network background popup

Stratus "DOSarrest’s Secure corporate Zero-Trust cloud gateway"

A fully managed, cloud based, next generation firewall, protecting both remote and in-house Internet users’ computers and the corporate network from malicious traffic

Evolution of Firewalls

Here’s where corporations and organizations find themselves today

With the evolution of how the Internet is being used by organizations today, involving multiple locations in the cloud(AWS, Azure, etc) multiple corporate network locations around the globe and employees using their own laptops to access corporate data remotely as well as using the corporate LAN from the inside has created a never ending challenge for IT security teams.

IT teams now have to not only keep hackers from reaching into the corporate network to delete, modify or steal corporate secrets, plant worms that enable backdoors that they can use anytime in the future. What’s even more challenging is protecting sensitive corporate data from their own employees who become unwitting participants by simply clicking on an email attachment that contains some malicious code.

Employees that are considered friendly are the cause of one of the most common security events, which is being a victim of phishing scams that can lead to a devastating data breach, that can cost 10’s of millions of dollars to recover from.

The Challenge

IT admins face increasing challenges to implement a zero trust model into their operations, as they try to ensure that access to apps is always secure, based on least privilege and have complete visibility into all user activity. This challenge becomes even more difficult as more of their users need access from remote or mobile vantage points. To meet the requirements for a zero trust network, administrators typically need to:

  • Install expensive next-gen firewalls, and build and maintain policy based access controls for their applications
  • Implement and maintain Multi Factor Authentication systems, in order to verify the user and validate their devices
  • Collect, analyze and alert on logs in a meaningful fashion, so that you can audit on either a per person and/or per application basis. They also need to be able to create historical reports and analysis on data usage.
  • Maintain multiple security platforms and access controls for local network applications and services, as well as for cloud services that are part of an organization’s IT stack

As you can see, building towards a zero trust network can be an expensive exercise with ongoing licensing costs, as well as a steep learning curve for an already exhausted IT team. The administrative overhead of managing firewalls can be quite demanding, and you still haven’t reduced the attack surface of your network and infrastructure from a possible DDoS attacks.

Furthermore, IT admins still need to make sure their users are safeguarded on their regular internet browsing, where zero day threats are hiding in their SSL traffic, and potentially introducing an infected host deep within your organization’s infrastructure.

How does your Security group deal with this ?

There are just too many moving parts to effectively monitor multiple cloud based apps, corporate office locations, Wi-Fi locations and so many gateways to the internet, some, your security team may not even know exist. How can you keep all of these policies in synch with security devices spread around the globe?

On top of all this, add personal laptops and smart phones, some infected that access the Internet and sometimes the corporate network. It’s a disaster waiting to happen.

DOSarrest has been stopping malicious traffic for our customers websites with our proprietary Cloud based DDoS protection and WAF services since 2007. We have many years of experience protecting websites from bad actors. We are now leveraging our globally distributed network, our in-house development team and big data clusters to provide a fully managed cloud based Next Generation Firewall Service (NGFW).

DOSarrest has teamed up with Juniper networks and has deployed their vSRX security appliance software in all of our nodes around the globe.

The vSRX is a NGFW that sits in all of our nodes and receives real-time malware signature updates directly from SOPHOS( The global leader in Malware detection and prevention), In addition to SOPHOS, our system also receives real-time updates from Forcepoint(Defacto URL reputational database of infected and nefarious websites that can infect web visitors)

The Solution

DOSarrest developed “Stratus”, A Zero trust cloud based network to meet these challenges. Operating within the DOSarrest DDoS Mitigation network, Stratus allows IT admins to meet the goal of moving their security and access controls as close to the surface and point of entry, instead of sticking them far away somewhere within their network perimeter, in an easy cost effective manner.

Leveraging the powerful Juniper SRX platform, Stratus allows IT admins to:

  • Connect their network/s with a site-to-site VPN
  • Provide remote access VPN access to their users on any of the Stratus nodes (London, New York, Los Angeles, and Hong Kong), for a fast and secure session
  • Verify the user and validate their device through the use of MFA and device certificates
  • Apply least privilege roles on a per user basis; segment access by applications, services and/or networks. Can be even further restricted by assigning permitted time windows of access
  • Conduct real-time and historical audits on users, applications, traffic flows, and security events
  • Apply UTM and SSL inspection on even general Internet Access for your corporate network and/or remote access VPN users

Advantages

Network

  • 1 Tb/s DDoS Mitigation Protection
  • Operating exclusively from the DOSarrest Mitigation Networks, for full control and oversight
  • Located in the premier carrier hotels, and connected to Tier 1 upstreams and the largest peering exchanges, providing for a rich and diverse set of routing options
  • Optimized routing the largest public cloud providers
  • Options for connecting with direct connect or SDN fabric

Firewall Capabilities

  • Industry leading IDS capability, using Signature Based Detection, Anomaly Based Detection, and Stateful Protocol Analysis
  • Zero day protection, Real Time UTM and IDP databases
  • Unified Threat Management (UTM) that includes Antispam filtering (using Sophos SBL rules)
  • Content Filtering based on MIME type, file extension, protocol command, and embedded object type
  • Web Filtering – limiting or preventing access to inappropriate web content
  • Granular Application Security, including identification, tracking and firewalling using application-based rules
  • Full File-Based Antivirus – file based scanning against an always up to date anti-virus database
  • Fast SSL Inspection capability to mitigate attacks leveraging the Secure Socket Layer

VPN

  • Remote Access VPN and IPsec tunnels configured with the highest level of encryption
  • IPv4 and IPv6 capability, with ability to create different routing and filtering for each IP space.
  • Supports multiple VPN client Works with multiple Identity Providers and Customer LDAP/AD setups
  • Can support multiple VPN clients
  • Revocable Session Tokens

Management

  • Centralized Management of users, devices and applications/protocols; no overhead and complexity managing individual applications with their own protected access proxy
  • Managed by a 24/7/365 SOC and Netops team
  • Customized alerts for any events you want to be immediately notified for. Receive scheduled daily, weekly and monthly reports
  • Flexible detailed reporting that allows you to drill down to a user, application and/or event in seconds

Why Move to DOSarrest’s cloud based NGFW ?

On Premise Firewall
  • Limited connections
  • Each firewall appliance has to be maintained separately
  • Has to receive daily updates on Malicious traffic
  • Relies on Vendors malicious intelligence Traffic signature library
  • Maintain hardware and software Licences and subscription services
  • Requires knowledgeable staff to effectively use the appliance
  • Doesn’t protect employees laptops
  • No advanced zero-day malicious Traffic anomaly detection and quarantine
Cloud Based
  • Able to handle 10’s of thousands Of simultaneous connections
  • Maintain policies across multiple offices, Cloud APP’s and remote employees
  • Automatically receives real-time updates.
  • Zero Capital expenditure
  • 24/7/365 support
  • Protects employees globally
  • Sand boxing

Protection from

  • Phishing/Spearphishing
  • Worms
  • Ransomware
  • Spyware/Adware
  • Trojan Horses
  • Viruses
  • Zombies/Botnets and any malware

All it takes is for one employee to connect to the corporate network either through the local Wi-Fi or remotely to unleash havoc on a corporate network that can cost millions to repair and halt business operations for days, weeks or months while the cleanup goes on.