across every layer
Simply having a good firewall isn’t enough anymore. There is not any one thing that can protect your network from the variety of threats across the spectrum of attack points.
That is why core to the CyberGuard philosophy is layered defense.
The CyberGuard endpoint agents are deployed to Windows workstations and servers and provide additional endpoint protection and visibility. Our agents allow detection of threat persistence mechanisms, such as backdoor accounts and malicious scheduled tasks. Our agents also provide easy update and patch management on devices.
The CyberGuard elite enterprise quality server can sit at a network chokepoint where it can actually take real-time action. The server supports 10G networks and provides firewall, intrusion detection, DNS security and many other features to protect your network.
The CyberGuard satellite sensors give layer-2 visibility into remote office locations and provide the ability to detect local broadcast attacks such as LLMNR request forgery attacks, as well as provide protection against a wide range of wireless attacks such as deauthentication attacks, evil twin attacks (including the KARMA attack) and much much more.
CyberGuard provides a stateful firewall with top-tier enterprise features such as Geo-IP blocking and continually updated threat intelligence feeds. Utilizing the Geo-IP blocking you can choose to block traffic to specific countries with which you do not do business. CyberGuard has threat intelligence feeds that allow blocking IPs associated with malware, SPAM, porn and other undesirable network traffic. A good firewall is the first layer of defense between the Internet and your business network.
Intrusion Detection and Prevention System
CyberGuard includes a mature, fast and robust threat detection engine that is capable of real time intrusion detection (IDS), intrusion prevention (IPS) when placed at a network chokepoint, as well and network security monitoring (NSM) with the ability to monitor network flows and save network captures (PCAPS) for offline analysis and incident response evidence preservation.
CyberGuard can function as your network Domain Name System (DNS) server, which allows you access to information about what sort of sites are being accessed from your network and additionally, allows you to configure CyberGuard to block access to undesirable sites. CyberGuard can instead send users to a custom webpage explaining that the site they tried to access was blocked and explain why.
Cloud Security Monitoring
CyberGuard can monitor cloud logins for services such as Office 365, Google’s G-Suite, Salesforce and many others, including any cloud services which support SAML. You can get alerts when accounts login successfully from out of country, in order to verify that the user is really on-travel. CyberGuard can also alert you when a user login exceeds the speed at which a person can travel, such as when there is a login in Huntsville, Alabama and then 10 minutes later in California. Attackers are increasingly focusing on cloud accounts as businesses move more and more services to the cloud. Monitoring the security of cloud services is a critical step in providing a layered defense.
CyberGuard has multiple network, service and host monitoring capabilities. You can configure simple up/down monitoring with alerts when a host or service is down for more than a defined time period. Alternatively, you can monitor non-discrete data, such as bandwidth utilization or packet loss. You can even configure monitors to notify you when an HTTPS certificate is going to expire. CyberGuard provides the information you need in order to catch security issues, misconfigurations and reliability issues before an attacker finds them.
On-demand or scheduled audits and reports
You can configure CyberGuard to run audits and generate reports to present you with the information you need, such as patch and update status reports, microsoft licensing reports, or audits of specific software versions installed on machines.
CyberGuard has extensive monitoring, reporting and dashboarding features, leveraging Grafana and powerful monitoring and alerting APIs. Customized dashboards for reporting and monitoring items can be added to provide you with the insight that you need. Our job is to make it easier for you to manage the IT and CyberSecurity needs of your business.
CyberGuard visualizing a custom monitor of a Proxmox virtualization cluster for one customer. They desired the ability to monitor the resource usage across nodes of the cluster in order to see how many VMs were deployed on each node and to monitor memory and disk usage.
Disk I/O Monitoring
A custom monitoring dashboard was added to CyberGuard to monitor disk I/O on a server that was running some high performance database for a customer. They wanted to get alerts when disk I/O exceeded certain thresholds