CYBERSECURITY

A fortified defense of your corporate assets starts with security fundamentals. With those fundamentals in mind, our “Intelligent Security Design” (ISD) approach is built on the five pillars of IT Security: Identify, Protect, Detect, Respond and Recover. Using only best-of-breed products, coupled with over 30 years of security design experience and a history of customer successes, our security specialists deliver a layered security design that protects your business from Cloud to Endpoint, and everything in between. At the end of the day too little security exposes you to too many risks, while too much security chokes your company’s ability to get things done.

ISD strikes the balance between too little and too much cybersecurity by proactively protecting resources and users along each network layer. Get deep visibility you need and prevent previously-unseen threats.

Mission critical networks can’t afford downtime and disruption. Kobargo deploys Security Appliances that support multiple layers of redundancy, ensuring WAN connectivity, appliance availability, and seamless failover of voice and data for all sites.

Warm spare failover ensures the integrity of firewall services at the appliance level regardless of deployment mode. In the event a firewall goes offline, a secondary firewall will automatically take over its duties—ensuring a site is not deprived of functionality like intrusion prevention, VPN, application and client control, DHCP service, and more. Leveraging industry standards like Virtual Routing Redundancy Protocol (VRRP), networked devices need no additional configuration or intervention to failover to a secondary firewall.

Datacenter redundancy and failover is a mission critical requirement for organizations securely tunneling branch sites to datacenters. Kobargo deploys security appliances that support secure tunneling between sites using either mesh or hub-and-spoke topologies. We can specify which datacenter to use as the primary resource for shared subnets, along with a list of other priority hubs to failover to in the event of an outage. If a site goes offline, branches will automatically fail over to a secondary (or even tertiary) datacenter.

An Intrusion Prevention System (IPS) is a network threat prevention technology that examines network traffic in order to detect and prevent vulnerability exploits. Our cybersecurity solutions support unparalleled threat prevention via an integrated Intrusion Prevention engine. Intrusion prevention (IPS) is performed via rulesets: pre-defined security policies that determine the level of protection needed. Rulesets are refreshed daily to ensure protection against the latest vulnerabilities—including exploits, viruses, rootkits, and more—and are pushed via the cloud to firewalls within an hour—no manual staging or patching needed.

Human error can bedevil the best attempts to lock down and secure a network especially if the security tools used are complex. Deploying, configuring and managing IPS on security appliances requires experienced cybersecurity engineers in order to protect your network, while not impacting productivity.

Understanding the flow of applications, users, and time spent helps businesses realize productivity goals. This level of visibility and the actionable data it provides is an important reason to have application-layer visibility in your networking infrastructure. Packet inspection engines fingerprint and identify applications and their utilization which allows us to define per-user utilization policies based on this application-level visibility.

Human error can bedevil the best attempts to lock down and secure a network especially if the security tools used are complex. Deploying, configuring and managing IPS on security appliances requires experienced cybersecurity engineers in order to protect your network, while not impacting productivity.

In simple terms, Threat Intelligence is a cloud-based collection of data from millions of sources (think all those free anti-virus clients) about viruses and malware, such as source IP address, size, author, reputation, payloads, and file hash (just to name a few), that is constantly updated and leveraged by security products for real-time protection. Typically, when a product encounters a new file or application, it sends detailed information to the cloud for validation.

If found to be safe, it is allowed to run. If it is known malware, it is blocked. If it is unknown, it is allowed to run but monitored. Every action by the unknown file/program gets journaled for possible rollback or remediation, and any effort to transmit data from the device will be blocked until the application has been cleared as safe.

If it is found to be malware all information on the file is added to the “Threat Intelligence” database in the cloud and protection is instantly available to all connected devices. Cisco’s AMP (Advanced Malware Protection) and Threat Grid are examples of Threat Intelligence, and are used in Cisco & Meraki security products.

Today’s Malware is nothing like the viruses that disabled PCs for good fun a few years ago. Malware is driving a multi-million dollar industry of cybercrime that locks and destroys data. Signature based malware protection are only as good as the last signature update and even then they can’t protect against zero-day attacks. Networks must have a comprehensive malware combat readiness solution in place to block attacks as they happen.

Cisco’s AMP solution automatically checks downloaded files against the global AMP database (see Threat Intelligence) in real time and blocks malicious files before they can pass through the network perimeter. Cisco perimeter security products with AMP provide a straightforward summary of threats seen across your network, and allows you to drill down into the details of a particular attack or threat. Malware combat readiness needs to start at the perimeter and can no longer solely reside on the endpoint.

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.

Firewalls are still the tried-and-true protectors of the network perimeter, but they’ve evolved beyond simple packet filtering and stateful inspection.

We deploy, manage and support next-generation firewalls that are SD-WAN ready and provide VPN connectivity, advanced malware protection, application awareness and visibility, intrusion prevention and Threat Intelligence to address today’s and tomorrow’s threats.

Secure Internet Gateways (SIG) are a part of our layered cybersecurity design approach. Before users connect to any destination on the internet, a SIG provides the first line of defense and inspection. Traditional network and web security provides visibility and control for employee activity on your corporate network. At the same time, an SIG extends visibility needed to protect internet access across all devices on any of your networks.

The domain name system (DNS) is a foundational component of the internet — mapping names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. Our approach to security starts beyond your network’s edge by leveraging DNS to prevent data leaving over any port or protocol, whether initiated by user DNS requests or direct IP connections. The reason for blocking more than just domains is that some threats use hardcoded IP addresses to establish direct connections, bypassing the need for DNS resolution.

Hiring a full time in-house security resource is expensive and a technician that performs some security related functions puts companies at risk. Outsourcing security services to specialists reduces risk and worry, and protects your business at a significant cost savings. Security management services provide administration, maintenance and support of all security layers, including monitoring and remediation of any issues.

What you do when a threat or attack has been discovered is just as important as all the security measures that have been put into place. Containing and remediating the effects of an attack can be the difference between a solitary desktop compromise and a complete network breach. A documented incident response plan is vital to your layered security approach.

Technology can provide fantastic safeguards and processes, but even organizations with strong security practices are still vulnerable to employee error. 52% of security breaches are caused by human error. The average total cost of a data breach is $3.79 million and that number is rising fast. Training for your employees teaches them security best practices and safe data handling procedures which is vital to protecting your business.

Kobargo’s threat assessment is a proactive review of a customer’s security infrastructure and threat prevention strategy. Our assessment methodology involves identifying weak points and exposures in an organization’s security deployment and developing an intervention plan that addresses and establishes protection at all layers of the network.

Kobargo’s Dark Web Domain Monitoring Service & Notification combines intelligence with search capabilities to identify, analyze and proactively monitor for your organization’s compromised or stolen employee and customer data. Attacks on networks may be inevitable, but they don’t have to be destructive. Proactive monitoring of stolen and compromised data alerts us when a threat is detected so we can respond immediately.