Nowadays, the „fortress” security model is less and less valid, when almost everything within the company network is allowed, but moving in and out of it is subject to strict permissions. Today, we can come across segmented and even increasingly micro-segmented networks, which may also include (private) cloud infrastructure. In these situations, it is no longer enough to have a classic firewall, even if it is a representative of the “Next-Generation” firewalls. The concept of “perimeter” is also changing: there is no longer only one, because each segment has one on its own, which can communicate with the perimeter of other segments, using the zero-trust principle.
In domestic conditions, although the equipment park and regulations are still lagging behind in this field, the aspiration and the concept have already been outlined. Requirement have arisen for the implementation of the new approach, and there is an intention to generate resources.
Implementing authentication solutions from a wide variety of vendors, it is possible to integrate users and groups efficiently. Thanks to the SSL-proxy function, all communications on an encrypted channel can be analysed, thereby eliminating SSL blind spots, thus providing complete visibility into all data traffic.
The integration of these devices with various technological solutions, such as anti-malware systems, blacklists and whitelists, as well as static and dynamic code analysis providers, data loss prevention systems, and the list goes on and on, is of paramount importance.
Users use several different devices to surf the Internet. All incoming connections can be interpreted, filtered, decrypted as needed, or transmitted to external security devices, regardless of whether the party wishing to communicate is aware that the traffic generated by it is passing through a proxy server.
As a first step, we identify the users - in the interest of integrability, you can choose from 14 different authentication methods
Each connection attempt is evaluated
Encrypted traffic is decrypted as needed - ensuring compliance with data protection standards
After interpreting the passing traffic, specific files can be transferred to different external analysis units
The market-leading web security solution offered by Broadcom/Symantec works even as a physical architecture (ISG) as a virtual architecture (SWG VA), thanks to the concept that the vendor has developed in recent years. On this unified platform, it provides the possibility to install all the elements that can be connected and integrated with the Proxy together, and even to run segmented Proxy elements in parallel, which are appearing more and more often as a request from the client side. Of course, it’s even available as a cloud service (Web Security Service), so every company can find the right tool for their needs.
Armed with years of experience, up-to-date knowledge and familiarity with forward-looking technologies, our experts strive to provide our customers with the best solutions in the field of network protection, whether e-mail management, web proxies or “next-gen” firewalls. Our basic principle is that we choose only the best: we mainly represent vendors in the TOP categories of Gartner and other analyses for our clients, and we are prepared with deep professional knowledge so that we can implement a level of security in their perimeter protection systems that meets the requirements of our clients.