Managed Security Services
IT Security with minimal risks

SIEM as a Service (Security Information and Event Management)

Your systems will report any information you can think of, but even a team of security professionals can‘t handle the flood of messages. Also, compliance requirements can hardly be met with traditional tools.

Our offer for you – SIEM as a Service!

The SIEM as a Service from noris (Security Information and Event Management) receives syslog events from your devices, analyses them and prepares the information in a correlated form for display. From the analysis you then generate alarms/events in real time and receive information on security issues and improvement potentials in the security context of your environment. The data can also be stored over a longer period of time to provide subsequent evidence of the origination of security issues. This provides data that supports forensic analysis and can help you meet compliance requirements.

Your benefits with SIEM as a Service from noris:

• Capture correlations between log events in real time
• Clear presentation in customizable dashboards
• Enabling of subsequent evidence regarding the origin of incindents
• Reduction of expenses for the processing of events
• Adherence to compliance guidelines

DDoS Protection

DDoS (Distributed Denial of Service) attacks are aimed at flooding the targeted systems with requests until the systems collapse or are no longer capable of performing their normal tasks. The great danger for the affected companies lies in the asymmetry of attack and defense: the resources for DDoS attacks (programs and botnets) are readily available. The protection against such attacks (DDoS Protection), however, requires a fast response and very powerful networks and systems.

As part of our managed DDoS Protection services we offer a scalable protection for your systems and infrastructure.

Your benefits:

• A centralized Arbor DDoS Protection system is able to detect DDoS attacks and mitigate such attacks up to a defined traffic threshold.
• In noris network’s own high-performance backbone, attack characteristics can be identified and malicious traffic can be discarded by applying ACLs already at the nodes.
• To mitigate extremely massive DDoS attacks, protection is provided by BGP re-routing via an external service provider. This is able to ward off high volume attacks of virtually any size.

The result: the flood of malicious requests is selectively filtered and re-routed (mitigated), thereby preventing the DDoS attack from reaching your systems. Normal requests continue to be processed as usual.

All DDoS Protection products offered by noris network provide the same level of protection. The products are structured much like an insurance policy which differentiates based on the included DDoS traffic (= strength of the attack). A customer who sees only a low probability of an extremely massive attack on his company can choose a “small” DDoS Protection product and thus mitigate against typical DDoS volumes. Customers who would like to cover all risks book the “large” all-round carefree package with unlimited DDoS traffic volumes.

Highlights of our DDoS-Protection:

• Use of Arbor Networks technologies for highest detection and mitigation quality
• Filtering of harmful traffic already at nodes in your own backbone using ACLs
• Protection against massive attacks via BGP re-routing (up to 1 Tbps)
• Manually guided mitigation
• Optional monthly reports about traffic anomalies and attacks
• Optional access to traffic analysis and live overview of alarms and filtering measures

Contact our experts now for a non-binding offer to protect your setup!

Managed Firewall

noris network offers Managed Firewall Services in various performance levels and configurations. All variants have one thing in common – their safety! Our experienced network specialists set up, configure and maintain your systems. This way they meet the needs of your company in every constellation. All systems are hosted in our data centers. There they are embedded in our high-performance network infrastructure. They are optimally connected to the Internet and protected against unauthorized access.
Basically, three different versions are available:

• standard firewalls
• location-distributed standard firewalls
• location-distributed Next Generation Firewalls (NGFW)

With location-distributed variants, two interconnected systems are located in two data centers. The two data centers are several kilometers apart – more than the so-called banishing mile. If a hardware or software component in one of the two firewalls fails, the system immediately switches to the redundant system. Your applications and data remain available.

The Next Generation Firewall (NGFW) is much more than a pure packet filter. It is a high-performance security device with application, user and content control. It recognizes and analyzes the traffic on layer 7 (application layer) depending on the port, user and content used. User privileges are optionally controlled via the roles in the Active Directory. This allows external users to establish a secure connection from their computer to your company’s network. All next-generation firewalls from noris are equipped with Threat Prevention Subscription (including virus scanner, malicious code blocker and IDS/IPS features) and URL filters at the gateway and thus represent a comprehensive security solution.

All shared firewalls are designed as highly available clusters – for maximum security and availability. Depending on the application, our expertens will find the appropriate version for you and implement it for your system.

Benefit from our know-how and make use of the following advantages:

• Security against threats, e.g. viruses and hacker attacks on your network
• Reliable support of your firewall infrastructure by certified and qualified personnel
• Minimization of downtimes of your setup
• Reduced workload on IT staff and infrastructure
• Virtual systems with dynamically scalable performance
• 24/7 monitoring of your firewall
• Provision of reports for maximal transparency for Next Generation Firewalls

Firewall setups at customers’ premises

In addition to the firewall protection in noris network’s data centers, we also set up and support other protection constellations if so requested by the customer.

Load Balancer

With the managed Load Balancer service, noris network provides a virtual Load Balancer environment. Load balancing increases the availability and performance of important services. The distribution of the load across multiple servers allows to reduce response times or implement redundancy requirements. Managed Load Balancer services from noris network are arranged in high-availability clusters – also as geographically distributed solutions with different functional and performance levels.

It is of course possible to apply different load distribution mechanisms, such as

• Round Robin,
• Least Connection, or
• Fastest Response.

Also, features like

• Perfect Forward Secrecy (PFS),
• Access to API for management or querying of status information
• SSLoffloading or
• Session persistence per source, destination IP, cookie or SSL header

are no problem at all.

WAF

Web applications make modern business IT more flexible and can greatly simplify the communication with partners, customers and suppliers, as well as the networking with external systems. From an IT security perspective, however, web applications also represent potential weak points which require special protection.

A managed WAF (Web Application Firewall) enables you to securely protect your web application server. Protection is provided by analyzing the HTTP-traffic that is carried to the server and by filtering attack scenarios such as cross-site scripting, SQL injections, tampering, or cookie poisoning. If the URL is used to issue commands which are capable of controling, modifying, or even damaging the website or the underlying database, such attacks will be warded off by the WAF.

WAFs can not be operated as an out-of-the-box product but require an individual adjustment for the protection of your applications – and that is exactly what our managed WAF services do.

We offer:

• Consultancy on configuration and implementation of the WAF
• Operation of the WAF including continuous adjustment to changes in applications
• Monitoring and adaptation to current attack vectors
• Communication with the developers of your web application

Vulnerability Scan

Identify weak points (Vulnerability Scan) in your IT systems before attackers do, and simultaneously meet comprehensive IT compliance requirements.

We analyze IT infrastructures and IT systems by using state-of-the-art expert systems for automated Vulnerability Scans. This involves that the systems are checked for weak points externally and / or internally (by sensor) and recommendations for action are made.

Remember: your IT is moving. While a security gap is closed at one point, new weak points resulting from changes may emerge elsewhere. That is why our experts regularly run automated Vulnerability Scans on your systems, create updated vulnerability analyses, and make vulnerability management a component of IT compliance.

Vulnerability Scans can be initiated from different (even combined) perspectives – the result is a list of specific safety-enhancing measures:

External:

• Attacker’s view from the outside
• Identification of poorly configured firewalls
• Detection of highly significant security errors

Within DMZ:

• What if the firewall fails?
• Detection of weak points in the security zone
• Perspective of the attacker or computer worm
• Potential damage is identified and sorted according to risk

Remote Access (SSL VPN)

Do you want to securely connect employees with mobile devices, home offices or small branches and offices via the Internet? Then our Remote Access via SSL–VPN is the solution for you.

With a regular IPsec (VPN), a VPN client sets up a VPN tunnel on your computer. This tunnel leads over the Internet on Layer 3 to your firewall and allows access to your setup. This is relatively convenient and uncomplicated, but has the disadvantage that the client can always access the entire network. From a security point of view, this carries many risks. In contrast, with an SSL VPN, you can release different resources separately for access.

Our remote access allows you convenient and secure access to company-internal applications and systems from almost any Internet-capable client. Without the installation of additional software, access is via browser on layer 4 level. Via an individual web portal you can access e-mail accounts, files, application and terminal server or data warehousing applications. The use of software such as Lotus Notes or Microsoft Exchange, ERP systems such as SAP or Dynamics AX becomes convenient and secure – regardless of location.

Extensive possibilities allow the establishment of terminal server sessions, direct access to IP addresses or port forwarding for working with applications. The access is simple and convenient via the SSL VPN gateway either directly or via the individual web portal.

We use every opportunity for your maximum security. The connection is protected against attacks by an encryption depth of 256 bits. Clients can specify security requirements (e.g. Windows updates or virus scanners) for access to specific URLs, files and other server resources.
By using an official SSL certificate the connection establishment works without problems. If configured, the user logs on using Single-Sign-On with the usual access data. After that, all applications released for the user are available, without further password hurdles – just like in the local PC environment. Authentication using a one-time password to further increase security is also possible. Central administration of user accounts is simple and convenient via the optional Active Directory. If you already have an Active Directory at our site, the connection is included.

As compared to a traditional SSL VPN on a firewall, our managed service offers you numerous benefits:

• Certificate-based access options
• Customized web portal with links to all important applications and systems
• Upon request, simplified administration in the company’s Active Directory
• Protection of your systems, since these are not located directly on the Internet, but reside behind the SSL VPN gateway
• Additional access protection based on two-factor authentication is possible

Two-factor Authentication

Two-Factor Authentication (2FA) is an additional layer of security for your organization – it helps to address the vulnerabilities of a pure standard password approach.

In today’s online environment, the rudimentary “username and password” security approach is easy prey for cybercriminals. Many logins can be compromised in minutes, increasingly compromising important data.

Two-factor authentication adds another layer of security and adds a code to the username and password model that only a particular user can access (typically something he has at his fingertips). This authentication method can easily be summarized as a combination of “something you have and something you know.

Therefore, we rely on a solution that additionally uses a one-time password (OTP) and provides more security for the applications behind it. Users can choose between soft and hard tokens, with the software token supporting iOS and Android.

Since the authentication server is operated by us, your operating costs are reduced and security is increased because the server is located in our high-security data centers.

The benefits of our two-factor authentication combined:

• Flexibly scalable solution offers low entry cost
• Low total cost of ownership (TCO)
• Free choice between soft and hard tokens
• Large and easy to read Hardtoken display