How Does Nasstar Protect Your Services?

nasstar.com

CONTENTSIntroduction

Citrix Environment

Ransomware

EM+S

Netscaler

DMZ’s

Dedicated Security Personnel

Penetration Testing

Cyber Security Information Sharing Partnership (CiSP)

IS0 27001

Software Patches & Updates

Falanx

Defence-In-Depth Is The Future

HOW DOES NASSTAR PROTECT YOUR SERVICES | NASSTAR PLC

2

2

2

3

4

4

4

4

4

4

5

6

6

INTRODUCTIONCyber security is not something you can do once and forget about - there’s no shortage of threats out there which can affect all parts of your IT infrastructure: end point, network, servers and the cloud.

As a managed IT services provider, Nasstar is constantly reviewing its security posture based on the current and predicted threat landscape to ensure clients are protected from threats.

Citrix EnviromentThe Nasstar Citrix environment offers end-to-end encryption from the client to the server. Two factor authentication can be made available for all users upon request.

In addition to the security inherent within Citrix, Nasstar offers the following security measures for multi-layered security:

• Intrusion Detection System (IDS) – Network based IDS inspects all inbound and outbound network activity and attempts to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

• Gateway Anti-Virus scanning – Delivers intelligent file-based protection through a high-performance engine that scans for file-based internet threats in real-time.

• Trend OfficeScan endpoint protection - To protect against today’s fast-evolving threats. Nasstar use comprehensive, next generation endpoint security technology. Trend Micro OfficeScan provides modern threat protection for viruses and anti-malware protection.

• Mimecast Secure Email Gateway - Uses sophisticated, multi-layered detection engines and intelligence to protect email data and employees from malware, spam, advanced threats and zero-day attacks.

RansomwareRansomware is a serious worldwide issue and has become a major factor when considering security in IT systems.

Nasstar lead the way in the market by having deployed the most sophisticated countermeasures available to protect customers against the threat of ransomware. These countermeasure include:

• Firewall - Nasstar has enabled IDS (Intrusion Detection System) on our firewall clusters which offer the following features:

> Anti-virus scanning at the network level (HTTP, FTP, IMAP, SMTP, POP3).

> IDS signature matching enabled to log suspicious activity.

> Botnet filtering, any communication to/from known botnet command and control servers is blocked.

> Windows Firewall is utilised on all Windows servers enforced by Group Policy.

• Macros - One common attack vector is via a macro enabled document sent to a user who will execute malicious content. To combat this all macros have been disabled from executing in temporay locations (e.g from e-mail) within the hosted desktop and must be saved to a shared drive.

• AppLocker - All hosted desktops have an AppLocker policy enabled. The purpose of this policy is to ensure executables and scripts cannot run from any user’s profile. Any malicious file served by Java/Flash will typically try to save into the users profile and therefore will not run.

• File Screening - All file servers are configured with File Screening. If a known ransomware file (there are currently 849) is created on any file server our Support Team are immediately notified, the user is logged off automatically and the process is terminated.

2

Ransomware stops you from using

your PC. It holds your PC or files for

“ransom”. Protect your organisation

and prepare for ransomware attacks!

3

• Proxy - All internet access is routed via a proxy server. Proxy servers offer a number of benefits including:

> Auditing

> Blocking known malware sites

> Anti-virus scanning

• Multiple clicks to play - To prevent users being served with malicious java/flash content (assuming it is installed) group policies are deployed that force a user to “click” any content they wish to play. Multiple (3) clicks to play content including prompts can be configured.

• File Associations - Some ransomware will arrive as .js or a .vbs script. These have been configured to open with notepad, so users do not inadvertently open/run them (although this would also be stopped by Applocker script protection).

• Honeypots - Honeypots are large file containers placed as the front and end of a directory structure that contain millions of small 1k files. The design being the ransomware that executes gets bogged down in the millions of 1k records first, giving the 24x7 engineering team time to respond before any real data is impacted. Therefore, we have shares on our network populated with millions of junk files, if any process changes data on these shares our support team is notified immediately.

• Assuria log manager: MidGuard - This securely sends event logs from Nasstar servers to a third party cyber security business where activity is monitored from their 24x7x365 security operations centre (SOC)

EM+SNasstar are more and more integrating private cloud Active Directory infrastructure with Microsoft’s EM+S suite of products. This enhances security and is proposed for this solution, which includes:-

• Machine intelligent learning - machine intelligence is used to detect attacks based on suspicious activity - i.e. unusual location for logon, or a match of activity on your account that matches a pattern from global usage. For example machine intelligent learning increases security by learning what and how systems are used in order to flag anomalies to be investigated. e.g. how can user X log into a PC in London and France on the same day? Or diary says user X is in Telford, yet they access the system from London

• ARM Cloud app security – complete visibility into employee and data usage, using behavioural analysis to protect against potential threats/attacks to your cloud applications

HOW DOES NASSTAR PROTECT YOUR SERVICES | NASSTAR PLC

NetScalerNasstar provide Citrix connectivity via NetScaler’s in order to take advantage of the enhanced security features inherent in this technology. Nasstar have invested heavily in this technology and as a result were awarded “Citrix Networking Partner of the Year” for 2016.

DMZ’sInternet-facing services are placed into securely segregated networks called DMZ’s. They are virtual or physical networks isolated from core services by dedicated firewalls with strict access controls.

This means that in the unlikely event these systems are compromised the impact is limited. Additionally, we utilise firewalls for interior network zoning to separate various tiers of the service infrastructure.

Dedicated Security PersonnelNasstar employ a full-time, dedicated IT Security Architect who is responsible for computer and network security. Part of those responsibilities involve the use of hacking techniques to identify weaknesses in customer systems.

Any highlighted weaknesses are raised as incidents or problems to be addressed by engineers in conjunction with software vendors (where required).

Penetration TestingOptionally, Nasstar can arrange to run penetration tests for customers. Please enquire for further details.

Cyber Security Information Sharing Partnership (CiSP)Nasstar are a member of CiSP which is part of CERT-UK, a joint industry government initiative to share cyber threat and vulnerability information. Nasstar therefore benefits from:-

• Engagement with industry and government counterparts in a secure environment

• Early warning of cyber threats

• Ability to learn from experiences, mistakes, successes of other users and seek advice

• An improved ability to protect our company network

ISO 27001Nasstar recognises the importance of information security, as part of a strategy to pro-actively manage risk and Nasstar have been running its Information Security Management System (ISMS), certified to the ISO 27001 standard since 2010.

4

The objectives of the ISMS are based on a continual formal risk assessment process. Having identified and assessed risks to ourselves, and our customers, we select and resource specific information security controls in order to mitigate those risks.

Everyone within Nasstar has an important role to play and each member of staff has their own specific tasks, and responsibilities, within the ISMS. We expect our core behaviour of professionalism and customer focus to be reflected in our protection of customer information. We support staff efforts to secure information through continual staff training and awareness activities.

Achievement of effective information security within Nasstar depends upon a team effort; contributions by everyone will ensure that we meet the contractual, legal and regulatory information security obligations we have to our customers.

Nasstar are externally audited annually by the certification body SGS.

Software patches & updates Several factors exist in the enterprise environment that require consideration prior to deploying any updates; for example, these include rollback capability, application compatibility and system stability to name but a few.

Simply speaking from the security viewpoint Nasstar approach this with an additional concept known as the trusted systems model. We have known inputs, where a known process is then executed and results in a known output. By applying a patch to a piece of software or device we make a change within this model and therefore need to understand the impact of that change to ensure stability/availability and take a new baseline of how the system is operating after patching for future reference.

As you can imagine this process can take some time which can vary depending on the complexity of the system to which the patch is being applied. The result of this is an increase in the exposure time to the vulnerability from when a vulnerability is announced, to a patch being issued and through to being protected when the patch is applied.

“80% of cyber attacks seen today can be prevented with basic risk management”

HOW DOES NASSTAR PROTECT YOUR SERVICES | NASSTAR PLC

5

In order to counter this increase in exposure we apply the concept of defence in depth with the security layering and compartmentalisation. The principal behind this is that several layers of security exist between an actor (prospective attacker looking to exploit a vulnerability) and the target device/system.

Each system within our environment is placed in to an appropriate security zone and compartment. The higher the risk profile of the system, then the more layers and security compartments are employed within the model to protect the system. These layers and compartments either protect and prevent a given vulnerability from being exploited (vectors) or inject a delay element that allows the various security mechanisms in the infrastructure to either counter/mitigate the attack or generate alerts and isolate the targeted system.

Typically, this approach provides the additional protection needed to mitigate against the risk of the vulnerability, allowing us to take a controlled and measured approach to the application of patches.

FALANXNasstar partner with Falanx, an AIM listed cyber security specialist. Falanx apply artificial intelligence to every event log being captured across Nasstar firewalls, servers, switches etc. to integrate millions of line items and determine what based on each

event may be happening across the network and platform. For example, event logs on a server can be millions of lines long, and irrelevant unless compared to corresponding event logs on a firewall. The Falanx software takes the manual process of reviewing and comparing millions of line item logs to ensure Nasstar engineering teams are reacting to any possible attack or weakness on the platform.

DEFENCE -IN-DEPTH IS THE FUTURENasstar has many layers of security protecting its hosted platforms but it is crucial that its clients creates a cyber savvy culture within their organisation. That comes from the top down, and it spreads via effective training and regular updates to ensure best practice is always front of mind for staff.

That’s why as a managed service provider, Nasstar puts a major focus on education and training – of our own staff and those of our clients, in things like Cyber Essentials. Security is present at every layer of our organisation, and it can be in yours too.

6

The average time it takes for an organisation to identify a malicious attack on its network stands at 229 days

HeadquartersDatapoint House, 400 Queensway Business Park, Queensway, Telford, Shropshire TF1 7UL

Regional OfficesSuite 49, Temple Chambers, 3-7 Temple Avenue, London EC4Y 0HP

7 Basset Court, Northampton NN4 5EZ

Midland House, 2 Poole Road, Bournemouth, Dorset BH2 5QY

Unit 11, 34 Triton Drive, Rosedale, Auckland 0632

Registered number 05623736

@Nasstar

blog.nasstar.com

info@nasstar.com