The concept of Zero Trust Architecture (ZTA) promotes a security approach that assumes no implicit trust in any user or device, regardless of its location or network context. Lately, we explained why every organization should have a cybersecurity strategy in place, using a 7-pillars approach to categorize all the different layers, modules, and functionalities that such a strategy can possibly include. Today, we will discuss how ISEC7, your Managed Security Service Provider (MSSP), can help your organization deploy such a strategy, with our solutions and services.
ISEC7 Sphere, our technology-agnostic platform, provides management, insight, and monitoring capability in a singular console across all your digital workplace solutions. It provides IT administrators and help desk staff with real-time updates about the mobile infrastructure. The system can monitor over 750 parameters and flag potential issues before they impact the users. Proactive alerts are sent to assigned IT staff who can resolve issues before they turn into outages. With only one system to manage, issues are identified and resolved faster, requiring less IT staff with a significant impact on the operational cost.
Vulnerability and Patch Management
ISEC7 Sphere collects Common Vulnerability and Exploit (CVE) for monitored systems from the National Vulnerability Database (NVD), a public vulnerability repository maintained by the Cybersecurity & Infrastructure Security Agency (CISA), that provides information about known vulnerabilities. ISEC7 Sphere displays them under the affected system and can consider that information to calculate the server status. Administrators can easily click on said CVEs to review them, then acknowledge them once installed on the corresponding systems.
Device and OS Compliance Reporting
ISEC7 Sphere can display a chart with the number of Android devices that are operating using security patch levels of the given timeframes in months, helping quickly identify which devices need to be updated, to not only improve the device’s overall performance, but most importantly, ensure said devices remain safe and protected from potential security threats.
Centralized, Real-Time Control
ISEC7 Sphere can retrieve data from all the company’s systems and presents them on one dashboard. The system can monitor over 1,000 parameters and flags potential issues such as policy changes or traffic anomalies indicating potential compromise; correlate raw data received to gain insights into network behavior that deviates from established baselines; build easy to read continuous monitoring dashboards for presentation and reporting with the ability to deep dive into data; customizable proactive alerts are sent to assigned IT staff who can investigate; easily forward and categorize logs for storage.
Regulatory Compliance Monitoring
ISEC7 Sphere enables regulated industries and governments to efficiently monitor compliance against regulations, using endpoint tamper detection and UEM compliance monitoring, to help prevent data breaches as well as expensive fines. It helps to ensure proper, approved Operation System (OS) versions are in place on all endpoints, as well reporting in case any of them has been tampered (device rooted or jailbroken), so that mitigation actions can be taken accordingly. It can also track IT policy changes from the different UEM solutions, so it is possible to determine who modified what in no time, as well as integrate it with an internal approval change process.
In addition to the ISEC7 solutions, our team also supports, manages, and operates industry-leading secured digital workplace solutions, from Unified Endpoint Management (UEM) to Unified Endpoint Security (UES) platforms, including Microsoft Intune, BlackBerry UEM, Cylance UES, VMWare Workspace ONE UEM, and Ivanti MobileIron.
Continuous Monitoring and Real-Time Visibility
ISEC7 Sphere is configured out of the box to pull and retain UEM and MTD logs and automatically sort them by type, providing continuous monitoring and real-time visibility into user and network activities must be established, employing technologies like log analysis, threat intelligence, behavioral analytics, and anomaly detection to identify and respond to security incidents promptly. This not only saves agencies time from pulling the logs manually, but also saves money on data processed in a tool like Splunk.
ISEC7 Mobile Exchange Delegate (MED)
ISEC7 MED is a secure mobile email client allowing classification, encryption and signing enforcement. MED also allows for mailbox delegation capabilities and public folder integration. ISEC7 MED operates with modern and certificate-based authentication (CBA) and allows users to securely send, receive, and enforce encrypted and signed emails (S/MIME). As the top priorities of ISEC7 MED are security, classification, and authentication, it is an ideal tool for managing classified or sensitive information, group, or organizational mailboxes, and supporting executive leadership and their staff.
ISEC7 Classify is an easy-to-use platform ensuring that users correctly mark and disseminate sensitive information including Emails, Calendar entries, and Office documents, while using any office application on any device. The solution can be configured easily for different national laws and regulations, and once the information is correctly marked, ISEC7 Classify will verify that proper permissions are granted for the sender and recipients before sending or storing. Users are presented with a seamless experience on every type of device and client they choose to use. ISEC7 Classify is an Azure Platform-as-a-Service (PaaS), requiring minimal additional infrastructure to run and decreasing the total cost of ownership for engineering cyber operations.
ISEC7 Professional Services (PS)
Zero Trust Endpoint Protection
Chances are you already have some level of Zero Trust concepts deployed in your ecosystem. It could be in your UEM, VPN, or MTD solution. ISEC7 previously published a Zero Trust deployment guide for devices on our blog, and if there is a desire to incorporate additional Zero Trust elements in your network, we encourage you to reach out to the team at ISEC7 for a mobile cybersecurity health check. The experts at ISEC7 understand the importance of Zero Trust architecture and constantly verifying that every user, device, or app connecting to a resource is authenticated, legitimate, and free of any suspicion, and we are more than pleased to assist you in any step along the way!
ISEC7 Zero Trust Services
ISEC7 can help deploy a Zero Trust security strategy, incorporate Zero Trust elements into your network, and adopt multi-factor authentication (MFA) to meet the new standards and reach your optimal cybersecurity goals:
- Full Stack Systems Integration
- Network Architecture Design
- System Health Check
- Risk Assessment and Penetration Testing
- Security Operations and Incident Response
- Staff Augmentation
- Lab Based Training
- 24x7 On Call Support
- Secure Software Development
Planning and Design of UEM Infrastructures
ISEC7’s experts provide you with support in implementing mobile infrastructure based on the leading Enterprise Managed Mobility solutions. With the know-how gained from more than 18,000 project days, ISEC7 is your ideal contact for the technical planning and design of your mobile infrastructure and mobilizing your business processes.
Our Services include:
- Stock taking and needs analysis for enterprise mobility
- Mobilization of business processes
- ROI analysis for business process mobilization
- UEM infrastructure selection, planning and design
- Creation of operational concepts
Our experience is based on more than 4,000 installed UEM infrastructures – from single-server installation up to global, highly available UEM infrastructures with more than 50 UEM servers and 100,000+ devices in a UEM infrastructure.
Integration & Migration of UEM Infrastructures
A UEM infrastructure is deeply integrated into a company’s system landscape. Changes to mail servers as well as collaboration and database servers always have an impact on the operation and functioning of the UEM infrastructure. The technical specialists from ISEC7 provide you with planning and implementation support for your upcoming activities.
The following support services are available:
- Consolidation of EMM infrastructures
- Migration between different EMM infrastructures (automated or manual)
- Assistance with updates from non-EMM systems such as e-mail servers, database servers, proxy systems, c.
- Migration of EMM databases from MS SQL Express (MSDE) to MS SQL Server
- Migration of databases between database servers
- Support with the migration of the basic operating system or basic Hardware (including virtualization)
- Support with the migration of the e-mail system
In addition, we have a high level of expertise in the areas of:
- High availability for mobile infrastructures
- Integration of security solutions
ISEC7 is your certified integration partner for:
- VMware Workspace ONE
- BlackBerry UEM
- Citrix XenMobile
- Microsoft Intune
- EMM / MDM solutions
Third-Party Vendors and Partners
Besides the range of our own products and services, we also work closely with partners that deliver advanced Zero Trust services.
For remote access requirements, one of them has a secure and scalable platform for virtualizing mobile devices, allowing users to access and interact with virtual instances of mobile operating systems (such as Android) on various endpoint devices, addressing the inevitable security concerns associated with sensitive data, applications, and workflows on mobile devices. By leveraging Virtual Mobile Infrastructure (VMI) technology, it allows organizations to centralize data and applications within a secure environment while enabling users to access and use these resources remotely.
For conditional user access requirements, one of our partners has a solution that consists of an enterprise Single Sign-On (SSO) mobile app that turns a user’s mobile device, whether BYOD or COPE, into a fully-fledged Active Directory (AD) client, removing all dependencies on computers for such tasks as password reset or change, and allowing your organization to become truly mobile. It helps ensure only legitimate access to your network is authorized, triggering pre-programmed actions (e.g., prompt for additional fingerprint or Face ID) based on contextual data (geo-fencing, network used, resource accessed, etc.).
Also, with the exponential rise of quantum computing in recent years, current encryption algorithms used to secure our data and communications networks are at risk of becoming obsolete. Using the Shor algorithm, the power of a quantum computer will be able to break modern encryption standards sparking the largest cryptographic migration in the history of computing – requiring organizations to replace legacy encryption with quantum-safe cryptography. One of our partners offers a quantum-safe and crypto-agile enterprise management platform that implements effective cryptographic policy to stay ahead of the evolving threat landscape, advances in computing, and everyday cybersecurity risks.
ISEC7 is at the forefront of cybersecurity and has long worked with organizations to ensure their ecosystems are protected and their security posture is as strong as possible. If you have any questions about deploying Zero Trust Architecture or improving your organization’s security posture in general, the team at ISEC7 can complete a security assessment and help you navigate the options available to you, as well as help you leverage your existing solutions to their fullest capability. Based on our experiences across organizations large and small with unique security demands and stringent requirements, we can confidently match you and your organization with the right solution.
(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group