Due to the proliferation of Advanced Persistent Threats (APT), ransomware and other malicious threats the days of using just an endpoint antivirus solution are long gone. Projex IMC offers and recommends a multi-layer cybersecurity services strategy to help clients mitigate potential cybersecurity risks.
This multi-layered approach to cybersecurity services delivery is consistent with the core principles and implementation tiers outlined in the NIST CyberSecurity Framework (CSF) … a voluntary guideline for best practices and recommendations developed by the U.S. Commerce Department’s National Institute of Standards and Technology (NIST). It also forms the basis for ProjexGuard™ … our solution for cybersecurity risk management.
Our cybersecurity services can be tailored to the needs of each client, but at a minimum we recommend the following cybersecurity layers be implemented and maintained: Endpoint protection, email protection, network security implementing an Internet usage policy, and user training. The implementation of a network security appliance with intrusion detection, intrusion prevention capabilities and a unified security management platform is also highly recommended.
Endpoint Protection from Projex IMC includes Webroot SecureAnywhere Business Endpoint Protection, anti-malware software, and optionally a Remote Monitoring and Management (RMM) agent from Continuum.
Webroot SecureAnywhere Business Endpoint Protection protects not only against your typical virus, but also against threats across email, browsers, files, URLs, ads and apps in real time. Projex IMC uses advanced behavioral heuristics to identify and protect against never-before-seen threats. This service is backed by Webroot’s Threat Intelligence Platform — a platform that uses massive machine learning in the cloud to classify 95% of the Internet three times every day. Webroot’s Threat Intelligence Platform is renowned in the industry for its unparalleled ability to detect the behaviors of today’s malware and effectively stop them at the source. This tool specializes in fighting malware like viruses, worms, trojans, rootkits, dialers and spyware.
Our RMM agent implements 24 x 7 remote monitoring of protected endpoints in order to maintain the patching level updated. Antivirus definitions and Windows and third party security updates are automatically installed based on policy.
Endpoints alerts are integrated into the Projex IMC ticketing system (Help Desk) providing visibility.
The email protection layer of our cybersecurity services solution makes use of the AppRiver Advanced Email Protection service. Using a powerful cloud-based spam filtering service, AppRiver blocks 99% of spam, viruses and malware in the cloud before they reach your network.
The email filtering service provides complete protection against spam, viruses, malware, phishing attacks, Business Email Compromise (BEC) attempts, conversation hijacking, brand forgery attacks and other potentially harmful forms of social engineering for your organization, without the time or expense of managing hardware and software systems. With AppRiver’s disaster recovery feature, you have access, in the event of any kind of email/server failure, to the last 30 days of email in a queue.
Network Security Service – Internet Policy Enforcement
Our Network Security Internet Policy Enforcement layer consists of the Webroot SecureAnywhere. By redirecting web browsing through the Webroot DNS cloud (DNS server), this service gains immediate control of users’ internet activity. The most dangerous websites are blocked automatically, and all other sites are under real-time URL category policy control. Clients can block websites according to 82 specific site categories (security, adult, productivity, etc.).
Allow/Block (whitelist/blacklist) is also supported. URL filtering is supported by Webroot BrightCloud® Web Classification data. The URL database is the largest of its kind, and the service continually classifies over 600 million domains to update the database in near-real time.
Network Security Appliance – Intrusion Detection and Intrusion Prevention
The Network Security Appliance layer consists of a Next Generation Firewall (NGFW) implementing intrusion detection and intrusion prevention systems.
While there are a multitude of vendors providing such appliances, Projex IMC recommends the Fortinet Fortigate family of NGFW (Entry Level Fortigate 30E, 50E, 60E, 80E). Innovative security processor (SPU) technology is used for high performance application layer security services (NGFW, SSL inspection and threat protection). This technology protects against known exploits, malware and malicious websites using continuous threat intelligence provided by FortiGuard Labs security services.
FortiGuard NGFW service delivers proven application control and intrusion prevention (IPS) technologies to improve your overall security posture. This service detects unknown attacks using dynamic analysis and provides automated mitigation technologies to stop targeted attacks. FortiGuard delivers extensive routing, switching, wireless controller and high performance IPsec VPN capabilities to consolidate networking and security functionality.
Internal Security Alert System and CyberResponse Service
The Internal Security Alert System cybersecurity layer uses advanced CyberSecurity assessment software running on a dedicated virtual appliance inside the customer’s network. Daily internal security scans looking for anomalies, changes and risks are used to generate security alerts. Internal security alerts can be emailed if desired. Alerts are also viewable via an Internet Internal Security Alert Portal.
Internal Security Alerts enable the proper and timely response to CyberSecurity incidents. Incident response can be tracked via PROJEX IMC’s ticketing system as our technicians investigate and take proper CyberSecurity measures.
End User Training and Best Practices
Surveys indicate that the majority (over 50%) of cybersecurity breaches are caused by human error. Either internally (employee/subcontractor with malicious intent, employee posting their password on a yellow sticky right on the keyboard) or externally (employee clicking on unsuspecting email link, or hacker obtaining credentials via social engineering) initiated security breaches can be prevented by implementing and adhering to policies, procedures and best practices.
Some of these include cybersecurity awareness training. When one does not know what one does not know it is very easy to make a mistake. Developing and enforcing physical security policies that specify who is allowed to enter the premises, computer room/closet, etc. and when — and then documenting/verifying such instances — provides another mechanism to aid in counteracting security breaches.
Overall cybersecurity policies and procedures should include: A password policy, a removable device (USB) policy, an encryption policy, a mobile device management (MDM) solution, and backup, business continuity and disaster recovery policies.
Projex IMC can help you develop and implement your cybersecurity policies, procedures and best practices.