Computer network security
We develop and implement computer network security policies in the company’s IT infrastructure.
Securing the computer network
Proper protection of the computer network
A computer network is a place of exchange of all information processed in a modern enterprise. It is up to its proper management whether valuable information leaves the company without our knowledge, which in turn may lead to serious material losses.
For this reason, a very important part of information protection is achieving security of the computer network, both against external attacks and those coming from within the enterprise. Exanet has a wide range of services that enable a significant increase in the level of computer network security.
Services increasing the level of security in a computer network
- We audit the security of IT infrastructure.
- We assess the security level of the existing network infrastructure.
- We reconfigure the client’s current security systems.
- We implement mechanisms that increase security in computer networks (firewall, UTM, VPN, BGP, SLA systems).
- We evaluate the company’s security procedures.
- We make business continuity planning (BCP) plans in hazardous situations.
- We make and implement IT security policies in the enterprise.
Individually selected security mechanisms
All our activities are preceded by an in-depth analysis of the client’s needs and a review of the existing IT environment. Only after this stage, together with the client, we design security mechanisms individual for each IT infrastructure.
In addition to standard counteracting external threats, such as network attacks, intrusion attempts, etc., we offer solutions aimed at ensuring the continuity of the IT environment in the event of an external attack, decrease in the efficiency of system components or failure of individual segments of the computer network.
Securing network resources against loss and unauthorized access by unauthorized persons becomes a critical aspect of network management
Exanet services increasing the level of network security
- We select optimal security solutions, taking into account the individual needs and requirements of the client.
- We implement network access restrictions – forcing authentication in wired and wireless networks.
- We implement solutions for filtering and deep inspection of traffic in the corporate network, as well as for external connections – access to resources necessary to perform duties based on the broadest identity context (user, place, device, application).
- We implement advanced website control systems based on content categories and constantly updated reputation filters.
- We secure the interface between the local network and the Internet – configuration of the stateful firewall based on zones, special protection of services exposed to the Internet (DMZ).
- We implement the system of early detection and prevention of network attacks (IPS) and a centralized network anti-virus and anti-malware system.
- We implement solutions of high availability of security systems that minimize the effects of a hypothetical system failure.
Next generation firewall
Cisco next-generation firewall
Next-generation firewalls (NGFW) are comprehensive solutions that increase network security in the enterprise. Exanet offers the implementation of the Cisco next-generation firewall, which uses integrated data sources about emerging threats, guaranteeing advanced protection against malware, effectively preventing intrusions. Cisco Firewall filters URLs and verifies user identities, detecting even subtle threats.
We most often recommend Cisco FirePOWER to our clients. As part of the service, we provide the device with a license for the customer and we configure and implement a next generation firewall. A properly implemented firewall is the basis for the security of the company’s IT system.
Engineers specializing in network security pay attention to the numerous benefits that a next generation firewall generates for security.
Advantages of using NGFW in a network infrastructure
- We obtain a presentation of the overall picture of all activities in the network.
- We quickly detect threats and prioritize.
- We increase the network’s resilience to a cyber attack.
- We install the solution as part of the infrastructure in the client’s server room or in the cloud.
- We obtain interoperability with other components of the IT security infrastructure.
IPS, AMP, URL licenses
A frequently occurring and recommendable choice of Exanet’s clients is the purchase of a Cisco ASA with FirePOWER Services router with an IPS, AMP, URL license.
Next-Generation IPS (NGIPS) provides very effective protection against threats along with contextual monitoring of user behavior, infrastructure elements and applications using the network. All multi-vector threats are detected and neutralized by automatic defense actions.
Advanced Malware Protection (Cisco Advanced Malware Protection, AMP) provides advanced malware protection along with sandboxing.
The URL Filtering license allows you to filter over 280 million domains according to the degree of risk and according to 82 available categories.
Cisco Umbrella – a cloud-based security solution
The perfect first line of protection for your network
Cisco Umbrella is a popular cloud-based security solution for companies, operating in the DNS layer. Umbrella is a scalable and flexible solution that combines several functionalities related to IT security for devices, remote users and company branches.
Umbrella blocks threats before they reach the user thanks to the fact that a connection with a dangerous website, IP address or cloud application is not established. Because of this, the chances of negative events related to phishing, malware, ransomware, botnet, Trojan, etc. are minimized.
Speed and ease of implementation in the IT infrastructure
Cisco Umbrella can be quickly and easily deployed in the company’s infrastructure. The deployment process requires just a few steps, including: adding a public IP address; setting DNS addresses on end devices, routers, AD, Roaming Client (for mobile employees); creating security policies.
Several protection functions in one solution
- DNS layer security – Umbrella protects users by stopping threats detected on ports or protocols before they can reach the corporate network or end devices. Queries to unsafe domains are redirected to a proxy for deep URL or file inspection. Effective protection has no impact on performance.
- Safe network gateway – Umbrella records history and monitors network traffic, allowing the administrator to view the situation and control the URL and applications used in the network. Microsoft 365 traffic is identified and routed to optimize performance. Full or selective SSL decryption allows you to block hidden attacks.
- Cloud firewall – Umbrella logs activity and blocks unwanted network traffic using rules based on IP, ports and protocols (layer 3 and 4). Redirecting network traffic only requires the configuration of IPsec tunnels. A cloud firewall is the optimal solution for companies with many branches or intensive use of cloud applications.
- Cloud services access broker – Umbrella detects and reports activity in the use of cloud applications, including those undesirable in the organization. The three assumptions of cloud access security are: visibility, application visibility and risk assessment, optimization and blocking.
- Interactive Threat Assessment – The Umbrella Investigate Console offers insight into risk assessment, presents DNS query patterns, and the context of dangerous domain events over the past 5 years. Hazards are assessed in real time in order to increase proactive protection of users, prioritize incidents and speed up investigations.
- Integration with SD-WAN – In large organizations using SD-WAN, the implementation of Cisco Umbrella is quick and allows for immediate protection against Internet threats. The simple and automated creation of tunnels allows for flexibility and granularity of control over safety.