Protect data and identities wherever they reside-in the cloud, on-premise, or in transit. The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
The frequency, complexity, sophistication, and impact of threats have increased dramatically. The cost of failure continues to grow in new ways. Our integrated approach discovers, classifies, and secures sensitive data, keeping it safe—at rest and in motion—across network, storage, mobile, and other endpoint systems.
Our offering over secure cloud access and flexible authentication provide secure identity and access control, and single sign-on “as a service” for users of cloud apps on any device, as well as realtime protection for online identities and interactions between consumers, business partners, and employees and devices.
We help secure the evolving endpoint that requires prioritizing productivity and user experience, separating personal and business personas, and providing protection for the data, apps, and devices in all modern business mobility strategies. To enhance security, we manage the endpoint with leading deployment, patching, and monitoring.
The data centre security solutions automate security, compliance, and infrastructure hardening across physical and virtual platforms, and across on-premise, private, and hybrid clouds. We help customer success with our cyber security service portfolio of managed security, incident response, threat adversary intelligence, and threat analysis simulation training services.
We can help block, detect, remediate attacks, and protect information better than anyone else.
Protect against the most complex cyber threats across your endpoints, email, and data centres, leveraging one of the world’s largest civilian threat intelligence network.
Attackers are exploiting vulnerabilities more rapidly than companies can defend against them. Today’s hackers build evasive malware to infiltrate networks and servers, and then hijack a company’s own infrastructure to infect more machines. They use stolen email accounts from one corporate victim to spear phish the next corporate victim. And they have the resources and skill to carry out their attack campaigns over a period of months—or even years.
While advanced targeted attacks may grab the headlines, non-targeted attacks still make up the majority of malware. As the security landscape grows, threat intelligence is vital in helping organisations discover old and new threats.
Denial of Service
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.There are two general forms of DoS attacks: those that crash services and those that flood services.
The most serious attacks are distributed and in many or most cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address.A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.If an attacker mounts an attack from a single host it would be classified as a DoS attack. In fact, any attack against availability would be classed as a denial-of-service attack. On the other hand, if an attacker uses many systems to simultaneously launch attacks against a remote host, this would be classified as a DDoS attack.
Various Techniques used by attackers
Use Network Traffic Analysis techniques to establish baselines of normal traffic patterns, (for example anomalous DNS traffic could indicate botnet traffic) and highlight anomalous patterns that represent a compromised environment. This approach offers real-time detection and can include both non-signature and signature-based techniques, and endpoint agents aren’t required
Network Forensics typically provide “full-packet capture and storage of network traffic” as well as analytics and reporting tools for incident response of advanced threats. The advantages they bring include reducing incident response time and they can reconstruct and replay flows and events over days or weeks, along with sometimes offering detailed reports to meet regulatory requirements.
Payload Analysis can use a sandbox technique to detect targeted attacks on a near-real-time basis.
Endpoint Behavior Analysis is based on the idea of “application containment" to protect endpoints by isolating applications and files in virtual containers.
Endpoint Forensics involves tools for incident response teams. These endpoint agents collect data from hosts they monitor. They can help automate incident response and monitor hosts on and off corporate networks.
Data Loss Prevention
Data Loss Prevention is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry. The terms “data loss” and “data leak” are closely related and are often used interchangeably, though they are somewhat different. Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by unauthorized party.
Variants of DLP System
Network DLP solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies. Endpoint DLP systems run on end-user workstations or servers in the organisation. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users (e.g. ‘Chinese walls’). They can also control email and Instant Messaging communications before they are stored in the corporate archive, such that a blocked communication (i.e., one that was never sent, and therefore not subject to retention rules) will not be identified in a subsequent legal discovery situation. Endpoint systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities) and in some cases can access information before it has been encrypted. Some endpoint-based systems can also provide application controls to block attempted transmissions of confidential information, and provide immediate feedback to the user.
It is a process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. Integration with Data Loss Prevention automatically encrypts sensitive data being moved onto removable media devices or residing in emails and files.
Endpoint management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. Endpoints can include PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals. It helps you drive down IT costs, improve efficiencies with comprehensive configuration management, take control and automate your IT infrastructure, and much more.
Encrypted Traffic Management
SSL encryption is crucial to protecting data in transit during web transactions, email communications and the use of mobile apps. Data encrypted with this common method can sometimes pass uninspected through almost all the components of your security framework, both inbound and outbound. As such, SSL encryption has become a ubiquitous tool for the enemy to hide sensitive data transfers and to obfuscate their command and control communications.
Now companies are accepting even more encrypted traffic as they shift toward greater use of cloud services. This means malware will find more innovative ways to take advantage of this common form of transport encryption. With the good guys and bad guys both using encryption, making malicious traffic visible through decryption—and inspecting it—becomes essential. The decryption must be conducted in a way that doesn’t interfere with legitimate network traffic, while working with other security systems for optimum accuracy and performance. Then, the traffic must be re-encrypted before sending it on to its destination to protect sensitive information that might be caught up in the packets being decrypted.
Advanced Persistent Threats
An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. APT usually targets organisations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The “persistent” process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The “threat” process indicates human involvement in orchestrating the attack Research firm Gartner says IT can protect the enterprise against targeted attacks in five basic ways, and recommends combining at least two of them together for best effect.
Gartner’s report, “Five Styles of Advanced Threat Defense” defines technical “styles” that are ways to tackle the threat of stealthy attacks, sometimes called advanced persistent threats, beyond simply using traditional security, such as anti-virus or firewalls. According to Gartner, it’s central to first think about the timeframe of an attack aimed at stealing critical data. There are real-time (or near-time defenses) that can be put in place. But other tools should be considered “postcompromise” when an attack has unfortunately been successful and there’s a need for forensics.
Get in touch with our security specialists for a free assessment today.