Centralized Security Management

Compliance of the security system with the requirements is crucial to any organization/institution with an extended IT network and a large number of users (the conditions of operation are defined by the security policy - IBIR: IT Security Management System). Networks with loosely connecting points (such as distribution networks or local governments) pose a serious challenge to security operators, who in such cases have no direct control over end-point devices and end-point human resources.

Security measures based on algorithms are required to provide fast and automated performance. In terms of efficiency, multi-step, central or local security measures can be implemented. Our solution focuses on central security measures. The service is essentially designed to ensure that in accordance with the relevant policy neither users logging on the network, nor their computers represent a risk higher than a pre-defined minimum level, thereby maintaining a unified and balanced connection between the central systems and the endpoints. The emphasis is on the "centralized" nature of the service as it requires no local action, which is a particularly significant advantage in locations with insufficient local human resources to support network operations.

The state-of-the-art solution provided by NETvisor Centralized Security Management enables automatic cooperation of the following services:

External network protection:

• Intrusion detection and prevention, IDS.

• Centralized anti-virus service: to protect the network against any "outside" attack (Internet).

• Detection of "outbreak" attacks based on the Honeypot system.

Internal network protection:

• User authentication and access control using security categories

• User workstation vulnerability control: when a user logs in, the system analyses what security risk the end user's computer represents for the network, and action is taken in the event of unacceptable risk: the system quarantines the end point to prevent further infection in the network.

• Protection against attacks from computers by automatic security systems (quarantine).

Network management:

• Correlation of security events and implementing actions according to a correlation policy. Automatic blocking of events categorized as high risk in network traffic.

• Analysis and control of end-point traffic (e.g. prioritized network traffic of a specific user, i.e. pre-defined business applications are given priority over Internet browsing).

• Support for network distribution with high security demand (IPSec VPN).

• Support for users through a web portal, which enables efficient deployment of operational resources.

The design of NETvisor Centralized Security Management enables outsourcing of the security centre to an external service provider, while the customer's institutions can continue to monitor and take immediate action regarding the security system.