Current Threat: The escalating number of threats, vulnerabilities, and attacks targeting corporate networks has most enterprises feeling insecure. Attacks are now considered a matter of “when” rather than “if”, and more than half will originate from an unsuspected source.
Though significant industry progress to secure the enterprise perimeter have resulted in fewer numbers of external compromises overall, the 2005 CSI/FBI Computer Crime and Security Survey reports that 56% of participants reported unauthorized access to information and theft of proprietary information from inside the company. These findings align with Price Waterhouse Coopers 2005 Global State of Information Security Survey that reports 61% of all information security attacks originated from employees, ex-employees, and partners. These statistics combined with growing regulatory security compliance initiatives create a genuine need for businesses to define, enforce, and monitor network access policies. After all, regardless of the measures taken to centralize access rights management, how do businesses ensure unauthorized access to sensitive information is not occurring?
Tomorrow's Technology Today: Network Security Zones (NSZ) enable you to define secure boundaries to manage and monitor access to information and applications across multiple systems and disciplines - while delivering unimpeded online services to employees, customers and suppliers. Simply put, our intelligent, behaviorally-based NSZ system does what no other network security product can do without requiring any network rearchitecture. It helps you easily and intelligently define who can go where, when they can do it and where they can do it from - and if anybody tries to violate those boundaries, you’ll be alerted.
Companies have been trying for years to come up with working systems for network security zones that allow access without compromising security. But it took Global DataGuard, the leader in actionable, preemptive, behaviorally based network security, to make it work.
Our NSZ system:
Provides insight into attempted access of any resource
Is the cost-effective alternative to cumbersome and expensive Network Access Control and Identity & Access Management solutions
Helps you define and monitor your corporate security posture
Is behaviorally-based, supporting DHCP environments where it’s necessary to track individual users or hosts independent of their IP addresses
Protects against various network intrusions and illicit access, whether from inside or out
Allows easy, efficient access for authorized users
Easily manages relationships between employees, customers, business partners and all the disparate applications they depend on
Enables fast response to accommodate changing relationships
Strikes the balance you’ve been looking for between access and safety
Is administered through our easy, convenient Security Dashboard, giving an instant business intelligence view of your corporate security posture
Provides a clear path to enhanced compliance and auditing requirements
Handles security/access for remote and mobile workers
Works with drag-and-drop simplicity
Integrates completely with our proven architecture/solutions for preemptive, actionable security
Network Security Zones is the first network access control & monitoring solution based solely on behavioral network analysis and correlation. Each Network Security Zone is a user-defined container comprised of specific network resource objects: users, systems, applications, date/time, etc. – with secure boundaries for specific systems, applications and users. To secure the perimeter, for example, foreign IP addresses are limited to communicating with specific servers, applications, protocols and resources. Internally, our system easily provides access, for example, to all specified users of databases and the internal email server. However, attempts by those users to access anything beyond these specified resources – financial and HR servers, for example – will result in an alert. At the perimeter, the NSZ system also automatically monitors mirrored network activity and behaviorally detects defined security policy violations.
Conclusion: There’s no need to install centralized network authentication equipment or host-based agents on your clients and no need to re-architect your network to accommodate in-line security devices. There are no in-line sensors that can inadvertently obstruct traffic and no need to require authentication through a centralized management system just to receive identity, rights and access privileges - business relationships are defined and managed at a network level. Our solution works with any device attempting to access the network, continually monitoring for policy violations. Each specified NSZ resource object specifies detailed information, including resource name, IP address, IP port number, protocols to use on the port, etc. Thus, even attempts to communicate with different protocols and/or port numbers between defined objects will generate an unauthorized access alert.
Global DataGuard, Inc. 14800 Landmark Blvd, Suite 610
Dallas, TX 75254 USA