You are here: Home / SOLUTIONS

SOLUTIONS

Using the Cymbel Approach of the Next Generation Defense-in-Depth architecture, we provide solutions to mitigate the risks created by the new technologies organizations are deploying. In addition, we take advantage of next-generation products to provide solutions that are more effective at lower administrative and operational costs and enable the infosec team to be more responsive to business needs.

Here they are:

Network Security

The Internet represents the primary source of information security risks to the enterprise. Clearly the best risk mitigation strategy would be to cut the enterprise’s connection to the Internet. However, we all understand that’s not feasible due to business needs.

There are two basic constituencies that require the enterprise to be connected to the Internet – (1) employees and contractors and (2) customers, vendors, and other partners. Most organizations respond to these constituencies by creating two networks which I will call Corporate and Commercial, although there can be shared back-end services and databases. Historically, the primary network security technical control for the former is the firewall and for the latter it is the Web Application Firewall. Learn more.

Next Generation Firewall

Traditional stateful inspection firewalls and separate complementary firewall helpers like Intrusion Prevention, URL Filtering, and Proxy Systems are too expensive, too complicated, and simply do not enable organizations to control their users’ Internet activity or mitigate the risks of modern malware. In addition, network level control is needed not just at the perimeter but to control user access to internal applications. In late 2009, Gartner and Forrester began recommending that organizations move to what they are calling “Next Generation Firewalls.”

Unfortunately since then, many network security manufacturers have polluted the term “next generation” and “application-aware” firewalls. Simply adding application awareness as a separate module is not a bad thing, but it’s not a firewall unless it supports a Positive Enforcement Model (allow what’s needed and block everything else) which is the defining characteristic of a firewall.

A Positive Enforcement Model enables you to reduce the organization’s attack surface which goes a long way to mitigating the risks of modern malware. Also you do not have to worry about new applications third parties are developing which you want to keep out of your organization. They are automatically blocked if they are not specifically allowed even if the firewall does not have signatures for them!

A Positive Enforcement Model can only be achieved if the firewall provides Application-based Traffic Classification (ATC), i.e. the ability to define which applications are allowed and block all others including unknown traffic. Port-based Traffic Classification (PTC) firewalls which have added a separate application identification module use a Negative Enforcement Model, i.e. block specifically named applications and therefore ignore all others including unknown traffic. PTC must still be supported for backwards compatibility. Learn more.

Security Intelligence

Security Intelligence provides a unified architecture for collecting, storing, analyzing, and querying log, threat, vulnerability, and risk related data to enable security teams to:

  • Detect threats others miss
  • Consolidate data silos
  • Detect insider fraud
  • Predict network and information security risks against the organization
  • Reduce the costs associated with meeting regulatory compliance
  • Provide senior management with an understanding of the organization’s overall security posture

Learn more.

Zero-Day Threat Protection

Zero-day threats are dramatically increasing as the method of choice for cyber criminals and state-sponsored cyber spying. Traditional signature-based network and host-based approaches cannot protect against what they don’t know. A heuristics-based approach that is not prone to false positives is needed. Learn more.

Cloud-based Web Security

Attacks through the browser has become the number one threat vector because it is so much easier for the attacker. Therefore users browsing web sites must be protected not only when they are located at organization locations but also when they are remote – at a coffee shop, at an airport, or at home. Host-based anti-virus products have been proven to be insufficient by themselves against the onslaught of web-based malware. Cloud-based proxy services combined with host agents to assure all web traffic goes through the cloud security service is a key layer in a defense-in-depth architecture. Learn more.

Virtualization Security

Virtualization stands to bring enormous cost savings to organizations, but also creates new risks such (1) direct attacks on the hypervisor, (2) exposure to the virtual machines which can no longer be protected by network-based firewalls and IPSs, (3) lack of visibility due to the dynamic nature of creating and moving VMs, and (4) exposure to database VMs which can no longer be protected by network-based database protection appliances. New security controls must be implemented to protect the virtualized data center. Learn more.

Database Security

Since databases are a prime goal of cyber criminals, specific database security solutions make sense as part of a defense-in-depth architecture. The key components are Database Activity Monitoring, Database Encryption and Tokenization, and Data Masking. Learn more.

Mobility Security

Remote and mobile workers using laptops and/or smart phones  require specifically designed security controls which take into consideration the additional risks created by remote and roaming usage. When laptops and smart phones are used remotely, they obviously do not receive the benefits of on-premises controls. Here are the key issues:

  • Technical controls have generally been limited to host based approaches which have shown to have limited effectiveness
  • Being occasionally connected devices patches and other configuration items may not be up-to-date
  • Infected mobile devices and spread malware to internal devices when they to connect to the enterprise

 

If you have a question or a comment, or would like more information, please let us know by completing the Contact Us box on the upper right side of this page.