Managed Security Services
IT Security with minimal risks
Your contact person
Andreas Pohl
Senior Principal Solution Architect
T: +49 911 9352-1328
send e-mail
Professional IT security – minimized risks
Hackers, data thieves, and IT vandals are becoming increasingly sophisticated in their criminal attacks. Threats by insiders create another potential hazard. In addition, the legal requirements and liability risks existing in the area of IT security are continuously tightened. For many companies, a 365/24/7 support by qualified, experienced IT security experts can hardly be accomplished from an organizational and economic point of view.
We at noris network can not relieve you of the ultimate responsibility for IT security in your company – but our IT security experts can help further professionalize your IT security and minimize your risks.
Your benefits:
- Effective protection: you utilize the expertise of our experienced IT security experts who develop and implement a professional IT security concept for your business and thus reduce your security and liability risks
- Reduced workload: place your business under the protection of extremely powerful, latest generation IT security systems – without having to worry about purchasing, configuration, operations and expansion
- Cost sharing: noris network continuously invests in high-end security systems, professional staff and powerful security operations centers, because we are responsible for the protection of our data centers and many customers. For you, this translates into maximum protection at minimal costs
- Flexibility: our modular, scalable managed security services adapt to changing protection needs of your business
- Verifiability: no need to be afraid of audits. You are able to prove your IT security measures towards authorities, partners and customers any time in the future
Our managed security services:
Security Operations Center (SOC) as a Service – IT security service to detect and eliminate risks
Do you operate a security-critical application and need strong protection against cyber-attacks? Are you subject to legal requirements for managing your IT security? Do you have security systems like a SIEM (Security Information and Event Management) in use, but don’t have the resources to process and analyze the many security events and take appropriate measures? Then the Security Operations Center is the service you need!
What is a Security Operations Center (SOC)?
A Security Operations Center (SOC) is an IT security team that centrally manages messages from your IT security systems. It consists of IT security specialists with the task of proactively identifying security threats to your IT systems and infrastructures and initiating measures to eliminate them. This serves to protect against internal and external threats.
SIEM systems are used to carry out this task and helps the SOC to monitor the security of your systems. In the event of an event, it is analyzed and evaluated. Depending on the analysis, an event can be classified as an incident and appropriate countermeasures can be initiated with the operations teams. Operations works in tandem with the SOC. This results in the highest possible efficiency for the company in the detection and elimination of security incidents.
Does a SOC always need a SIEM?
In our SOC, we proactively monitor and analyze your IT setups and infrastructures based on a SIEM. With the help of the use cases and events supplied by the connected systems, the analysis and evaluation is carried out by the SOC. In this way, dangers can be identified and eliminated at an early stage, or preventive measures can be taken to combat threats to your IT systems. Potential security gaps are minimized in the long term. With the IT security service from noris, the analyzes and reports are discussed with you in regular meetings. If you have IT security questions about your setup, the SOC can support you at any time.
Your advantages with the IT Security Service SOC at noris
- Actively protect your IT infrastructure and data from internal and external threats by proactively identifying security threats and remediating them
- Compliance with legal requirements
- Reduction of personnel costs by access to a large team of IT security experts with know-how in the operation of your SIEM
- Optional 24/7 handling of the security events of your systems
- Central security management for your entire setup
- Transparency through regular reporting and joint discussion of analysis results
More product details can be found in the product sheet below.
Feel free to contact our sales experts, we will be happy to advise you on the best possible managed security solution for you! Please also have a look at our Elastic-SIEM.
Elastic SIEM (Security Information and Event Management)
Your systems report tons of information to you. However, but even a team of security professionals can‘t handle the flood of messages without suitable tools. Our offer for you – Elastic SIEM from noris!
The Elastic SIEM from noris (Security Information and Event Management) receives events from a variety of sources such as beats, syslog, netflow, TCP or SNMP traps syslog events from your devices. This information is analyzed and correlated for display. Alarms and events are then generated in real time from the analysis. This gives you indications of threatening attacks and preventive measures in the security context of your environment. The data can also be stored over a longer period of time to provide retrospective evidence of security issues. This provides data that can assist in forensic analysis, helping to meet compliance requirements.
Why Elastic SIEM?
With the increasing popularity of SIEM systems, we have gained a lot of experience with different SIEM solutions over the last few years. We were able to observe how Elastic has established itself from a niche solution to a high-quality enterprise solution.
Based on Elasticsearch, our specialists can provide you with a platform that you can use to process and evaluate data from your systems. Network traffic, login attempts, event logs, monitoring of file changes and other system-specific data sources such as operating systems or firewalls can be integrated.
In our view, the Elastic Stack offers many advantages as a SIEM, both technically and commercially. For example, the Elastic Stack gives you comparable capabilities to other enterprise systems while providing full cost control. Furthermore, you can additionally use your Elastic Stack for normal logging applications.
Advantages with Elastic SIEM from noris:
- Capture correlations between log events in real time
- Clear presentation in customizable dashboards
- Enabling retrospective evidence of the origin of incidents
- Reduction of effort for the processing of events
- Enable adherence to compliance guidelines
- Calculable and predictable pricing
For more product details, see the product sheet below.
Feel free to contact our sale experts, we will be happy to consult you on the best possible solution for you! Also have a look at our Elastic Stack.
DDoS Protection
DDoS (Distributed Denial of Service) attacks are aimed at flooding the targeted systems with requests until the systems collapse or are no longer capable of performing their normal tasks. The great danger for the affected companies lies in the asymmetry of attack and defense: the resources for DDoS attacks (programs and botnets) are readily available. The protection against such attacks (DDoS Protection), however, requires a fast response and very powerful networks and systems.
As part of our managed DDoS Protection services we offer a scalable protection for your systems and infrastructure.
Your benefits from DDoS Protection:
- A centralized Arbor DDoS Protection system is able to detect DDoS attacks and mitigate such attacks up to a defined traffic threshold.
- In noris network’s own high-performance backbone, attack characteristics can be identified and malicious traffic can be discarded by applying ACLs already at the nodes.
- To mitigate extremely massive DDoS attacks, protection is provided by BGP re-routing via an external service provider. This is able to ward off high volume attacks of virtually any size.
The result: the flood of malicious requests is selectively filtered and re-routed (mitigated), thereby preventing the DDoS attack from reaching your systems. Normal requests continue to be processed as usual. All DDoS Protection products offered by noris network provide the same level of protection. The product characteristics differ only in the size and number of IP addresses.
Trust our experience and protect your systems from attacks with the DDoS protection from noris! Due to our highest security standards, we are listed by BSI as a qualified DDoS mitigation service provider.
Highlights of our DDoS-Protection:
- Use of Arbor Networks technologies for highest detection and mitigation quality
- Filtering of harmful traffic already at nodes in your own backbone using ACLs
- Protection against massive attacks via BGP re-routing (up to 1 Tbps)
- Manually guided mitigation
- Includes online access to the Arbor DDoS monitoring system
- Includes monthly reports on traffic, anomalies and attacks
Contact our experts now for a non-binding offer to protect your setup!
Managed Firewall
noris network offers Managed Firewall Services in various performance levels and configurations. All variants have one thing in common – their safety! Our experienced network specialists set up, configure and maintain your systems. This way they meet the needs of your company in every constellation. All systems are hosted in our data centers. There they are embedded in our high-performance network infrastructure. They are optimally connected to the Internet and protected against unauthorized access.
Basically, three different versions are available:
- standard firewalls
- location-distributed standard firewalls
- location-distributed Next Generation Firewalls (NGFW)
With location-distributed variants, two interconnected systems are located in two data centers. The two data centers are several kilometers apart – more than the so-called banishing mile. If a hardware or software component in one of the two firewalls fails, the system immediately switches to the redundant system. Your applications and data remain available.
The Next Generation Firewall (NGFW) is much more than a pure packet filter. It is a high-performance security device with application, user and content control. It recognizes and analyzes the traffic on layer 7 (application layer) depending on the port, user and content used. User privileges are optionally controlled via the roles in the Active Directory. This allows external users to establish a secure connection from their computer to your company’s network. All next-generation firewalls from noris are equipped with Threat Prevention Subscription (including virus scanner, malicious code blocker and IDS/IPS features) and URL filters at the gateway and thus represent a comprehensive security solution.
All shared firewalls are designed as highly available clusters – for maximum security and availability. Depending on the application, our expertens will find the appropriate version for you and implement it for your system.
Benefit from our know-how and make use of the following advantages:
- Security against threats, e.g. viruses and hacker attacks on your network
- Reliable support of your firewall infrastructure by certified and qualified personnel
- Minimization of downtimes of your setup
- Reduced workload on IT staff and infrastructure
- Virtual systems with dynamically scalable performance
- 24/7 monitoring of your firewall
- Provision of reports for maximal transparency for Next Generation Firewalls
Firewall setups at customers’ premises
In addition to the firewall protection in noris network’s data centers, we also set up and support other protection constellations if so requested by the customer.
Load Balancer
With the managed Load Balancer service, noris network provides a virtual Load Balancer environment. Load balancing increases the availability and performance of important services. The distribution of the load across multiple servers allows to reduce response times or implement redundancy requirements. Managed Load Balancer services from noris network are arranged in high-availability clusters – also as geographically distributed solutions with different functional and performance levels.
It is of course possible to apply different load distribution mechanisms, such as
- Round Robin,
- Least Connection, or
- Fastest Response.
Also, features like
- Perfect Forward Secrecy (PFS),
- Access to API for management or querying of status information
- SSLoffloading or
- Session persistence per source, destination IP, cookie or SSL header
are no problem at all.
Web Application Security (WAS) – the comprehensive protection for your web applications!
Cyber attacks on your web applications are a constantly growing threat. Therefore, you must protect your web applications against new potential vulnerabilities at an early stage and on an ongoing basis.
With our Web Application Security Service based on a Web Application Firewall (WAF), we offer you comprehensive protection for your web applications. This enables us to fend off cyber attacks such as window exploits, brute force attacks, SQL injections, DoS attacks and other potential threats for you. The Web Application Firewall is hosted in an active-passive cluster for a fault tolerant operation. In the event of maintenance work or incidents, this enables operations to continue with practically no interruption. In addition, you can expand the WAF with a redundant load balancer, which is precisely matched to the WAF and the setup. For maximum transparency of the service, you get access to a frontend with well-structured dashboards and you can easily view security events, statistics and evaluations from there!
The Web Application Security Service is customized to the requirements of your applications, so that you have optimal protection for your web applications. The created policies are then reviewed and revised regularly during operation, so that your application is fully protected and availability is ensured at all times. That’s what we mean by fully managed!
Your advantages with the Web Application Security Service:
- Fully managed web application security service based on a web application firewall
- Maximum protection through security policy management with regular refinement of the rules and proactive tuning of security policies
- Identification and blocking of IP addresses that spread harmful code or are part of an illegal bot network
- Intelligent logic to distinguish between wanted and unwanted bots
- Protection of entire domains such as application servers based on WordPress, Apache-Tomcat, IIS/ASP or web applications controlled via API gateways
- Self learning algorithms and detection tools
- Including Threat Campaign against attacks with near-zero false positives
- Extensible through optimized shared load balancers
- Transparent service through access to dashboards
More details about the Web Application Security Service can be found in the product sheet.
Honeypots – set a trap for your attackers!
Why do you need a honeypot?
Honeypots are simulated production systems that lure and deceive attackers. These imitated systems present easy attack targets to distract attackers from the actual production system. The security of your systems is enhanced and attack strategies are monitored by the honeypot to proactively protect your setup from inside and outside. The honeypot imitates productive services and replicates for example realistic protocols that communicate with each other. This simulates, for example, an FTP or SMTP service and other potential targets of attack. Furthermore, these are deliberately configured in such a way that a cyber attack is possible. In order to make this possible the honeypot needs to be well disguised otherwise attackers will notice them as a decoy.
Your Benefits of the honeypot from noris:
- Additional protection against internal and external threats for your production systems
- Rapid detection of potential cyber attacks
- Discover attackers’ strategies to enable proactive countermeasures
- Helps with the analysis of attack strategies and the initiation of suitable preventive measures
- Supports reliable attack detection through special preconfigurations
- Facilitates tracing attacks back to their origin, e.g. via IP address
What are the features of a honeypot from noris?
A honeypot from noris is operated within your setup in our own german data centers. With the help of a managed elastic SIEM from noris, a honeypot can detect the threatening attack patterns and methods so that appropriate measures can be initiated in time. Together with the SIEM from noris, the collected events are documented and analyzed. Honeypots have an extended logging function for better analysis. They generally log every input and, if necessary, also record the attacker’s payload. This allows threats to be detected and analyzed more quickly, which means that vulnerabilities in the system can be discovered more quickly. Honeypots provide you with enhanced protection for your production systems. Moreover, it helps you to detect attack patterns and initiate countermeasures before it is too late!
For more product details, see the product sheet below.
Feel free to contact our sale experts, we will be happy to consult you on the best possible solution for you!
Vulnerability Scan
Identify weak points (Vulnerability Scan) in your IT systems before attackers do, and simultaneously meet comprehensive IT compliance requirements.
We analyze IT infrastructures and IT systems by using state-of-the-art expert systems for automated Vulnerability Scans. This involves that the systems are checked for weak points externally and / or internally (by sensor) and recommendations for action are made.
Remember: your IT is moving. While a security gap is closed at one point, new weak points resulting from changes may emerge elsewhere. That is why our experts regularly run automated Vulnerability Scans on your systems, create updated vulnerability analyses, and make vulnerability management a component of IT compliance.
Vulnerability Scans can be initiated from different (even combined) perspectives – the result is a list of specific safety-enhancing measures:
External:
- Attacker’s view from the outside
- Identification of poorly configured firewalls
- Detection of highly significant security errors
Within DMZ:
- What if the firewall fails?
- Detection of weak points in the security zone
- Perspective of the attacker or computer worm
- Potential damage is identified and sorted according to risk
Remote Access (SSL VPN)
Do you want to securely connect employees with mobile devices, home offices or small branches and offices via the Internet? Then our Remote Access via SSL–VPN is the solution for you.
With a regular IPsec (VPN), a VPN client sets up a VPN tunnel on your computer. This tunnel leads over the Internet on Layer 3 to your firewall and allows access to your setup. This is relatively convenient and uncomplicated, but has the disadvantage that the client can always access the entire network. From a security point of view, this carries many risks. In contrast, with an SSL VPN, you can release different resources separately for access.
Our remote access allows you convenient and secure access to company-internal applications and systems from almost any Internet-capable client. Without the installation of additional software, access is via browser on layer 4 level. Via an individual web portal you can access e-mail accounts, files, application and terminal server or data warehousing applications. The use of software such as Lotus Notes or Microsoft Exchange, ERP systems such as SAP or Dynamics AX becomes convenient and secure – regardless of location.
Extensive possibilities allow the establishment of terminal server sessions, direct access to IP addresses or port forwarding for working with applications. The access is simple and convenient via the SSL VPN gateway either directly or via the individual web portal.
We use every opportunity for your maximum security. The connection is protected against attacks by an encryption depth of 256 bits. Clients can specify security requirements (e.g. Windows updates or virus scanners) for access to specific URLs, files and other server resources.
By using an official SSL certificate the connection establishment works without problems. If configured, the user logs on using Single-Sign-On with the usual access data. After that, all applications released for the user are available, without further password hurdles – just like in the local PC environment. Authentication using a one-time password to further increase security is also possible. Central administration of user accounts is simple and convenient via the optional Active Directory. If you already have an Active Directory at our site, the connection is included.
As compared to a traditional SSL VPN on a firewall, our managed service offers you numerous benefits:
- Certificate-based access options
- Customized web portal with links to all important applications and systems
- Upon request, simplified administration in the company’s Active Directory
- Protection of your systems, since these are not located directly on the Internet, but reside behind the SSL VPN gateway
- Additional access protection based on two-factor authentication is possible
Two-factor Authentication
Two-Factor Authentication (2FA) is an additional layer of security for your organization – it helps to address the vulnerabilities of a pure standard password approach.
In today’s online environment, the rudimentary “username and password” security approach is easy prey for cybercriminals. Many logins can be compromised in minutes, increasingly compromising important data.
Two-factor authentication adds another layer of security and adds a code to the username and password model that only a particular user can access (typically something he has at his fingertips). This authentication method can easily be summarized as a combination of “something you have and something you know.
Therefore, we rely on a solution that additionally uses a one-time password (OTP) and provides more security for the applications behind it. Users can choose between soft and hard tokens, with the software token supporting iOS and Android.
Since the authentication server is operated by us, your operating costs are reduced and security is increased because the server is located in our high-security data centers.
The benefits of our two-factor authentication combined:
- Flexibly scalable solution offers low entry cost
- Low total cost of ownership (TCO)
- Free choice between soft and hard tokens
- Large and easy to read Hardtoken display
This post is also available in: German
