Cybercrime is becoming more frequent and sophisticated. It can be difficult keeping up with the ever-expanding range and complexity of cyber threats that plague our networks. By designing a multifaceted network solution that takes into account the various methods cyber criminals use to exploit businesses, InfoSys Networks can help you mitigate the risks, protect your business against potential thieves, and ensure you maintain compliance with industry regulations.
Many of the tools that we deploy can be used individually to protect against specific threat vectors or in combination to provide a comprehensive security barrier across many fronts.
Email is the number one way organizations get infected with malware, which is why securing email is paramount. To protect your employees and your network it is imperative that proper spam protection and email scanning is in place. Modern solutions typically utilize not only attachment scanning, but also URL-rewriting and remote detonation to ensure malicious links containing dangerous code aren’t clicked on by an employee. Our engineers can help implement, configure, and maintain most email security solutions to safeguard your network from attack. Some of the products we offer include Cisco Email Security, Proofpoint, and Microsoft Defender ATP.
Just as important as securing inbound email, it is critical that your organization’s outbound email is properly hardened as well. Our engineers can help properly configure high-availability and load-balancing so that your organization’s on premise email never encounters an outage. In addition, our engineers can implement Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) so that your emails appear reputable to other organizations on the internet. SPF, DKIM, and DMARC have the advantage of preventing malicious third parties from spoofing your domain, which protects your business and your customers.
Finally, we can assist with deploying Data-loss Prevention (DLP) technologies such as Proofpoint, Websense, and Microsoft policies in Office 365. This prevents sensitive information such as account numbers, social security numbers, and financial information from being sent over email. We can even help configure most DLP solutions to prevent sensitive or confidential documents from being shared over email as well.
VPN & Secure Remote Access
If there is one thing the Pandemic has made clear it is that secure remote access solutions are a critical aspect of business continuity. Common challenges with remote work include:
- Acceptable VOIP call quality
- Bandwidth limitations
- Remote device access (printers/scanners)
- Security concerns
Our team of engineers can help harden and improve your organizations existing remote access solution.
To improve the security of your remote access solution, we can implement multi-factor authentication and dedicated networks to isolate VPN traffic.
To improve performance, Infosys can analyze your organization’s networking environment in order to identify potential bottlenecks. Solutions to such bottlenecks may include larger internet circuits, QOS policies, or WAN accelerators.
Infosys has partnered with a number of local ISP in order to find our customers the highest possible bandwidth at the lowest possible price.
If your organization currently relies on Microsoft Remote Desktop Protocol (RDP) or terminal servers/remote desktop session-hosts for remote access, then our certified engineers might be able to help. Improvements can often be made by utilizing RDS session brokers for load-balancing and RDP gateway servers for remote access instead of VPN’s. If dedicated clients (laptops/desktops) are in use, then it may be desirable to configure Microsoft’s Always-on VPN solution or Microsoft DirectAccess depending on the version of the client OS.
We can also help design and implement new infrastructure to meet your organization’s remote access needs. Infosys is a Cisco partner, so we typically recommend utilizing Duo for multi-factor authentication and SSL VPN’s utilizing Cisco AnyConnect for remote access.
Infosys has also partnered with Citrix and VMware, so our engineers can help deploy a scalable Virtual Desktop Infrastructure (VDI) environment built on Citrix Remote Apps/Desktops or VMware Horizon. Both of these products enable secure, VPN-less remote access using VMware’s Unified Access Gateway (UAG) and Citrix’s ADC/Gateway appliances. With the Citrix Gateway and VMware UAG, your organization can securely implement a Bring-Your-Own-Device (BYOD) policy that enables employees to leverage their own laptops, desktops, and tablets without directly exposing the organizations internal network to threats from an employee’s home network.
Of course, all of the solutions mentioned above support a myriad of Multi-factor Authentication options that include: Certificate-based authentication, Radius, RSA tokens, Duo, and other SAML-based authentication providers.
COVID-19 might be going away, but working from home is here to stay. Infosys can help your organization optimize the remote experience so that your users don’t notice a difference between being in the office and working from their couch. Convenience shouldn’t come at the cost of security, so we can do all of this while also hardening your network against remote attackers.
Cisco Identity Services Engine (ISE) is one of the tools we deploy to secure the network.
Cisco ISE Helps you
- Gain detailed insight into who, what, where and how endpoints and devices are connecting to your network
- Enforce compliance requirements and limit risks by ensuring devices have current patches
- Limit the spread of ransomware and enable rapid threat containment
- Define and implement global policy control
Cisco ISE allows a business to define and enforce secure network access control policies. A good security posture helps you avoid security breaches and the associated costs, reduce the time and expense to remediate any network security events, and reduce the time it takes to implement network changes. This equates to a quantifiable return on investment and a reduction in operating costs.
Umbrella enforces security at the DNS and IP layers thus blocking requests to malware, ransomware, phishing, and botnets before a connection is even established, stopping threats over any port or protocol before they reach your network or endpoints.
Umbrella Helps you
- Simplify security management by reducing malware exposure and time to remediate
- Protects systems on and off-network
- Provide coverage for all connected devices, including roaming laptops and mobile devices and supports most commercial operating systems
- Dashboard reporting to quickly view trends across your deployment, and then pivot to understand security risks that require action
- Speed to deploy across entire organization
- Speed up and improve incident response
MFA (Multi-factor) and 2FA (two factor authentication)
Duo ensures that you verify a user’s identity before granting access to your network; that is a cornerstone of network security. There are numerous multifactor authentication vendors on the market. We prefer Duo Security for several reasons:
- Duo is a very “usable” product — it is easy for users to log in quickly and securely
- No hardware tokens are required — individuals can use their mobile devices
- No infrastructure or hardware to manage and maintain – it is cloud based
Duo SSO (single sign on) offers the ease of authenticating once to gain access to multiple cloud applications within your organization.
Cisco Secure Endpoint
Formerly known as Cisco AMP, Cisco Secure Endpoint is designed to stop threats before they compromise your network. Simply put, Secure Endpoint combines Prevention, Detection, and Response all in one solution using an open platform to enable a simpler and more efficient workflow, and when a breach is detected, Secure Endpoint allows for faster remediation.
Endpoint agents provide continuous analysis and retrospective detection which allows for device trajectory to see where and what hosts interacted with files (including malware) across your endpoint environment. It can scope the threat, provide outbreak control, and identify patient zero.
All of these Cisco security products are supported by Talos, the world’s largest threat intelligence group.
Advanced Malware Protection
Malware is a catch-all phrase that refers to malicious software, hence “mal-ware”. Some malware is designed to operate secretly, like spyware, viruses and trojan horses. Other forms are designed to operate overtly, like ransomware and phishing attacks. Cybercriminals deploy these attacks in an effort to cause damage, disrupt, disable or gain unauthorized access to a computer, a server, or a network.
Unfortunately, the criminals have become so sophisticated that we can no longer use a one-size-fits-all approach to securing our systems and data. Fortunately, there are many effective tools to protect against this malware. Some tools help control who or what is accessing the network, a device, or data on the network, by authenticating the person or device; some tools can control what data is allowed to leave and enter the network; some tools identify and intercept suspicious emails, packets, or attempts to connect; and some tools identify anomalies in data that can predict and prevent potentially malicious intent. At InfoSys, our network security experts know how to orchestrate the best implementation of these tools to assist you in protecting your network from edge to edge. We have had great success with a security suite of tools from Cisco, but we also use other industry leading applications when it makes sense.
Formerly known as Cisco AMP, Cisco Secure Endpoint is designed to stop threats before they compromise your network. Simply put, Secure Endpoint combines Prevention, Detection, and Response all in one solution using an open platform to enable a simpler and more efficient workflow. And when a breach is detected, is allows for faster remediation.
Types of Malware
Intended to deny or restrict access to personal or company files and demands payment in return for re-enabling access.
A technique used to disguise activity from an unknown source and make it appear like a trusted source. Spoofing is often initiated using emails and websites but can also include more advanced methods like disguising Domain Name Systems (DNS) servers, IP addresses, GPS coordinates and Address Resolution Protocols (ARP).
A type of spoofing typically delivered via email. It is a socially engineered attack that masquerades as a trusted source with the intent of luring you into providing personal or financial information which can then be used to access your systems or take over your accounts or network.
Software that secretly records a user’s activity in an effort to collect sensitive data like usernames, passwords and personal information.
Software that is installed surreptitiously intending to cause harm or cripple a system.
A software program that misrepresents itself as a standard piece of software, but which actually installs a harmful program when it is installed or executed.