Advanced Persistent Threats



Data Loss Prevention

Database Activity Monitoring


Our antivirus solution is based on multiple vendor offerings.We use the following criteria to determine which product to deploy:
• number of sites
• number of endpoints per site (desktops, laptops, servers and mobile devices)
• link speed between sites
• operating systems and critical 3rd party applications
• any specific customer preferences and needs
Our solutions

Firewalls were previously seen to be the core of any Network Security architecture but they have now evolved into a less dominant, but still necessary element of an overall defense-in-depth strategy. Due to the additional capabilities offered by Firewalls today, organizations are better served in using them to segment the network and to control the spread of infections or potential attacks.

With this design, we are able to utilize the Firewall to control the impact of an infection by only blocking the services impacted by the threat, while still allowing the unaffected services to continue. InfoGuardian offers various Firewall-related services including a 24x7x365 completely managed service that includes Incident & Event Management.

Most organisations tend to focus their patching efforts on Microsoft and the bad guys know this, which is why they target vulnerabilities in operating systems or third party applications that do not get the attention they deserve.

Most malware types use these vulnerabilities to access systems, but hackers and hacking tools exploit them too.

This leaves antivirus and other security controls hamstrung and in a reactive position, allowing re-infections to take place even after a threat has seemingly been eliminated from the environment.

InfoGuardian can provide various tools to address this risk for either customer use or delivered as-a-service.

Disaster Recovery (DR) is the implementation of policies and procedures that enable the recovery and continuation of vital technology infrastructure and critical business systems should a catastrophe occur, either by way of natural disaster (flooding, earthquake etc.) or through human intervention (arson, malicious code etc.). Most commonly, DR is achieved by replication of the production facility to another system, typically off-site and geographically separated. The distance can range from anything from a few kilometres away to an entirely different country.

Disaster Recovery benefits include:

• Reduces the need for decision making when disaster happens
• Gives you confidence that your business can continue after a disaster
• Guarantees the availability of stand-by systems
• Provides you with a back-up of information and documents if the original is destroyed
• Reduces the risk of human disaster
• Makes you aware of those things that can be insured against disaster

InfoGuardian's vulnerability management solution is designed to operate entirely independently of operating system, network type, asset type or application. Utilisation of best of breed technologies ensures future requirements are catered for due to ongoing investment in research and development.

By combining the necessary solutions from established vendors in this space and integrating them to ensure a single view of the vulnerability landscape, we are ensuring that our solution is future-proof, while also catering for legacy systems.

By taking a multi-vendor approach, we are able to offer best-in-class technology from market dominating vendors ensuring that any single attack vector will be interrogated by multiple, independent technologies to ensure maximum detection.

Very often the forgotten area when it comes to Information Risk, an enterprise-wide Backup Solution is every bit as important as traditional Security Controls when dealing with organisational data. The recent upswing in Ransomware attacks has accentuated this point and we are often left with no option but to restore from backup.However, unmanaged & unmonitored backup solutions are as much of a risk as not having a solution in place as they tend to instil a false sense of security. It is only when trying to restore from a failed or corrupt backup that organisations feel the pain. InfoGuardian offers multiple Backup Solutions including Cloud or On-Premise solutions with Cloud or On-Premise storage and all of these options can be bundled with management & monitoring services.

Our MDM solution architecture is built from the ground up to be multitenant, highly scalable and to integrate with existing IT infrastructure. The solution scales to support deployments of hundreds to thousands of devices through a robust architecture that is fully configurable according to your environment and requirements and is built on industry standard technology, such as ASP.NET and SQL Server, making it easy to manage alongside your existing enterprise applications. It can be deployed in a highly available environment and fully supports disaster recovery configurations to minimize downtime.

This Best in Class Architecture provide the following advantages:

• Extensive multitenancy capabilities to absorb fragmentation within your organization
• Deep enterprise integration that leverages your existing IT investments
• Built on a single code base to make support and upgrades easy
• Supports both physical and virtual servers

Intrusion Prevention Systems are another core element of a sound Network Security architecture, but they must be integrated with other elements of the security infrastructure and global intelligence systems in order to be truly effective. InfoGuardian's Advanced Threat & Targeted Attack Prevention solution discovers unknown threats which allows us to use certain identifiable characteristics of these threats to trigger filters on the NIPS and block the attack on the wire, before it has an opportunity to infiltrate the network.

The solution offers the following:

• Network-Level Virtual Patching
•   Advanced Network Protection including DNS
•   Network Behaviour Anomaly Detection
•   Client-Side Application Protection
•   Application Control

From a Web Security perspective, it is equally important to ensure that we are doing more than just URL filtering but again organizations often forego in-depth security in favour of performance to enhance the user experience. In doing so, organizations often do not see Command & Control communications from inside the network making it extremely difficult to know if the organization has been infected by targeted malware or botnets. There have been many well-documented cases of organizations leaking information and allowing direct infection and data exfiltration paths for many years before realising they were infected. These breaches could have been avoided, or at the very least detected sooner, had more robust controls been implemented.

InfoGuardian's Secure Web Gateway solution offers:

• Web 2.0 Threat Protection and Content Filtering
• Deep Inspection of Content for Data Loss or Threats
• Inspection & Validation of SSL Traffic
• Content Caching and Traffic Optimization
• Bandwidth Management

As most organizations move to a cloud based infrastructure, we are effectively exposing our entire datacenter to everyone, and as such the security controls need to provide adequate multi-faceted defenses. Therefore, we have developed an Application Security solution that combines a Web Application Firewall with an Intrusion Deception Technology to address this high-risk environment. Web Intrusion Deception is an industry first that monitors a user's interaction with your Web Application and takes action based on their behaviour. It employs intrusion deception techniques by inserting tar traps into the web application code, and then blocking the user should he display malicious intent. It then goes a step further by fingerprinting the perpetrators machine with an indestructible cookie and then updating all of your firewalls deployed within your organization, instantly. Therefore, an attacker identified trying to hack through your Web Servers will immediately be blocked at branch level. The solution includes:

• Web Application and User Behaviour Learning
• Intrusion Deception & Blocking
• Protection against Malware-based Fraud
• Virtual Patching

Data Loss Prevention is offered by various vendors and they provide varying levels of functionality, which also comes with varying price tags and usually extensive professional services engagements. InfoGuardian has differing views on DLP and its effectiveness versus client readiness for adoption. We therefore prefer to phase DLP projects so as not to impact our customers businesses while trying to gain control of the movement and usage of the organisational information assets. We also work with multiple vendors to ensure that the solution we propose meets the specific customer requirement, whether it be a moderate solution focussed on a few key policies or a more complex solution that is organisation-wide touching on all information assets.

Databases are most often the target of attacks organizations are currently faced with and they are compromised in various ways. From malicious insiders who exploit their access privileges to purpose built malware designed for data harvesting, as well as hijacking of a user's credentials, it is becoming increasingly difficult to ensure that we are never compromised.Database Activity Monitoring (DAM) tools give us the ability to protect database infrastructure through virtual patching, while at the same time monitoring, recording & alerting on potential suspicious user activity and creating an in-depth audit trail of all access.

The DAM solution includes:

• Audit Trails of all access to sensitive data
• Virtual Patching of Database Vulnerabilities
• Real-time Blocking of Database Attacks or Unauthorized Access
• Identify Excessive User Rights and Dormant User Accounts
• Advanced Analytics

An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. APT usually targets organizations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The "advanced" process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The "persistent" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target.The "threat" process indicates human involvement in orchestrating the attack. InfoGuardian has developed a Malware Prevention Solution that is able to monitor and proactively identify these types of attacks, allowing us to block them within the shortest possible timeframes thereby minimizing any potential impact.