{"id":4940,"date":"2024-02-13T11:02:15","date_gmt":"2024-02-13T09:02:15","guid":{"rendered":"https:\/\/it-integrator.ua\/platforms\/tier-2-risk-informed\/"},"modified":"2024-03-12T11:15:39","modified_gmt":"2024-03-12T09:15:39","slug":"tier-2-risk-informed","status":"publish","type":"platforms","link":"https:\/\/it-integrator.ua\/en\/platforms\/tier-2-risk-informed\/","title":{"rendered":"Tier 2: Risk Informed"},"content":{"rendered":"<h6><span style=\"color: #a30404;\"><strong>1. Secure Web Gateway, SWG<\/strong><\/span><\/h6>\n<p><span style=\"color: #a30404;\"><strong>Purpose:<\/strong><\/span> Filtering user access to the Internet and protection against threats in the WEB:<\/p>\n<ul>\n<li>built-in categorizer of websites with the possibility of fully automatic configuration of access policies to web resources in the graphical interface<\/li>\n<li>filtering access to websites (blocking malicious and phishing sites, restricting user access in accordance with configured Internet policies)<\/li>\n<li>granular setting of policies and permissions (for example: &#8220;Facebook is blocked for everyone, but HR employees are read-only&#8221;)<\/li>\n<li>disclosure and analysis of encrypted TLS\/SSL connections<\/li>\n<li>antivirus check &#8220;on the fly&#8221;<\/li>\n<li>prevention of data leakage (when integrated with DLP) by blocking the uploading of critical data to public file repositories, their transfer via messengers, etc.<\/li>\n<li>monitoring the activity of users accessing the Internet, collecting statistics and analyzing visited websites, monitoring the effectiveness of the use of working time<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>2. Secure Mail Gateway, SMG<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span> <\/strong>The basic mandatory component of most cyber security systems that protects the most vulnerable component of the IT infrastructure to attacks &#8211; the mail server:<\/p>\n<ul>\n<li>blocking 99% of SPAM and phishing (intended to &#8220;lure&#8221; user credentials, &#8220;deliver&#8221; malicious attachments)<\/li>\n<li>&#8220;disarmament&#8221; of potentially harmful emails (removal of active and dangerous content, web links, etc.) with delivery of only safe content to the user<\/li>\n<li>antivirus check &#8220;on the fly&#8221; by the built-in signature antivirus of all incoming messages<\/li>\n<li>integration with third-party &#8220;sandboxes&#8221; (sundbox) to analyze all suspicious attachments<\/li>\n<li>data leakage prevention (when integrated with DLP)<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>3. Cyber Deception System, CDS<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> &#8220;War is the way of deception&#8221; (Sun Tzu):<\/p>\n<ul>\n<li>creating false &#8220;targets&#8221; in the IT infrastructure to mask real assets (servers, PCs, network equipment, ATMs, video cameras, printers, logic controllers, etc.)<\/li>\n<li>actively misleading attackers and diverting the vector of their attacks from real assets of the IT infrastructure<\/li>\n<li>accurate detection of threats without any signatures, including malicious &#8220;zero-day&#8221; code that is not detected by conventional antiviruses<\/li>\n<li>quick detection and investigation of insider activity<\/li>\n<li>early warning of the beginning of a targeted cyber attack (both on the perimeter and in the middle of the network)<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>4. <\/strong><\/span><span style=\"color: #a30404;\"><strong>Privilege Access Management, PAM<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Construction of secure administration processes, one of the components of the Zero Trust architecture:<\/p>\n<ul>\n<li>full observation and control over the actions of privileged users (system administrators, contractors, auditors and other users with increased access rights), &#8220;video recording&#8221; of all administration sessions &#8211; SSH, RDP, HTTPS, etc., with the possibility of viewing them and recognizing text and commands<\/li>\n<li>the ability to prevent the execution of commands from the &#8220;black list&#8221;<\/li>\n<li>detection, tracking and management of service accounts<br \/>\nfully functional implementation of the mechanism for temporarily granting elevated privileges<\/li>\n<li>implementation of the &#8220;two hands&#8221; rule (access to the system administrator to the server is explicitly confirmed by the security administrator)<\/li>\n<li>exclusion of the possibility to connect to servers &#8220;bypassing&#8221; the solution by storing and automatically changing administrative passwords to target systems exclusively RAM<\/li>\n<li>a built-in ticketing system for the implementation of a holistic process of managing the administration of target systems<\/li>\n<li>analysis of administrators&#8217; work statistics<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>\u00a05. <\/strong><strong>Network Access Control, NAC<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Control of access to the corporate network:<\/p>\n<ul>\n<li>monitoring network connections and blocking unwanted ones based on configurable policies (availability of patches and corrections for the OS, updates for antivirus software, etc.)<\/li>\n<li>automatic change of access rights to corporate resources according to user role, device type, network connection method, etc.<\/li>\n<li>automation of the application of policies for devices in the network, including for personal devices (according to the BYOD concept)<\/li>\n<li>implementation of a self-registration portal for connecting to guest Wi-Fi<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>6. Risk based Vulnerability Management, RbVM<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> The main complex component of building the Vulnerablity Management process:<\/p>\n<ul>\n<li>identification and inventory of all assets in the corporation. networks and the Internet<\/li>\n<li>accurate identification of known OS and application vulnerabilities<\/li>\n<li>profile monitoring of specific vulnerabilities of WEB applications<\/li>\n<li>visualization of cyber security risks, their level of criticality and growth\/decrease trends over time<\/li>\n<li>comparison of the organization&#8217;s risk model with similar companies in the industry (in an impersonal form)<\/li>\n<li>generalization and prioritization of risks, issuance of recommendations on their processing<\/li>\n<li>integration with Help Desk class systems to build a holistic process of eliminating vulnerabilities<\/li>\n<li>ensuring compliance with regulatory requirements and Compliance (for example, PCI DSS)<\/li>\n<\/ul>\n","protected":false},"featured_media":0,"template":"","class_list":["post-4940","platforms","type-platforms","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/platforms\/4940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/platforms"}],"about":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/types\/platforms"}],"wp:attachment":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/media?parent=4940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}