External Security

Firewall On-Demand™ - Enterprise:
This program is based on offering security management services to an enterprise size or technologically complex and sophisticated computing environment.  Packaged offerings include Bronze, Silver, Gold, and Platinum levels which provide different packaged support levels, services features, and Service Level Agreements (SLAs).

Hardware Platforms – We support most enterprise class firewall vendors including Check Point, Cisco, Juniper/Netscreen, and Secure Computing.  Other vendors may be supported, depending on client requirements.

Firewall On-Demand™ - Small Office:
This program delivers robust security monitoring, maintenance, and management capabilities for small offices, usually for between 3 and 50 users.  Three different service levels that include Basic, Enhanced, and Premium packages offer bundled security services integrated into the firewall that include gateway anti-virus, web content filtering, Intrusion Detection, anti-spam, VPN, and more. 

Hardware Platforms - By providing a Unified Threat Management (UTM) based firewall platform, Security On-Demand™ can provide a cost effective platform to provide additional security services which if independently purchased would cause far greater expense than being bundled into a single device.  There are several UTM vendor hardware platforms that we support including Check Point Sofaware/Edge, Zone Labs Safe@Office, SonicWall, FortiNet, Netscreen, & Others.

Top

Don’t Ignore the Firewall When Deploying IDPS
Externally based network attacks are designed to circumvent the organization’s defensive countermeasures such as firewalls and Intrusion Detection Prevention Systems (IDPS).  When the IDPS is positioned behind a properly configured firewall, it becomes capable of detecting and preventing attacks that tunnel through the firewall.  This begs the question, if the IDPS sensor is placed in front of the firewall, does that effectively mitigate risk from an improperly configured firewall?  If your firewall gets ignored, who wants to find out?

By NOT ignoring the potential misconfiguration and by carefully reviewing and fixing any incorrect security policies on the firewall, the organization will be better protected because there is less overall irrelevant data, fewer false positives, and greater focus on traffic that is not getting stopped by the firewall and actually gets passed by the firewall into the internal network.

Focus on the DMZ
The threat assessment focus in most organizations should be within the DMZ. Understanding what the systems within the DMZ are doing, how they should normally be communicating and behaving is more art than science. In the past, the vulnerable attack “surface” of externally facing servers typically included missing security patches, outdated anti-virus, and system misconfigurations. Today’s risks are primarily centered around application based attacks, such as SQL Injection, Cross-site Scripting, and Cross-site Forgery several others. Today’s IDPS technology, systems and personnel such as what Security On-Demand™ deploys, must be particularly capable of addressing these particular threats. Many of the “home-grown” sensor technologies and event triage approaches in the marketplace today do not have this level of sophistication.

No More False Positives
Security On-Demand’s IDPS technology is based on both behavioral and signature based attack identification approaches. A key technological advantage is our ability to also integrate vulnerability data from the network into the sensor. When blended with this data and then correlated with all other information observed all WITHIN the sensor itself, the “heavy lifting” normally required by a separate Security Event Management (SEM) or event correlation engine is greatly reduced. While still retaining a log of all data flows, only the relevant information is passed along by the sensor for further analysis into our proprietary Threat Assessment System.

Top

Proactive Mitigation of External Threats
While most security technologies play a defensive role and are reactive in nature, consistent vulnerability scanning is proactive and is considered a vital part of your vulnerability risk management program.  An attacker particularly ones that seek confidential or sensitive information, can spend time over the course of months testing defenses and determining the best course for a successful attack.

Constantly Changing Attack Vectors
As your network and application environment changes, is administered by IT staff, allows connections for 3rd party vendors and business partners, it is vital that testing for potential vulnerabilities occur regularly, so that new pathways (potential attack vectors) do not open up, exposing the company to potential information breach, losing confidential data, violating regulatory compliance, or having its data resources go off-line or become unavailable. 

Manage Risk from Directed Attacks
As opposed to attacks that originate from the internal network or from an endpoint, externally based network attacks are designed to circumvent the organization’s defensive countermeasures such as firewalls and Intrusion Detection Systems.  However, before such exploits can be launched, the attacker must first probe the network for devices, protocols, and configurations that will yield information that an attacker can use to design a successful attack.  Proactive vulnerability testing and intrusion testing will help identify where and how an attacker might be able to gain critical information about your network that would help them attempt to penetrate external defenses.

Top