Network Security

We keep a close watch on network, data and information security

NetFormers has been providing the best, carefully selected solutions responsible for network security. We know how to care for the security of your company and protect its resources. Through designing and deploying network security systems, we protect enterprises from losses relating to intrusions and data breach. See our comprehensive network security offer below.

Protection against Advanced Persistent Threats

Advanced Persistent Threats (also referred to as targeted attacks) are attacks performed by specialized teams and governments using advanced technological solutions. The attacks are mostly aimed at obtaining classified information or planting malware for further surveillance.

Using modern technologies based on such solutions as cloud sandboxing , SIEM event correlation, or Next Generation IPS and DNS inquiry analysis system, it is possible to detect those covert threats and integrate a multi-level protection against targeted attacks.

Network Admission Control (NAC) / 802.1X

Network Admission Control systems ensure full control over access to network resources and guarantee protection against threats coming from unauthorized devices or users that could obtain access to the internal network.

The NAC Technology – an integral part of an SDN system – imposes access rights in an intelligent way with the use of network resources, depending on the security level of the end device or the user.

Authentication of actions in the NAC technology requires an 802.1X supplicant, which is responsible for network identity services. The above standard governs authentication of devices connected to a local network. Our network security services include the implementation of the NAC and 802.1X solutions in infrastructures.

SIEM

SIEM (Security Information and Event Management) is a platform for management and correlation of information relating to security of IT systems and networks. SIEM platform monitors cyber security by gathering and analyzing system data and network traffic information. SIEM facilitates detection of suspicious events based on the correlation of logs and improves the security level of IT systems by fast detection of incidents and suspicious phenomena compromising the network and infrastructure security.

Two-factor authentication

Two-factor Authentication serves as a perfect method of authorization and protection of accounts and networks while logging in using a user account. It is so far the safest form of securing the process of logging in thanks to the second authentication factor, e.g. a one-time code sent via SMS or generated in a mobile application.

DNS Security

Domain Name System (DNS) constitutes a weak link in the face of DNS DDoS attacks, APT, or malware propagation. Besides, the system is vulnerable to data microleaks. DDSEC (DNS Security) is an extension that is aimed at improving the Domain Name System security. Thanks to data source authentication through asymmetrical cryptography methods and digital signatures, it is capable of securing the transmission and protecting the DNS system structure from being hijacked or modified. On the other hand, DNS inquiry analysis systems can interrupt traffic to low-reputation domains, protecting users from threats they involve, and prevent malware from activation if an infection has already occurred.

Web Application Firewall (WAF)

WAF is an advanced system for protecting web applications. Web Application Firewall relies on monitoring inquiries sent to an application and defined patterns of communication that is allowed for a particular application. This makes the system capable of securing applications which have not been designed with security in mind and which do not execute advanced I/O data control functions in their source code.

The WAF system protects from such attacks as SQL Injection, Directory Traversal, Cross Site Scripting, and Command Injection, which may lead to data loss and leakage, identify theft, spamming, or placing links to phishing websites.

Vulnerability Scanning

Vulnerability Scanning is the basis of penetration testing and cyclic security check of key IT infrastructure. Vulnerability Scanning allows you to determine the vulnerability of a particular machine to attacks, verifying the level of threat at the same time. Through Vulnerability Scanning of devices, you may find numerous bugs and possible attack vectors that could be taken advantage of by third parties. Vulnerability Scanning allows us to verify in a simple way the current state of the systems, detect new vulnerabilities, and secure them properly.

Anty SPAM email security

Anti-SPAM systems prevent SPAM delivery to email boxes within a company network. The software carries out ongoing monitoring and blocks unwanted email messages. Today’s Email Security systems are also equipped with rich message analysis functions aimed at phishing, malware propagation, or data loss prevention (DLP).

Protect the network security of your company with us and our comprehensive offer. We are here to help. Our experts will be pleased to dispel any doubts and answer all your questions. Contact us now!

Secure Web Gateway / Cloud proxy

The Secure Web Gateway (SWG) platform allows protection against threats coming from the Internet. The protection is provided in real time in the Data Center of the supplier of the solution or on-premise in the Client’s server room. SWG provides web traffic filtering tools that detect various kinds of threats, as well as DLP functionalities. With multi-level protection and access control of web 2.0 services, detailed reporting, SSL and TLS traffic inspection, and website content filtering, Secure Web Gateway is a perfect added security against threats from public networks.

Intrusion Prevention Systems

Intrusion Prevention Systems (IPS) are devices that detect and block attacks in real time. Intrusion Prevention Systems analyze network traffic through heuristic-based or signature-based analysis. When designing network security systems for our Clients, we recommend using Intrusion Prevention Systems and assist in their deployment and setup.

VPN (IPSEC/SSL)

SSL- and IPSEC-based VPN networks are a perfect solution for securing confidential information transmitted via the Internet. If the structures of a company are geographically distributed or its employees and Clients are highly mobile, VPN networks are crucial to maintain the appropriate data security level.

IPSec Virtual Private Networks allow secure access to company resources and applications, as well as make it possible to join remote offices and departments. SSL Virtual Private Networks, also known as Clientless VPNs, constitute a secure transport protocol, which is often used for secure remote access from any device.

IPSec is a stable standard which offers very strong encryption and protects data integrity. Furthermore, it allows any number of connections through a VPN gateway (FTP, VoIP, HTTP, etc.).

Next generation firewall

Traditional stateful firewalls are no longer sufficient and their functionality has been considerably extended by new generation firewalls. New generation firewalls ensure a full inspection of the content of network transmission and are specialized in filtering data based on its results. The latest firewalls are advanced security systems implementing a security policy at the level of protocols, ports, as well as applications and named users. Besides the functionalities of classic corporate firewalls, new generation firewalls are also equipped with threat detection systems, they control applications, and perform encrypted traffic inspection.

Audit / Monitoring

We perform in-depth and comprehensive network security audits, which are fundamental when it comes to design and deployment of effective network security solutions. Regular monitoring ensures proper operation of the systems and devices designed to secure the infrastructure and networks of our Clients.

Malware protection

We provide comprehensive protection against threats that are not detected by traditional antivirus software. Our solution portfolio includes network traffic surveillance, monitoring of actions performed at the level of operating system kernel in real time, and detecting malware. Malware protection improves the security related to uncontrolled financial, business, and personal data leakage, as well as includes protection against ransomware.

DDoS protection

DDoS (Distributed Denial-of-Service) are distributed attacks that are aimed at blocking access to resources. Usually, the purpose of such attacks is to steal data and destroy networking structures or disable a particular service, and lead to reputational damage and financial loss. You can protect yourself from DDoS attacks only by using the cutting-edge, advanced security solutions. One of such solutions is DDoS Protection.

The DDoS Protection system ensures security of processes and information in the networking structures of an enterprise. The system monitors network traffic and instantly reacts to any anomalies detected, blocking any traffic coming from suspicious devices.

Next Generation AntiVirus

With Next Generation Antiviruses, the former antivirus software – which could successfully deal with ca. 45–50% of attacks – became obsolete. The current Next Generation Antiviruses are advanced systems for protection against attacks and threats that classic antiviruses are incapable of detecting. Those tools are based on machine learning and other developments in the field of artificial intelligence. Next Generation Antiviruses provide protection against malware, Trojans, ransomware, vulnerability exploits, including zero-day exploits, and many other types of threats.

Comprehensive Internet Edge Security

The entry point between a local network and the Internet still constitutes a safety threat for your enterprise network. The Internet continues to be one of the sources of attacks targeted at local networks and computer systems they contain. The Comprehensive Internet Edge Security relies on providing interoperable security systems, such as:

  • Firewall constituting a security basis in each and every network infrastructure;
  • UTM systems allowing traffic analysis at the user and application level;
  • Dedicated Intrusion Prevention Systems (IPS) analyzing traffic at the higher network layers and blocking detected network intrusions;
  • Data encryption tools allowing implementation of a secure VPN connection between several entities connected via the Internet;
  • DNS traffic analysis systems allowing communication to non-secure domains to be blocked.

Protect the network security of your company with us and our comprehensive offer. We are here to help. Our experts will be pleased to dispel any doubts and answer all your questions. Contact us now!