowing any activity, whether internal or external, that is abusing rights of access to be dealt with. The Essant Intrusion Prevention Service (IPS) can be configured as part of the Essant Managed Firewall providing alerts and logs that are reported on against the pre-agreed customer escalation process.
Internal Security
Internal security, at its simplest, is everything behind the perimeter. This can be the Local Area Network (LAN) any Demilitarized Zones, and any other networks - such as Wireless networks.
It is not unusual for organisations to have a flat network on the inside, normally due to organic growth rather than planned design, with every network device connected to the same network where all clients can access all services throughout the network. It is important to segment these networks into Security Zones each with a common trust model. It is easy to start by creating a separate Security Zone for your users and your servers and then take this further by having different security zones within server Zones for servers with different trust models.
Essant design, deploy and manage devices to create this Security Zoned Network Solution. Firewalls are used between Security Zones as well as Intrusion Prevention. Intrusion Detection is used across networks with multiple segments to pick up on any local segment malicious traffic. Network Admission Control (NAC) is implemented on user network segments to ensure that users are connected to the network only when they meet the corporate policy. All of this is wrapped up with regular scheduled internal Vulnerability Scans to ensure that there are no known vulnerabilities on the internal network.
Wireless Security
Although strictly speaking part of Internal Security because many organisations are extremely cautious about a wireless approach, due to concerns over security, it warrants special attention. Essant provide a complete solution for securing wireless access for employees and guests, so you can benefit from the freedom, flexibility and corresponding productivity gains that access to network resources from anywhere in the organisation can provide.
A wireless network is a great business enabler and recent advances in technology mean that wireless networks are not only approaching the speeds of conventional wired networks but they can also can be secured to the same standard as your wired infrastructure. Essant is an Advanced Wireless Specialist and we fully understand the risks of deploying a wireless network and how to ensure that it remains protected. Our team of wireless professionals can help you to:
- Survey and Plan your wireless network.
- Build & maintain a common wireless security policy
- Establish a secure wireless perimeter
- Deploy centralised management to authenticate and monitor access
- Automate policy management and control of guest wireless access
Secure Remote Access
A Remote Access Virtual Private Network (VPN) provides an organisations staff with the access to corporate resources from outside the corporate LAN. When the user connects to the VPN, their machine becomes a part of the corporate network with all services available to them, as if they were at their office desk.
Technically there are two ways to achieve this:
1. The Remote Access IPsec VPN utilises the IPsec protocol and works by installing a VPN client on the end users machines that connects to the VPN device and authenticates the user. he advantage of an IPsec VPN is that the remote user experience is more in tune to that f the office user and networked applications are better supported.
2. A Secure Socket Layer (SSL) VPN utilises a web browser as its client. The user browses to a web page and then authenticates to be able to access web based applications on the inside of the corporate LAN. SSL VPNs benefit from an ease of deployment and also work great with web-based applications.
When configuring any type of VPN, you have to open up access to some corporate resources from the public internet. Therefore implementing this type of technology brings with it risks as well as productivity gains.
Essant offers a Managed Remote Access Service which includes the design, implementation and management of the individual devices that make up the solution taking care of operational and security related updates as well as ensuring solution availability at all times and protection from all known threats.
Technically there are two ways to achieve this:
1. The Remote Access IPsec VPN utilises the IPsec protocol and works by installing a VPN client on the end users machines that connects to the VPN device and authenticates the user. he advantage of an IPsec VPN is that the remote user experience is more in tune to that f the office user and networked applications are better supported.
2. A Secure Socket Layer (SSL) VPN utilises a web browser as its client. The user browses to a web page and then authenticates to be able to access web based applications on the inside of the corporate LAN. SSL VPNs benefit from an ease of deployment and also work great with web-based applications.
When configuring any type of VPN, you have to open up access to some corporate resources from the public internet. Therefore implementing this type of technology brings with it risks as well as productivity gains.
Essant offers a Managed Remote Access Service which includes the design, implementation and management of the individual devices that make up the solution taking care of operational and security related updates as well as ensuring solution availability at all times and protection from all known threats.
Data Loss Prevention
Work environments are changing dramatically. Organisations have moved from a centralised model to one that is based on distributed sites and a remote workforce, and employees can work anywhere and any time with today's collaboration tools and devices.
Unfortunately, with increased mobility, new communication channels, and diverse services, the risk to proprietary information increases. Essant's Data Loss Prevention (DLP) Solutions provides a comprehensive strategy for preventing confidential and private data loss, including:
Whether it’s email, instant messaging, webmail, a form on a website, or file transfer, electronic communications exiting the company still go largely uncontrolled and unmonitored on their way to their destinations – with the ever-present potential for confidential information to fall into the wrong hands. Should sensitive information be exposed, it can wreak havoc on the organisation’s bottom line through fines, bad publicity, loss of strategic customers, loss of competitive intelligence and legal action. All avenues of electronic communication need to be policed to prevent intellectual property, financial information, patient information, personal credit card data, and a variety of sensitive information (depending on the business and the industry) from falling into the wrong hands.
Across all key protocols Essant can provide, a high-performance, intelligent DLP solution that is a must-have for today’s organisations.
Unfortunately, with increased mobility, new communication channels, and diverse services, the risk to proprietary information increases. Essant's Data Loss Prevention (DLP) Solutions provides a comprehensive strategy for preventing confidential and private data loss, including:
- Enforcing content policies to prevent critical data loss at high-risk points
- Encrypting backup tapes or storage devices
- Securing data from other avenues of risk, such as unauthorised physical or network access, malware, or end-user actions
- Recommended practices for preventing data loss, which incorporate people, process, and technology
Whether it’s email, instant messaging, webmail, a form on a website, or file transfer, electronic communications exiting the company still go largely uncontrolled and unmonitored on their way to their destinations – with the ever-present potential for confidential information to fall into the wrong hands. Should sensitive information be exposed, it can wreak havoc on the organisation’s bottom line through fines, bad publicity, loss of strategic customers, loss of competitive intelligence and legal action. All avenues of electronic communication need to be policed to prevent intellectual property, financial information, patient information, personal credit card data, and a variety of sensitive information (depending on the business and the industry) from falling into the wrong hands.
Across all key protocols Essant can provide, a high-performance, intelligent DLP solution that is a must-have for today’s organisations.
Security Policy Compliance
The Internet has generated tremendous technology advancements for organisations, resulting in improved business efficiencies and productivity gains. Security threats such as viruses and remote attacks have kept pace with the growing adoption of Internet-related technologies. A recent trend is the shift to financially motivated attacks and exploits: The 2008 CSI Computer Crime and Security Survey shows that the most expensive computer security incidents were those involving financial fraud.
Increased collaboration and globalisation introduce further security challenges. Mobile users bring their laptops and handheld devices in and out of the office. Remote-access users connect from their homes and from public locations. Business outsourcing requires direct partner access into the internal network. Onsite visitors, vendors, and contractors may need access to the internal network to accomplish their work. Even “in-the-office” workers are subject to threats coming through Internet access, e-mail use, instant messaging, and peer-to-peer (P2P) activities. Web 2.0 applications, social networking technology, and cloud computing all increase the likelihood that sensitive data may no longer reside on a typical company-owned data server only. Traditional security products designed to protect closed environments with well-defined security boundaries are not effective in the new business environment.
Most IT and security departments also face budgetary and personnel resource constraints. Adding to the challenge are the growing complexity and sophistication of new security threats, diverse user communities, mixed infrastructures, and, often, less-than-efficient operations. Organisations must streamline work processes, improve operational efficiency, and reduce security incidents and financial losses to remain competitive.
Enforce your organisation's security policies on all devices seeking network access by deploying Network Admission Control (NAC), this allows only compliant and trusted endpoint devices, such as PCs, servers, and PDAs, onto the network, restricting the access of noncompliant devices, and thereby limiting the potential damage from emerging security threats and risks. NAC gives organisations a powerful, roles-based method of preventing unauthorised access and improving network resiliency. Discover more about Essant's Managed NAC services here.
Increased collaboration and globalisation introduce further security challenges. Mobile users bring their laptops and handheld devices in and out of the office. Remote-access users connect from their homes and from public locations. Business outsourcing requires direct partner access into the internal network. Onsite visitors, vendors, and contractors may need access to the internal network to accomplish their work. Even “in-the-office” workers are subject to threats coming through Internet access, e-mail use, instant messaging, and peer-to-peer (P2P) activities. Web 2.0 applications, social networking technology, and cloud computing all increase the likelihood that sensitive data may no longer reside on a typical company-owned data server only. Traditional security products designed to protect closed environments with well-defined security boundaries are not effective in the new business environment.
Most IT and security departments also face budgetary and personnel resource constraints. Adding to the challenge are the growing complexity and sophistication of new security threats, diverse user communities, mixed infrastructures, and, often, less-than-efficient operations. Organisations must streamline work processes, improve operational efficiency, and reduce security incidents and financial losses to remain competitive.
Enforce your organisation's security policies on all devices seeking network access by deploying Network Admission Control (NAC), this allows only compliant and trusted endpoint devices, such as PCs, servers, and PDAs, onto the network, restricting the access of noncompliant devices, and thereby limiting the potential damage from emerging security threats and risks. NAC gives organisations a powerful, roles-based method of preventing unauthorised access and improving network resiliency. Discover more about Essant's Managed NAC services here.