Network Security

Defend your network, data, and users with the fastest, most reliable cyber-attack protection available.

NGFW Next-Generation Firewall solutions

The Next-Generation Firewall (NGFW) has evolved to become the ideal solution for visibility, control, and prevention at the network edge. Threat protection begins with complete visibility into who and what is traversing the network. Combined with behavior and the ability to detect threats in real time, IPO Telecom delivers the most effective NGFW in the industry, reliably safeguarding users, applications, and devices.

Protection from threats and unwanted content

Enterprises continue to face increasingly sophisticated cyber-attacks which threaten business continuity. Enterprise boundaries have been extended to cover multiple sites, on-premise data centres, and private, hybrid and multi-cloud environments. Employees use multiple devices, both corporate and personal and work from various locations. New security and privacy regulations are emerging and becoming more robust, making compliance with these regulations and security standards challenging.

Many organisations have implemented multiple cybersecurity defence layers to protect their premises, users, data, networks and applications. The speed of innovation and rapid security technology lifecycles require agile and multi-disciplined security engineers to operate and maintain these solutions. Firewalls are often used as the first line of defence. According to Gartner, 99% of firewall breaches will be caused by misconfigurations rather than firewall flaws.

NDR Network Detection & Response

NDR (network detection and response) is a solution that adds context to security threats. Features such as network traffic analysis and the real-time inspection of network communications allow NDR solutions to detect and investigate threats, anomalous behaviours and risky activity across all the corners of your network. NDR acts as a virtual forensic expert that has the capability to understand the exact scope and peculiarities of a security incident or breach.

NDR solutions harness the strengths and virtually unlimited capabilities of high-end AI, machine learning and deep learning to provide predictive risk analysis. When you are dealing with large amounts of poorly contextualised alarms, NDR is often a better fit than SIEM.

The solutions typically provide centralised, machine-based network traffic analysis and response solutions, including efficient workflows and automation. The positioning in the network and help from machine learning provides a full insight and analysis of the network in order to identify and eliminate lateral movements in particular.

  • Scope: Network and inter-device traffic

  • Intention: Visibility/transparency of network traffic, detection of known and unknown threats and lateral movements, alerting and response

  • Methods: Indicator of Attack (IoA), anomaly detection, user behaviour, machine learning

  • Challenges: Advanced attacks and intrusions, malware-free attacks

NAC Network Access Control

Network Access Control (NAC) bridges several different security techniques to provide a unified approach to network access, be it wired or wireless. Endpoints, such as corporate laptops and mobiles, are often deployed with anti-virus software and users undergo an authentication process to access critical resources.

NAC combines these technologies and as a device connects to the network it is able to combine user authentication with device verification. In this way, NAC can be used to limit network resources to authorised users, and to ensure that devices that do connect to the network meet certain requirements - such as having the latest anti-virus software, no known vulnerabilities and are corporate-owned rather than personal devices.

DDoS protection

What is DDoS?

Any organisation that uses the Internet to conduct its core business runs the risk of loss of business, revenue and reputation if its systems are no longer available. DDoS attacks pose an ever-increasing threat to businesses that are reliant on the Internet for service availability. Some types of online businesses are more likely to suffer from such attacks than others. However, all will recognise that there is a risk that their business and its revenue will be compromised without some sort of DDoS protection service.

‘Distributed Denial of Service’, aka DDoS attacks, attempts to make a computer or network device unavailable or at least disrupt its function or service. They are categorised as ‘distributed’ because the attacks aren’t generated by a single attack host, but distributed over several hosts, usually a so-called botnet.

Types of attacks

There are three main categories of attacks

State attack

A state attack bombards the target with massive numbers of connection attempts and may try to keep them active. The target host and infrastructure cannot cope with such a large number of sessions, limits are reached, and it simply stops responding to requests, rendering it useless.

Volumetric attack

A volumetric attack sends extreme volumes of traffic in an attempt to completely saturate the target’s connections, effectively muscling out further legitimate traffic.

Sometimes other, often legitimate servers on the Internet are co-used for these types of attacks. This is becoming an increasingly popular method of attack. In such cases, special requests are sent to the target servers. It then uses specific functions to have the legitimate host send massive amounts of traffic back in response to what it believes is the requesting source, but it is in fact the attack destination. These are known as amplification or reflection attacks.

Application attacks

Application attacks identify weaknesses in applications and are used to either retrieve sensitive information, crash applications or abuse them for nefarious purposes such as gaining full access to the host on which the application resides or other hosts within the set-up.

Implication of DDoS attacks

The consequences

DDoS attacks are unfortunately a fact of life, with the frequency, size and sophistication of attacks increasing each year. It is not unusual to see packet requests of between 2.4m and 7.5m per second. DDoS attacks can have serious implications for both service providers and enterprises.

From the victim’s perspective a DDoS attack can render their Internet connection or targeted host(s) useless within seconds, effectively disconnecting them from their customers, prospects and partners.

An online company’s business is all about being able to reliably and consistently deliver an increasing array and volume of content types to its users without any degradation to service quality.

Solutions

Every customer has specific needs and requirements. This can be on a functional level, and the type of solution required is often specific to the type of organisation. Some deviations seen in practice:

  • CDNs

Content Delivery Networks (CDNs) tend to have a detailed view of their traffic and manual programming of the anti-DDoS solution is accepted practice. Protection against volumetric and state attacks is of high importance and in-line solutions are usually preferred, often with cloud services.

  • Enterprise Networks

Enterprise networks, depending on their size, tend to vary between either more comprehensive data centre protection or are focused on the full mix of data centre and office. Usually, in-line solutions are preferred although some cases provide more efficiency when they are redirect based. Cloud services are relatively popular amongst larger organisations.

  • Service Provider Networks

Service provider (SP) networks usually require holistic solutions and are redirect based due to high or very high capacity. When hosting critical services within their own data centres or delivering connectivity for customer data centres, some SPs like to expand this with an additional layer of inline solutions in front of these deployments. Also, in some cases DDoS protection is offered as a paid or managed service.