Secure Access

Secure Access


Secure Access




Solutions, Features & Benefits


> Affordable proven defence grade secure access control

> A better way to build secure networks


> 2014 & 2015: the years of stolen credentials proving that traditional security methods no longer work

> Regain Control: control the access of ALL users and ALL applications across your infrastructure (on-premise, private or public cloud / datacentres)

> Solve today’s mobility challenges across any multi-vendor network by replacing out dated legacy AAA systems with next generation context-aware policy driven access solutions

> Simplify networks and genuinely reduce TCO & ROI by reducing hardware, software and administration / support investments and overhead

> Best-of-Breed policy-based access management, network firewall, and Enterprise Mobility Management solutions in the Market

> Share and Protect Enterprise Resources

> Protect your organisations crown jewels – your data – identify sensitive data and specify who can access it and what they are or not allowed to do with it

> Secure your distributed enterprise


> Centralised, unified, 360 degree, access management to your corporate networks, applications and data

> Easy-to-use, secure everything access for internal, business travellers, remote workers, guests and mobile users

> Combined password management & identity-based access control solutions






Protect IT assets - and distributed network resources

The design criteria for security is moving away from a focus on perimeter defence to one based on securing individual IT resources per user (network access and information sharing with third party suppliers or partners).

Businesses become more mobile there is a much broader range of end devices to support from servers to laptops to iPads, Apple and Android devices.

Solutions from SecureNet Consulting empower companies to allow any user to work securely and effectively from any location, with a consistent experience on any device, across any network (as long as they meet the access control policy).

distributed network



Over coming the problems & challenges
  • The need to secure access from the many types of operating systems, network connections, devices and users. 
  • BYOD - an explosion of endpoints - laptops, tablets, and smartphones - in the enterprise.



> Provision device & user access for BYOD without IT involvement

  • Managing the on-boarding of personal devices for BYOD deployments can put a strain on IT and help desk resources, and can create security concerns. 
  • Context and policy based access management lets users access using any device, but are restricted by policy and context controls that protect network, application and data access. 
  • Solution eliminates the need for users to repeatedly enter login credentials throughout the day, using Single Sign On (SSO). That convenience alone is a win. 
  • Significantly reduce the need for IT resources for BYOD / employee device on-boarding, as solution will allow or deny access to any device based on user identity, context and policy controls. 
  • Full audit logging provides detailed records of user and file activity.


Types of Secure Access: Solved



> Next-Generation Access Control 


> Secure BYOD enablement

> Solution as a Managed Service, On-premise or Hybrid


> Guest / Visitor Access Management  

> Compliance / Governance-Based Access Control 


  
> Enable Anywhere, Anytime Secure Access











> Unify Wireless and Wired Access 



> Storage and Unstructured Data Access Control


> Policy-Based

> Encryption for
- Connectivity

- Data





- IPsec VPN


> Mobile User Access Management  


> Single Sign On (SSO) 

> Access Anywhere


> Password Management

> On-premises, Cloud or Hybrid Deployment and Management


> User Activity Recording 

> Network Access Control


> Audit & Compliance

> Application Access Control 


> Enterprise Reporting 

> Data Access Control 

> Integrated Advanced Threat Protection & Security Intelligence 






Productivity


> Enhance productivity with around-the-clock access to corporate resources

> Boost productivity

Empowers users to be more productive – provision any application to any device and user, over any connection - offering them the same users experience whether working in the office, home or on the move.



> Eliminate error-prone and time consuming IT admin and security tasks

> Transparent access management


Transparent to applications and database systems with little to no alterations to existing infrastructure.
 
(including but not limited to Oracle, IBM, Microsoft, Sybase, MySQL, and MongoDB), file systems, networks, and storage architecture.





Access Control

Wired & Wireless Networks  |  Users  |  Applications  |  Data



> Regain Control

A centralised all-in-one solution that allows you to control the access of ALL users (employees, executives, management, administrators, partners, consultants, suppliers, guests...) and ALL applications across your infrastructure.



> Implementing Cloud and SaaS Applications?

Address identity and access management challenges when integrating into your corporate environment.



> Overcome the challenge of secure access control from the many types of operating systems, networks, devices and users.

> Secure Access from Any Location and Device


Secure Access Anytime – Anywhere - Any Device Control 

  • Centrally provision access to servers and business applications to employees anywhere in the world.
  • Secure Access for your network, data centres, applications, data and cloud locations.
  • Gain valuable insight into who’s on your network or cloud, which applications they’re accessing, with what device, from where, and when they are attempting access,
  • Enforce context-aware, policy-based control of access, regardless if its remote, local, web, cloud, or wireless.


> Enable access over any protocol, work with any two-factor authentication and VPN, through any environment (private, public, cloud, internet networks)


> Create An Open Architecture

Provide connectivity to any infrastructure desired (even Linux / UNIX and other non-Windows environments) by utilising built-in Virtual Desktop Infrastructure (VDI), SSH secure access sessions.



> Secure Wireless Network Access

For example, Authentication 802.1X.



> Access Management for Mobile Users

> Secure Mobile, Remote and Public Venue Access to Corporate Resources


> Govern and enforce user access across multiple channels
      • Mobile
      • Internal
      • External (Remote and Non-employee)
      • Social
      • Cloud networks
      • Applications


          > Unified solution for granular, context, identity, role, policy and privileged user access
            • Role-Based
            • Identity-Based
            • Context-Based
            • Policy-Based
            • Privileged Users


              > Safeguarding Data with Privileged User Access Controls

              > Unified Access

              Control is a uniquely extensible, open solution that delivers granular access control to the entire distributed enterprise, from remote users and branch offices to the data centre, while reducing cost and complexity.



              > Complete 360 Degree Access Control

              Access control to your File Servers, Web & Native Applications, SharePoint Servers, Data Centres / Servers, Storage Devices, Remote Terminal Services, VDI (Virtual Desktop) Critical Infrastructure, SCADA & Industrial Systems and Data. 



              > Control and Audit for Unstructured Data Access

              Enables a sustainable access governance model by providing the visibility, monitoring, certification, remediation, and reporting of user access permissions to data stored on Microsoft Windows, Linux and Unix file servers, network-attached storage devices and Microsoft SharePoint servers.

              Gain visibility and ownership of user entitlements for Windows, Linux and Unix

              Servers, file shares and Microsoft SharePoint.




              > Secure Endpoint Connectivity

              Access policies for endpoint devices should require that each computing device on a corporate network comply with certain standards before network access is granted.

              An 'endpoint' is an individual device or computer system that acts as a network client. Common endpoints include desktop PCs, laptops, smart phones, tablets and specialised equipment such as bar code readers, point of sale (POS) terminals.




              > Give users quick and secure access to the resources they need

              > Securing Distributed Enterprise

              Over coming the challenges of distributed Sites, Users, Cloud and 3rd Party Network Security

              Securing the separate physical locations of your Distributed Enterprise is challenging due to the wide range of business services that you need to provision and protect. Remote employees, branch office locations, and/or corporate data centres have distinct security and access requirements that transcend traditional network and security products.

              Given the widely distributed nature of modern organisations, the ability to quickly configure, modify and manage security policy and access from a single console is essential.




              > Control what employees / user can access

              > Cloud and 3rd Party Network Security Challenges

              Secure data residing or traversing 3rd party managed datacentres or cloud networks.

              Using encrypted tunnelling for your data at rest and travelling across 3rd party networks - prevents snooping and data theft, which also helps to satisfy audit requirements.

              Track, audit, control and restrict 3rd party user access to your systems and data residing or managed by a 3rd party I.T. support and services company or service provider.




              > Maintain Complete Visibility and Control Across Applications and Users regardless of where they are based

              > Secure access to network and business resources; whether on-premise or in the cloud

              > Beyond basic ACLs (access control lists)

              Solutions go way beyond directory based username and password based network access. They provide advanced and dynamic integrated security and policy based inspection, context based access management.


              > Context-Based Network Access Control 

              For employees, contractors and guests across any multi-vendor wired, wireless and VPN infrastructure.



              > User identity life-cycle management

              > Compliance-Based Access Control


              see below


              > Intelligent User and Device Profiling


              > Guest  / Visitor Access Management

              Centrally control and govern access rights to data and files rights, based on user and guest identity.

              Simplifying guest access, so that receptionists, employees and other non-IT staff to create temporary guest accounts for secure Wi-Fi and wired Internet access.

              Self-registration, sponsor and bulk credential creation supports any guest access need – enterprise, retail, education, large public venue.




              > Automate Device Patch Assessment Checks and Remediation

              > VPN Connectivity


              Encrypt and secure connections and access 
              VPN technology allows organisations to establish secure communications and data privacy between multiple networks and hosts using IPSec and secure sockets layer (SSL) VPN protocols.

              VPN solutions typically offer the ability to do security health checks on each device before granting remote access to organisational resources. These health checks can involve a wide variety of security characteristics, such as checking the device for a pre-installed digital certificate (for authentication), operating system patch levels and security software (anti-virus) versions. 




              > Clientless Access

              Secure Remote Access to Infrastructure without having to install VPN software on user devices.

              Also known as SSL VPN
               

              Secure browser-based access through end-to-end SSL and SSH protocol.

              Empowers secure, scalable BYOD (Bring Your Own Device) within your organisation.



               
              > Single Sign On (SSO): Simple User Login 

              Fast authorised, automated access to corporate applications, to on-premises or cloud systems - without disclosing passwords.

              Removes the need for users to need to remember multiple passwords.


              (also see single-sign-on and password management pages).




              > Pre-Network Access Device Health Checks
              • The ability to do security health checks on each device before granting remote access to organisational resources. 
              • Automatically quarantine or remove the mobile device from your network.


              > Protect Corporate Communication and Social Media Platform Access

              > Integration with Microsoft Systems Management tools

              > Working with MDM solutions

              Integration with existing MDM investment, or secure your data and access without ever needing MDM.
              Mobile Device Management (MDM) systems are gaining rapid adoption among enterprises that wish to better manage the plethora of smartphones and tablet computers that are in common use by business people. MDM systems can help IT security managers secure the sensitive corporate data that is frequently stored on such devices. However, MDM by itself is not a complete security solution for the following reasons:

              1. MDM systems can only see and manage devices that have already been enrolled in the MDM system. This leaves IT Managers blind to unmanaged devices on the network.

              2. MDM systems typically do not control access to the network, they typically control access to applications (for example, Microsoft Exchange). Thus, MDM does not prevent unauthorised access to data on the network, nor does MDM prevent infected or compromised devices from attacking the network. IT security managers need the ability to control where mobile devices can go on the network, enforcing policies based on the device type, operating system, compliance status, owner of the device, and logged-in user of the device.

              3. MDM systems are often operated as another IT management silo, with another set of management screens, separate policies, and separate reports. Even worse, the MDM system is often managed by a different group of people than are responsible for computer security. This creates an opportunity for policies to be inconsistently applied and translated across the various IT management systems and groups.


              Integration with MDM allows you to leverage your existing MDM investment within the broader context of unified security control.




              > Mobile Device Access Management Already Integrated

              Easy connect and work app access
              • Enforcing access policies for web, cloud environments and mobile collaboration channels. 
              • Enables secure access to mobile and web applications with single sign-on and session management.

              Seamless Enrolment and installation of MDM agents on unmanaged devices by initially placing them in a limited access network, assessing device type and ownership, directing them to an MDM installation web page, and then allowing network access once the device has passed required compliance checks.

              Auto Detect unmanaged devices on the network in real-time.




              > Access Control Solutions Accelerate BYOD, business collaboration and mobile workspace enablement projects with confidence

              > Enable Mobile Access, BYOD, Seamless Enrolment and Data security without MDM

              > Integrates seamlessly with existing networks

              > Integrate, unify and help shed a variety of third-party IT systems.

              > Centralised Access & Policy Management

              > Simplify network architecture, reducing management overheads and complexity

              > Segmentation


              Simple, easy and compliant virtual, logical and physical network segmentation.



              Secure Internal Domains to Protect Data and Remove The Complexity of Traditional Network Segmentation

              With our network gateway system you can remove all VLANs from cumbersome and expensive switch infrastructure – reducing risk, cost, complexity and administration overheads.

              Simplify, remove the complexity and reduce on-going costs of traditional network switch segmentation (VLANs) and internal firewall devices.


              Simplify Networks & Protect Core Systems
              Internal security domains or segments can be created, removing the need to change the network architecture to protect critical assets such as development data or PCI at-risk servers from unauthorised access.

              Encryption, authentication and access control engines deliver a high level of secure separation and protection whilst also providing the flexibility to modify internal segment (switch) configuration and connectivity options quickly and easily.

              Network traffic is encrypted as standard giving each user a private, secure connection and preventing other users sniffing data. Unauthorised, unencrypted traffic is blocked automatically. 




              > User Session Recording

              Records privileged user activities for improved visibility and security compliance.


              > Prevent advanced insider threats

              > Access Control Simplified

              > BYOD and work anywhere

              Protect the data - not the device

              We have seen an explosion of endpoints - laptops, tablets, and smartphones - in the enterprise, along with the rise of BYOD. IT has responded by incorporating Mobile Device Management (MDM) solutions, but relying solely on MDM is not enough.
               

              Some MDM solutions also provide mobile application management (MAM) features, allowing them to publish apps, whitelist / blacklist installable apps, and enforce policies on data sharing between apps. IT can even containerise apps, so a remote wipe can selectively delete only the corporate app’s data. With all these features, MDM does a good job of managing devices but not much to protect corporate data on endpoints.

              Built for purpose access control solutions, not only centrally control access to your networks, application and data, but have the ability to apply rules and protect data leaving the corporate network. This includes features like containerising data on devices, but also apply such rules as prevent print, copy, forward via web-mail or screen shot, as well as remote kill pill if device is lost or time rules expire for the files. 




              > Protect Shared Social Media and Communications Accounts

              > Audit Compliant Access

              Provides access logging, tracking and reporting for audit and compliance.



              > Segregate Users and Applications from the rest of your network

              Give business owners the right to be in control of who accesses their applications and data.

              We can empower business managers / owners to take control of who needs access to their resources - to give access to specific individuals or groups of users into their own applications, removing the need for IT and Security admins to manage that - subject to policies and auditing.


                
              > Hadoop Protection

              Simplify and secure identity management and auditing.






              Security

              > Comprehensive, Simple End-User Security

              Simplifies and optimises connectivity for end users, automatically checks their device type and security state, location, identity, and adherence to corporate access control policies.


              > Enforce Authorisation, Authentication and Encryption on open (public) networks

              > Wired and Wireless Network Access Authentication

              • 802.1X

              > Flexible Two or Multi-Factor Authentication

              Provide an array of two-factor and multi factor authentication solutions.
              • Hardware (USB, Smart Cards, BioMetric)
              • Software-based
              • Clientless


              > Discover and identify MAC OS X, Apple iOS and Linux / UNIX client systems that don't directly authenticate to Microsoft Active Directory.

              > Mobile and Remote Device Control


              Preventing unauthorised devices connecting and copying data . Additionally, controls and blocks types of files, the files of a certain size or content . Assigns limits copying data , etc.



              > Firewall Protect any Device Connecting to the Network

              > Data Loss Prevention
              • Enforces Data Loss Prevention (DLP) policies across your entire distributed environment. 
              • Inspects the data payload of network packet.


              > Ensure Security and Data Rules Travels with Files and Users

              Policy based rules travel with files when accessed on or off the network. For example, a user with certain access priledges might be able to access a file, and share it for business to business collaboration, but the file policy says the file can only be shared with specific people and not copied, emailed over private web based email or printed. Other features like file change audit logging and time to expire or remote kill (if a device is lost or user leaves organisation or project).

              Kill Pill

              Built-in option 'Kill Pill' allows remote clearing of entire contents of device disk / container and block or change the password.

              DCR

              Data Content Reporting gives you the ability to remotely inventory and make a detailed verification of the contents of USB drives. 

              > Access Risk Assessment Service

              Can help you model your network access risk levels, assess policies, user types, privilege users.


              > Content Inspection

              Inspect the data payload of network packets, for sensitive data or malicious content.





              Encryption


              > Encryption for compliance and data security, all without the need to change your network or applications.

              > End-to-end, per session encryption for all user access connectivity to networks, applications and data.

              > Encrypts data in transit and at rest on remote, external and 3rd party devices and locations.

              > Protects data on public and wireless networks






              Empower Collaboration

              > Utilise access and user identity controls to enabe secure collaboration

              > Secure and simplify inter business and B2B collaboration 
               
              > Enables employees and managers to collaborate with partners, service providers, and multiple offices or agencies - all with a single identity and logon

              > Guest  / Visitor Access Management
              • Centrally control and govern access rights to data and files rights, based on user and guest identity. 




              Bandwidth

              > Overcome Low Latency & Bandwidth Issues

              Boost connectivity chances and productivity of remote workers who might be restricted to accessing corporate resources across poor internet bandwidth or latency line connections – often experienced by employees, contractors and offices setup in 3rd world countries where communications infrastructures are very basic or restricted.

              Not only allow you to traverse this lines securely, but built in data compression increases performance over these slower links.





              Cost Saving

              > Major cost savings


              • Solutions help shed a variety of costly to maintain third-party IT systems.
              • No need to invest in VPN appliances.
              • Time and cost saving on additional endpoint device client software and licensing.
              • No more need to VLANs.



              • Dissolve directory silos
              • Reduce the help desk's workload through user self-service
              • Limit the impact of misuse by privileged users
              • Make BYOD safe
              • Save operating costs through “Managed Services”
              > Scales and adapts to your evolving user, security and business needs

              Future proofs the solution and prevents the need to continually invest in new equipment and licenses as business grows.




              Compliance & Governance


              > Comply with the latest Regulations, Governance, Compliance and Government Mandates across all industries

              Meets compliance requirements for senior management – not only IT, but finance, HR / Legal and business needing to identify and manage risk. Addressing regulatory standards such as PCI DSS, FISMA, HIPAA, ISO27001 who stipulate requirements for controlling which individuals can access which information and for protecting the privacy of consumers.



              > Compliance & Audit Solved with Access Control Solutions and Features

              • Privilege User Management
              • Data Access Control
              • Authentication

              • Validation
              • Encryption
              • Segregation: Users and Applications from the rest of your network


              > Single point of control for enforcing security and compliance policies for both internal, mobile and external users

              > Addresses Security, Access Control and Segmentation Requirements


              PCI, SAP, SCADA and SharePoint networks.




              > Segregate Users and Applications from the rest of your network for security and compliance

              Segregation of roles by user type to protect specific data types such as credit card information for PCI-DSS and Personally Identifiable Information (PII) under the US HIPAA / HITECH acts.





              > Compliance: PCI DSS requirement 8.3

              Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service or terminal access controller access control system with tokens; or virtual private network with individual certificates.

              Authentication platforms allow secure remote access from any device, while offering seamless and pre-validated integration's with many leading VPN solutions.



              > Privileged users
               

              Prove compliance with regulations and industry mandates to auditors with a single view into the control and security of user privileges.



              > Addresses Device / Endpoint Compliance
               

              Enforces endpoint and device security health checks before connecting to the network or accessing data.

              Containerises corporate data exported to endpoints, with data based rules and controls to prevent data loss (DLP), for example, time to expire, prevent screen shot, prevent print and web-based email. 





              > FIPS 140-2 & EAL4 validated cryptography 

              Addresses compliance and security requirements.





              Audit Logging, Reporting & Alerts
              • All backed up with activity audit logging and reporting 
              • Constantly monitor logon events produced by clients accessing applications.
              • Monitor current and archived per-user access sessions, get automatic alerts, and generate analytics reports for compliance and fast problem resolution. 
              • Report and map access relationships between users and their roles.


              > Audit and Log User Activity
              Granular audit logs are kept of per user access sessions. All access activity to resources/files and any changes made to files, is monitored, recorded and logged.

              Reports can also be set to only be seen by business management for auditing, rather than being seen by I.T. admin personnel.




              > Get user-level activity awareness of all traffic across the network

              > Integration with third-party security information and event management (SIEM) tools.

              > Detailed Monitoring and Reporting of Privileged Sessions

              Powerful reporting and logging tools monitor all access to system resources including which users, the access rights that have been granted, and the resources they are accessing.

              Alarms can be defined eg. when particular systems are accessed or particular users logged in, and sent to external systems for immediate action.




              > Satisfy Auditors


              Prove you have the necessary audit controls in place to satisfy compliance auditors.

              Provides the business a way of audit logging and reporting on IT administrators and individual user access to systems - this can not be done with traditional firewalls. For example, to record and report activity on your systems that are either hosted in a 3rd party datacentre or you have 3rd party IT support people looking after your systems.

              All access is audited on a per user session basis delivering accountability and compliance. Assurance of which users have requested access to resources, as well as recording files accessed and changed.

              Without next generation access control solutions there is no easy way to ensure that the person using a static IP (or DHCP address) was the person who requested or gained the access. Maintenance of an IP based system is a nightmare.




              > Audit Compliant Access


              Assurance of which users have requested access to resources – is very important for audit compliance.

              SecureNet’s access control solutions allow your business to secure and comply with requirements to only allow user access on a ‘need-to-know’ basis. In some instances, IT and security should not have access to certain business applications or sensitive data.

              Access control solutions empower business managers (Finance, Legal or HR for example) to take responsibility for administering user access to specific group business applications and data. This also helps to reduce administration overhead on IT admins and security.

              For IT Administrators, maintaining an IP system on traditional networks is seen as a nightmare, as access request verification cannot be guaranteed 100% for audit. Without the SecureNet’s next generation solutions, traditional networks offer no easy way to tell if a person in question accessed something via a static or dynamic IP address, was actually the person requesting access – all you know is a machine has connected.

              Access solutions offer in-built authentication, but will integrate with any existing authentication platform. Enforcing two-factor authentication (something you have, and something only you know) before starting any user session - providing accountability and compliance across the business.




              > Alarms & Alerting
              • Alarms can be defined e.g. when particular systems are accessed. 
              • Ability to alert administrators to potential data leaks, security breaches, or other risks


              > Cloud Activity Monitoring & Reporting


              Delivers deep visibility into all user, admin, and third-party application activities including uploads, downloads, views, edits, and deletes



              > SIEM integration


              Alarms are sent to external systems SIEM (Security Information & Event Management) platforms for immediate action.






              Contact us today to discuss your requirements in more detail.



              P: +44(0)7714 209927

              S: +44(0)1273 329753

              info@securenetconsulting.co.uk