CYBERSECURITY TECHNOLOGY INTEGRATIONS

4IG CYBERSECURITY ENGINEERS ARE EXPERTS IN PREVENTIVE AND PROACTIVE DEFENSE SOLUTIONS

We integrate these technologies by interpreting applicable policies and risk analysis, and then review the security needs of infrastructure, applications and data. 4iG can thus implement in-house Cybersecurity Technology Integrations from design to continuous post-rollout support and upgrade,regardless of whether continuous monitoring and operation will be carried out by the customer, a third party or 4iG.

Key technologies:

• identification-authentication: MFA
• endpoint protection: EDR, MDM/EMM
• cybersecurity analysis systems
• network, internal and border protection: UTM, WAF, IDS/IPS,VPN
• cloud security: technology protection for Azure, AWS, GCP, and private-, hybrid- and multi-cloud environments
• data security: DLP

IDENTITY MANAGEMENT, DIGITAL AUTHENTICATION

Controlling identity and access at network and logical levels

In addition to traditional identification procedures (username, password) for secure access to network services and content, enhanced identification solutions (e.g. multi-factor authentication) or more complex identification and access control – NAC, CISCO Identity Services Engine (ISE), etc. – may be required. State-of-the-art access regulations already take into account the growing popularity of mobile devices (EMM systems) and the mobility needs of users - Bring Your Own Device (BYOD).

MULTI-FACTOR AUTHENTICATION (MFA)

Protecting users' digital identities is now essential. It can be used to achieve a higher level of security that makes it easy to prevent simple attacks. The authentication is done in severalstages and takes into account several security factors. One of the easiest ways to do this is that the user receives the code in a text message or through a downloaded app to his/her own device, and with this can verify the authenticity of his/her identity. Two-factor authentication is much more secure than purely password authentication; and can now be configured for almost everything, so it needs to be used in our well-understood interest. This multi-factor authentication means that a user can only have access to certain personal data, documents, and content if they provide multiple proofs of identity. Usually by something that only (s)he knows (such as a password) or by something that belongs to him/her (e.g. a card, identity document) or by something unique to him/her (such as biometric identifiers, fingerprints, retinal patterns).

CYBERSECURITY ANALYSIS SYSTEMS

Security Information and Event Manager (SIEM)

Logging not only provides information about the overall state of IT elements and security-critical events, but also provides incident detection and countermeasures tracking. Central collection and analysis of log files provides theopportunity to detect and investigate complex security incidents, as well as provide data during ex post accountability or legal proceedings. Our solutions include not only the introduction of the SIEM system and the activation of basic reports and alerts, but also the detection of incidents requiring correlation processing, which is used to convert the relevant events detected by devices operating in the environment into a scenario containing the sequence of events, as well as their evaluation, prioritization, and the implementation of alert chains, escalation processes and automatic response steps.

SIEM systems perform log analysis and send alerts in real time from log files of the systems connected to them. The system not only analyzes IT security incidents, but also provides compliance reports (ISO27001, PCI-DSS, any kind of legal compliance). In SIEM systems, unlike in log collection solutions, there are also predefined statements and alerts from the manufacturer. Reports and alerts can be used immediately after the system is installed and integrated, if the necessary log files are received by the analysis system. These reports and alerts can be extended by the user. For logs with appropriate data content, events from different log sources can be linked (correlation) in the SIEM system. For example, by linking events, one can analyze the entire user activity and track it from sign-in to sign-out. The review of correlations between existing systems and Use Cases is also part of an SOC/SIEM audit to give management a clear picture of operational efficiency and protection capabilities of the covered areas and technologies.

ENDPOINT PROTECTION

Endpoint Detection and Response (EDR) is a cybersecurity technology that meets the need for real-time monitoring and focuses on endpoint analysis and incident response. Operated from a single central interface, EDR provides a comprehensive view of the activities of all endpoints of the infrastructure, as well as valuable security streams that allow IT security professionals to perform additional inspections and troubleshooting. EDR proactively detects new and unknown threats, as well as previously unidentified infections that penetrate systems through endpoints and servers. This is done by analyzing previously unallocated events that cannot be classified as ‘reliable’ or ‘definitely malicious’.4iG's EDR service examines the behavior of files, macros, and scripts in a separate, so-called sandbox environment, which determines a program-specific risk value. Based on this risk value, we can identify the attack vector we are dealing with. 

Design, implementation and support of Enterprise Mobility Management (EMM, formerly MDM) systemsEnterprise Mobility Management solutions help our customers to deploy devices, manage secure use, and enforce security and compliance standards, especially when there are numerous mobile devices. Managing access to business data is a problem in IT organizations of companies. These protection systems are capable of securely access and manage the sensitive data of companies on portable devices.In addition, our engineers assist as consultants,taking into account constantly changing needs and technical possibilities.

DESIGN, IMPLEMENTATION AND SUPPORT OF NETWORK AND PERIMETER SECURITY

VIRTUAL PRIVATE NETWORK (VPN)

The remote log-in of users can be solved through virtual private networks (VPN).In this case, special attention should be paid to checking security settings and environment, as this feature may be used by third parties from clients that are not under our control. However, the applied level of security should not be to the detriment of usability.Thus, maintaining this balance, setting up and checking the available controls requires special attention and careful planning when introduced.

UNIFIED THREAT MANAGEMENT (UTM)

Controlling communication on the network has a key role to play in creating IT security. It is important to know exactly the characteristics of normal network traffic, to identify external connections, so that at deviations we can easily locate and counter a possible attack. The most effective way to do this is through a network analysis tool, which provides security through the coordinated operation of several modules. The functions covered by each UTM manufacturers are different. 4iG engineers position individual solutions to customers with superior precision based on technical and compliance requirements.

Physical firewall protection
Increasingly advanced cybercrime solutions and the growing threat require state-of-the-art, next-generation firewall systems, innovative network security solutions (intrusion preventing, content filtering, data leak preventing and traffic control systems) and advanced knowledge. Our world-class solutions, flagship partnerships, long-term experience guarantee a higher level of security. 

Cloud-based firewall protection
Today, more and more of our customers are using several types of cloud-based services in some way. These mean serious exposures in a basic implementation, and there is no guarantee of adequate protection with asingle solution. They should be differentiated by type of service and area of use and the infrastructure elements and/or data that are important to theorganization should be protected proportionately to the risk. Our manufacturer-independent,high-level experience helps us to provide our customers with tailor-made security systems, even fine-tuned to individual needs, which makes us far ahead of our competitors.

WEB APPLICATION FIREWALL (WAF)

Application-level protection is required for a web application that is offered as a service by the infrastructure. For web application-level protection, a web application firewall is set.In addition to HTTP(S) compliance, this tool is also a solution against so-called‘high visibility’ attacks, general OWASP Top 10 attacks, and attacks against the process state. It masks web servers and application specific properties. In addition to countering overload-based offensive behavior, an XML, JSON and WSDL validation, and an antivirus check is also carried out. In addition to app protection, the tool also has data theft protection,which can be optionally configured depending on customer needs. To guarantee application security, the set of rules on which protection isbased can be tightened, if needed. In addition to filtering the web traffic of the application, the data transfer is always encrypted with a certified certificate. In addition to its own certificate management system, the solution performs OCSP and CRL checks (certificate management and verification).It is important to point out that web application-level protection should work with microservice-based improvements following agile methodologies, moreover, it has to match the automations of CI/CD pipeline that creates DevOps, DevSecOps collaboration forms. Such environments vary from organization to organization, but our engineers always recommend native solutions complying industry practices according to the needs of our customers, in the form of smaller or larger building blocks.

INTRUSION PREVENTION SYSTEM (IPS)

Intrusion protection begins with detecting: like in virus protection, by searching for rules and patterns in network traffic. Alerts can be sent, or interventions can be applied (e.g. by blocking traffic) on the basis of the threats thus detected.

INTRUSION DETECTION SYSTEM (IDS)

Intrusion detecting is partly based on a signature, as is the case with IPS systems, but by contrast, also on the basis of the analysis of major/minor differences and anomalies in network traffic, which in addition to applying machine learning and artificial intelligence (AI), is primarily detecting and profiling patterns of destructive and other offensive behaviors, and alerting other, even automated security systems in the event of aproblem.

CLOUD SECURITY

The flexibility offered by public cloud platforms is very useful for digitalization managers, but it is also of utmost importance to ensure data security in this environment. 4iG experts can adequately protect public, hybrid and even multi-cloud systems provided by global cloud service providers (Infrastructure as a Service – IaaS, Platform as a Service – PaaS, Software as a Service –SaaS models).

• Amazon Web Services - AWS
• Microsoft Azure

These service providers also pass IT security tasks on the cloud subscriber (operator-user) based on the shared responsibility model. The exact scope and requirements may vary from provider to provider. It is the duty and responsibility of the subscriber-operator to carry out these security tasks. Keep in mind that the cloud provider is not responsible for any problems caused by falling behind or performing them incorrectly, which is the customer's risk, which can be greatly reduced with the presence of 4iG.

Examples of such tasks include:

• correct setup and use of security tools provided by the service provider,
• secure configuration of the used cloud elements,
• continuous monitoring and verification of the configuration.

These tasks require considerable expertise, general and service-specific experience and up-to-date knowledge.

Amazon AWS
In the AWS account security monitoring service carried out by 4iG, we examine our customer's specific AWS account, verify that the AWS security tools used are properly configured, that each cloud building block is configured securely, that the system is generally secure, and that it complies with best practice. If necessary, we will propose corrections. In our cloud service, we provide cloud account test, highlighting security issues, and suggestions how to fix them. 4iG supports its customers' systems with a number of AWS certified colleagues and cloud security specialists.

Microsoft Azure
Microsoft Azure is Microsoft's public cloud platform for enterprises.For 5 years, 4iG has been hosting and supporting many Azure-based systems, and we also provide continuous security protection for them.

DATA SECURITY

Data Leak Prevention (DLP) and Document Eligibility Management
It is a privacy solution package tailored to our customers, including complex protection of vulnerable data leaks, port protection, endpoint and network encryption, and a consulting service.Solutions that can prevent both internal and external data leakage are cornerstones of protecting sensitive business information worldwide. The protection strategy is set up based on specific data sources, user habits, and other circumstances in the infrastructure environment. A basic directive is risk-based protection, which requires careful planning and implementation, both in preventing data leakage and in regulating and monitoring the handling of documents.