Unlocking business potential with seamless protection
The world is becoming ever more connected. Yet in many ways, enterprise security remains disconnected. Security tools, processes, user profiles and information may be separated in silos that leave dangerous gaps in between. Hackers, fraudsters and other threat actors are often determined to exploit these disconnects.
An effective security solution must close the gaps. Achieving this goal requires capabilities in four interconnected areas: identity and access management, network security, data and endpoint security, and security services. These capabilities reinforce each other, working together for seamless protection. Solutions in the Dell Security portfolio span these four pillars to support a cohesive enterprise security strategy that is designed to protect information everywhere, in step with the business.
Identity and access management
The first pillar addresses the fact that not all threats come from the outside.
One of your system administrators is apparently using his privileges to access material that he shouldn’t. You need to discover what’s going on. And if you must terminate his employment, you need to ensure that all of his access accounts and privileges are quickly removed as well.
Protecting against this type of threat is the function of identity and access management (IAM) solutions. IAM helps ensure that people have the right access to the right resources — and only those resources — at the right time.
Delivering this access is essential for enabling employees to work productively. But at the same time, centralized IAM is critical for controlling individual user identities, governing user access rights and maintaining visibility into privileged-user actions. Recent events have shown that even entities like the National Security Agency (NSA) must be vigilant in knowing the activities of highly authorized users.
A comprehensive IAM solution includes access governance, privileged account management and identity administration. (For more information, see the sidebar, “8 steps toward robust identity and access management.”)
Protecting critical information with user access controls
For access governance, Dell One Identity solutions provide the visibility and control necessary to understand what is in the organization’s environment and who has access to it. The solutions establish a continuous process that helps ensure individual employees have the right access to do their job, but nothing more, and empower business managers to properly certify access.
Dell One Identity also enables organizations to manage the entire lifecycle of identities by automating account creation with delegated rights, group memberships and attributes to authorize users. It is designed to reduce the complexity of common administrative tasks, such as password management, and simplify the management of policies across complex UNIX®, Linux® and Macintosh® environments.
Controlling and auditing elevated access
A secure process should be established for requesting and issuing privileged credentials for administrative account access, with rights based on strong policy and group membership within the Microsoft® Active Directory® directory service. Organizations can control and audit administrative access in several ways, such as performing keystroke logging, conducting session audits and delegating granular privileges for execution of specific commands.
Dell One Identity provides these capabilities and minimizes the burden imposed on IT by compliance demands, helping improve compliance through automation and reporting consolidation. Dell One Identity also includes user activity monitoring capabilities for discovering vulnerabilities, addressing security policy violations and preventing unauthorized access to systems and data.
8 steps toward robust identity and access management
Dell has gleaned eight best practices to help enterprises improve their identity management systems for heightened security, efficiency and compliance.
For more details about these best practices, download the white paper, “8 Best Practices for Identity and Access Management,” at qrs.ly/ca3u3is.
While IAM is primarily concerned with internal security, the second pillar, network security, protects against threats from outside the enterprise.
You receive an email at work from a school nurse saying that your child is sick and the school isn’t able to reach your spouse. The email contains an attachment outlining the diagnosis of your child. Naturally, you open it. The names of your child, your spouse, the school and even the school nurse are all accurate. But the story is false — once you opened the attachment, malware gained access to your device and from there to the company network.
Network security works to thwart this phishing activity and other types of external attacks. It should also coordinate with an organization’s IAM solution. In an optimal scenario, the network security solution can alert IAM software to be on the lookout for someone on the network seeking unauthorized access using a legitimate employee account.
Protecting the perimeter with next-generation firewalls
An effective foundation for a secure network is the Dell SonicWALL family of next-generation firewalls. These firewalls tightly integrate advanced intrusion prevention, malware protection and application control with real-time visualization for comprehensive, connected security. Access to applications can be controlled based on multiple conditions ranging from user identity and application type to time of day and duration of use. (For more information, see the sidebar, “Deep packet inspection for network protection.”)
Additional security and connectivity capabilities such as virtual private network (VPN) protection and content filtering help make SonicWALL Next-Generation Firewalls a comprehensive solution. High-speed inspection of traffic encrypted with Secure Sockets Layer (SSL) is designed to prevent malware and intrusions from coming through encrypted connections. And to identify and respond to the latest threats, cloud-assisted anti-malware enables Dell firewalls to quickly match malicious code against a large, continuously updated database.
Delivering protection for mobility access and email
Dell SonicWALL solutions also are designed to enhance employee productivity and protect against threats through simple, policy-enforced mobile access to mission-critical data and applications. Dell SonicWALL email security hardware and software help ensure email is a safe productivity tool. Moreover, management and reporting capabilities are provided for optimizing security and easing administration.
|Deep packet inspection for network protection |
Proprietary Dell Reassembly-Free Deep Packet Inspection (RFDPI) technology scans against multiple application types and protocols to help ensure the enterprise network is protected from internal and external attacks, as well as application vulnerabilities. To deliver visibility and control, RFDPI is designed to scan traffic on every port, on every protocol and in any direction, inspect every byte of a connection and examine up to hundreds of thousands of simultaneous connections.
With these capabilities, RFDPI can categorize application traffic and protect against threats at both the application and network layer.
Data and endpoint security
The first two pillars of Dell Security are about access, both internal and external. The third pillar is about protecting the data itself.
Using your legitimate credentials, someone is trying to enter systems that you would never access. If your organization has an IAM solution, it will generate an alert to flag the unusual activity. Even if the attacker got through, your organization would still be protected — because the data is encrypted and can’t be read.
Data protection presents several challenges for today’s organizations. The environment includes a variety of mobile devices and operating systems, and organizations are storing more data in the cloud than ever before. Management of encrypted devices can be difficult. And regulatory compliance requires organizations not only to protect data from being stolen, but also to produce reports proving that it is protected.
Safeguarding data with strong encryption
The Dell Data Protection | Encryption (DDP | E) portfolio delivers a high level of protection for desktops, laptops, mobile devices, external media devices and end-user data stored in public cloud services such as the Dropbox®, Box and Microsoft® OneDrive platforms. It also fills critical security gaps and enables organizations to manage Microsoft® BitLocker® software — all from a single management console.
DDP | E software encryption uses an innovative, data-centric approach that is designed to protect data without disrupting IT processes or end-user productivity. The solution allows IT to easily enforce encryption policies, whether the data resides on the system drive, on external media or in the cloud. (For more information, see the sidebar, “Why data-centric encryption is the way to go.”) For organizations needing a higher level of security, Dell offers DDP | Hardware Crypto Accelerator, which adds hardware-based encryption with tamper-resistant protection and identity-based authentication with Federal Information Processing Standards (FIPS) Publication (PUB) 140-2 Level 3 military-grade security.
Another challenge is that many users routinely store and share files in public cloud-based storage services. IT can lose control over data security once files are in these services. DDP | Cloud Edition gives IT granular control to determine which users can view the data, including shared files, as well as which endpoints can be employed to access the data.
Locking down hardware
The first line of defense lies at the PC level. Having the proper authentication solutions in place can greatly bolster protection against a security breach. Included with Dell Precision, Dell Latitude and Dell OptiPlex systems, DDP | Security Tools (DDP | ST) is an end-to-end software solution that supports Dell hardware authentication options.
DDP | ST provides secure access control using optional smart card and fingerprint readers with FIPS PUB 201 certification or an optional contactless smart card reader. It also supports pre-OS login with self-encrypting drives and single sign-on (SSO). Administrators can use the centralized DDP management console to remotely manage user credentials, passwords, encryption policies and multiple hardware authentication methods.
For added protection, Dell ControlVault is available on select Dell Precision and Latitude systems. This secure hardware element provides an isolated authentication processing environment for matching biometric and smart card credentials. Moreover, only Dell offers FIPS PUB 140-2–certified Trusted Platform Module (TPM), which ships with Dell business laptops and tablets to help ensure that the implementation meets the highest standards for protection.
Why data-centric encryption is the way to go
Data protection necessarily involves encryption on endpoint devices. However, full disk encryption (FDE) can be difficult to manage. IT must decrypt and then re-encrypt the device to perform maintenance, software updates, inventory and other management tasks.
File and folder encryption differs from FDE in that only specific files and folders are encrypted. This capability can deliver significant time and money savings. However, many implementations of file and folder encryptions leave security holes, since they require the user to remember to save sensitive files into specific encrypted folders.
Dell Data Protection | Encryption (DDP | E) overcomes these challenges by taking a data-centric encryption approach that combines file-level encryption with policy-based management:
The DDP | E data-centric approach also uses multiple encryption keys. A common key may be used to encrypt common system data. Individual, user-specific encryption keys are used so that sensitive data specific to an individual is accessible only by that person.
With the first three pillars in place, there is one more important security asset to consider: intelligence.
You’ve taken the right steps to protect your organization all the way out to the edges of the network. But you also need to be proactive about new and emerging global threats. Are threat actors already targeting your organization or its executives? How can you prepare or take action?
Information and IT security services help organizations of all sizes protect their IT assets, comply with regulations, reduce security costs and adapt incident response to meet threats.
Building relationships with managed security services
Delivering managed services is different from delivering security products — it means that Dell’s relationship with an organization is just beginning when the technology is deployed. Clients of Dell SecureWorks managed services range from Fortune 100 companies with large security teams to organizations with no full-time security staff.
Some enterprises look to Dell SecureWorks to back up their existing security staff, monitor select devices, provide alerting if necessary and enable reporting through a customer portal. Other organizations depend on Dell SecureWorks to actively manage their security environment: configuration, deployment, monitoring and response, including reports tailored for different internal audiences. Dell SecureWorks also offers a wide range of industry and government compliance solutions.
Consulting for security and risk assessment
The Dell SecureWorks security and risk consulting team provides the expertise and analysis needed to help organizations enhance their security posture. The team works with enterprises to design and implement their strategic security programs, assess and test their defenses, and resolve critical information security breaches. Security awareness training solutions are available to raise employee vigilance and meet compliance requirements, and program development services help organizations review and improve their information security policies based on best practices.
Knowing the threat to better protect against it
Dell SecureWorks researchers and security consultants are highly versed in the practices and nuances of intelligence. This team applies its research and intelligence capabilities to all aspects of Dell SecureWorks operations, using tools that go well beyond simple alerts and content searches to include sophisticated relationship mapping and advanced techniques for detecting malicious code. With seven Security Operations Centers (SOCs) worldwide, Dell SecureWorks also provides localized incident-response personnel. (For more information, see the sidebar, “Meet the Counter Threat team.”)
Meet the Counter Threat team
They are an elite unit with backgrounds in private security, the military and intelligence. They know where to look for information that’s tucked away in dim areas of the internet and hacker communities. They can build an overall picture from a thousand disparate puzzle pieces of data. And when an incident is identified, this team swings into action to contain and remove the threat.
They’re the Dell SecureWorks Counter Threat Unit (CTU). For many large and midsize companies, government agencies and media outlets, CTU is the answer to their security challenges.
Top security talent and techniques
Comprising some of the most highly regarded security researchers in the world, the CTU research team is frequently first to market with the identification of new exploit techniques. Using proprietary technologies, they can identify threats in advance, assess their severity and provide recommendations for protecting against them. Putting this knowledge to work is the job of analysts at Dell’s seven Security Operations Centers in the United States, Europe and India.
When an incident is identified, the CTU response team takes the necessary steps to mitigate the threat before damage is done. CTU forensic investigators can determine the source and full extent of a breach to contain the incident and address the root cause, and response team members work hand-in-hand with a client’s team until the issue is resolved.
Moving from reactive to proactive to predictive
The Dell Security portfolio connects security to infrastructure with protection embedded natively into IT systems. It connects security to information with proactive measures to gather, analyze and report the data needed to guard against malicious attacks. And it connects security solutions together for protection that is no longer siloed and enables organizations to respond decisively if an incident occurs.
Based on the four pillars of enterprise security — identity and access management, network security, data and endpoint security, and security services — this approach empowers organizations to move from reactive to proactive to predictive mode to counter evolving threats.
Dell also maintains a professional services staff ready to work with organizations to determine their business-specific and site-specific issues, scope a solution to meet those requirements and help evolve the solution as threats change. Organizations can leverage the Dell team’s deep insight gained from helping thousands of customers deal with security issues. As a result, Dell Security frees business and technology leaders to pursue exciting new opportunities wherever the business takes them, with the focus on innovation rather than protecting their flanks.
Dmitriy Ayrapetov is director of product management for network security at Dell.
Jon Ramsey is executive director, chief technology officer and Dell Fellow with Dell SecureWorks.
Jackson Shaw is senior director of product management for the Dell Software Group.
Sarah A. Williams is director of security software for end user computing at Dell.
Dell Data Protection solutions:
Keep it simple
Dell One Identity solutions are designed to simplify identity and access management needs. Watch the video on this web page to learn more about a simplified, unified approach to solving challenges such as privileged account management, data access governance and enterprise provisioning.
On the hunt
The young man could pass for one of China’s prosperous new middle class. But he’s not just anyone — he’s a hacker named Zhang. Follow a Dell SecureWorks analyst as he investigates the twisted tracks of an active espionage campaign.
Download a PDF version of this article here.