Integrated security system
for LINK4

The Customer assessed the solutions and security systems used so far in the LAN and WLAN as insufficient to ensure the highest level of security. The primary objective was to secure the continuity of Link4 business processes and ensure protection against threats from outside and inside the organization.

It was necessary to create a modern, coherent and comprehensive security system for the IT infrastructure in the areas of the Data Centre and the office network. The issue of integration of individual components and provision of a uniform, centralised system for management and reporting of identified threats was particularly important.

The Customer has started a wide market analysis process. Once they analysed the security portfolio of the leading vendors, they chose a coherent and complete security architecture based on Cisco solutions. After a detailed analysis, the Atende engineering team developed a technical design based on three principles:

• integration of protections in all areas
• interoperation of different protection systems
• adaptation of systems to new threats

All the proposed and implemented components have been selected to meet the requirements in terms of: efficiency and implemented functionalities, high immunity to failures, further expandability, and development, and optimization of maintenance costs. A coherent protection system included, among others:

• access to the corporate network: ISE (NAC), AnyConnect (VPN)
• terminals, devices and mobile users: AMP for Endpoints/Secure Endpoint
• local and wide area networks: security on network equipment, ASA, Firepower (NGFW), AMP for Enpoints/Secure Endpoint
• e-mail and Web access: Email & Web Security Appliance, Firepower (NGFW), AMP for Enpoints/Secure Endpoint, sandbox Thread Grid (Secure Malware Analytics)
• virtualized systems and cloud solutions: FTDv, ASAv

The interoperation of various components (in particular ISE, AMP and Firepower systems) allows for rapid remediation, which is crucial for new, sophisticated threats that are propagated by all possible vectors much faster than their predecessors.The bidirectional communication of equipment enables simultaneous transmission of information on the identified threat to all modules comprised in the implemented security system. A mechanism has been provided to ensure, upon detection of an infected station, the exchange of information with the access control system and the automatic isolation (quarantine) of infected resources from the rest of the network, thus rendering further spread of the threat impossible.

The system also provides a unique functionality of retrospectively analysing the structure and behaviour of objects (potentially of malicious code) within the protected infrastructure.  It provides for an effective defence response when detecting a threat that has not been identified by classic security mechanisms such as firewall or IPS.