Answering the Challenges facing today’s CISO

“Security and risk management leaders focused on endpoint and mobile security must choose products and technologies that blend information-centric protections into a ‘defense in depth’.”

“By 2020, more than 60% of organisations will invest in multiple data security tools,
up from approximately 35% in 2017.”

Source: Gartner

ENDPOINT

Secret Net Studio

Information Centric Endpoint
Protection

OUR HOLISTIC APPROACH TO ENDPOINT
SECURITY IS THE ANSWER

KEY FEATURES

SEGREGATION OF DUTIES BETWEEN SECURITY AND OPERATIONS TEAMS

Sensitive information remains protected from anyone except its owner and designated people. Neither IT infrastructure administrators nor Security administrator cannot unauthorizedly change it. Unique architecture provides double access control. IT infrastructure admin cannot change the security part of policy, Security officer cannot change the infrastructure part of policy.

TRUSTED SECURITY MECHANISMS

Hardware-based Trusted Environment Technology allows you to protect security mechanisms and system drivers without a hacker knowing about it. Vulnerable processes and drivers are controlled from below the operating system with software based on dedicated CPU-core and separate hardware module. These components completely invisible to adversary.

SOFTWARE DEFINED PERIMETER

Secret Net Studio allows you to build flexible segments across internal network. Granular access policy provides zero-trust network connectivity and prevents hacker from propagation to sensitive segments. Connection is not allowed until user, application and endpoint are authorized.

CLASSIFICATION-BASED ACCESS CONTROL

Mandatory Access Control is the core security mechanism of Secret Net Studio. It appliies to data, applications and devices. It allows you to provide data protection with analysing just classification tag instead of reading file content.

USE CASES

DATA PROTECTION

Unauthorized data access prevention
Protection against data leakages
Sensitive data handling culture enforcement
Ransomware protection

Approach

  • Mandatory access control for:
    • Files
    • Printers
    • USB-devices
    • Network interfaces
  • Context is set by:
    • User confidentiality session level
    • File/device classification tag
  • Windows Terminal session support
  • Up to 16 classification policy levels
  • Printer access control
    • Virtual, local, network and global printer support
    • Printed file watermarking
    • Printed file shadow copy
  • Device control
    • Access policy for groups, classes, models and individual removable devices.
    • Hierarchical inheritance settings
    • Device connection and disconnection control
    • Terminal connection and device redirection support
  • File wiping
    • Regular file delete replacement or manual
    • Data wipe on local disks as well as removable devices
    • Flexible wipe-cycle policy

Results

  • Your data stays protected from leaks, alteration or unwanted access
  • Your data is confidential to everyone including us (no data analysis)
  • Confidential documents cannot leave the system unnoticed

ZERO TRUST NETWORK ACCESS

IaaS workloads connection protection
Internal network segmentation
Protection against Man-in-the-middle attacks

Approach

  • Software firewall
    • Network connection filtering:
      • By user
      • By process name
      • by IP-address and port
      • by network adapter
      • by protocol
    • Application of firewall rules by schedule
      • time of day
      • day of week
    • Firewall learning mode (adaptive rule whitelisting)
  • Secure connection
    • Mutual host authentication before connection establishment
    • Traffic encryption

Results

  • Protection from malicious horizontal transfer within network
  • Ransomware outbreak protection
  • Data protection in IaaS infrastructure

DEEP INTEGRITY CONTROL

Highly critical infrastructure security
Protection from state sponsored attacks
Consistent protection in full cycle - from booting OS until the shutdown

Approach

  • Trusted security environment on the hardware level
    • Secret Net Studio process integrity control and takedown protection
    • Driver integrity and shutdown control
    • Integrity control of confidential user data
    • Integrity control of system files and registry
    • Partial UEFI integrity control
  • Separate checksum storage
    • M.2 card
    • PCI-Express card
    • Mini PCI-E card
  • Secure Boot
    • Pre boot user authentication
    • Pre-boot file integrity control
    • Computer boot sequence control

Results

  • Data protected from sophisticated long-planned attacks
  • Decreased risks of successful attacks through existing zero-day vulnerabilities
  • Self-protection of security system in your infrastructure