Don’t Give Attackers a Chance
Speed and networking are the two essential factors that cause the requirements for the security of a company network to grow continuously. The IT department of a company is faced with various challenges as a result. Risks and dangers lurk both internally and externally. You should therefore protect your employees from unintentional gaps in security. We’ll help you take the right precautions and secure your business.
01Protection of hardware and software technologies
02Broad visibility, central control and management of the entire digital attack surface.
The proliferation of technology into practically all areas of life opens up a diverse set of platforms as possible attack vectors. The networking of systems within the company, in the cloud or when using mobile solutions requires the IT security department to be highly sensitive to security risks. In both private and professional areas, high security standards and a high-performance system landscape are essential.
This also means that the systems need to be actively maintained, the firmware kept up-to-date and that you and your colleagues are informed about current vulnerabilities. In order to guarantee the highest possible level of security in the area of information and communication technology and at the same time keep costs under control, we use next-generation firewalls for our security solutions. We work with you to develop an effective defence.
The right solution for every company size
Our partners: Fortinet, PaloAlto
When it comes to firewalls, we at Sidation not only think of stateful inspection, but also of next-generation firewalls with application control, web filters, intrusion detection & prevention, anti-virus, user & device identity and so on.
Modern firewalls allow services to be consolidated. Products that were once separate, such as web proxies, VPN concentrators and IPS systems, are now managed and monitored centrally. Depending on the size of the company and the desired architecture, this can be combined in a cluster or distributed over several devices. In any case, there is a cost saving, because you do not have to be familiar with numerous different systems, the number of support channels is reduced and you gain more in-depth know-how by only needing to focus on one product.
Thanks to integrated, powerful hardware acceleration, we have a suitable solution for every company size.
Home office and mobility, but secured
Our Partner: Fortinet
Due to today’s conditions, employees are very mobile and working from home has become standard. The demand for speed, connectivity and availability remains. Since often sensitive documents are processed, security must also be guaranteed. A VPN infrastructure can meet all of these requirements. As an authenticated part of the company network, users can move around the intranet via the Internet as if they were in the office.
The two most common ways to set up a VPN network are SSL-VPN and IPsec . While SSL-VPN is mostly used to connect individual users to the company network for a limited time, IPsec tunnels are used to permanently connect two networks. This makes it possible to share internal resources in the head office with the subsidiaries. Different locations can work together as if they were connected in a single network.
Security thanks to a second factor
Our Partners: Fortinet, OneSpan
A key factor in the success of the Internet and other networks is that people and devices around the world can participate in it in real time. Identity and access management products provide the services necessary to securely confirm the identity of users and devices when they enter the network.
Two-factor authentication is therefore widespread today. Together with our partners, we use various methods and, among other things, use centralised authentication services (including single sign-on services, certificate management and guest management) in combination with soft and hard tokens or a SMS service .
For user-friendly use of two-factor authentication, Single sign-on can be implemented in parallel. The user only logs on to a central instance once and is automatically given the rights that correspond to his approval on all connected systems. The flexibility in the integration of the solutions we offer is so great that not only existing infrastructures can be equipped with them, but also individual areas or very specific systems if required.
Clustering reduces operational downtime
Our partners: Fortinet, Infoblox, PaloAlto, Cumulus Networks
The high degree of networking has resulted in systems whose failure can bring entire branches of the company, or even the whole operation to a standstill. The priorities have therefore shifted from resilience to high availability. For this reason, additional systems running in parallel are installed, which can take over the functionality in a fraction of a second if the primary device fails.
There are few spatial limits to such a cluster: Firewall clusters can be distributed over several data centers, so that availability is guaranteed even in the event of major problems such as power failures. The cluster can even span countries or continents and as the number of devices in the network increases, a system can be armed against even the most severe failures. Anyone who has already experienced major failures knows the resulting damage and supports the investment in redundant systems.
Secure Web Access
Client isolation and web filtering for end users
Secure Web Access
Our partners: Fortinet, MenloSecurity
There are still many dangers when surfing the Internet. Unfortunately, Web 2.0 and HTML 5 have not changed that. On the contrary, browsers are becoming more and more powerful and now offer many functions.
This is where the Unified Threat Management (UTM) of next-generation firewalls comes into play. In addition to undesirable content, the URL filter can also be used to block many malware and phishing sites. The anti-malware protection helps with known malware threats, while pattern-based attack detection can combat the weak points in the browser. The Application Control Profiles help to filter the content of a provider in the widely networked Web 2.0.
Of course the most elegant solution would be if the user never came into contact with the Internet. And as absurd as the thought is nowadays, this is exactly possible with modern proxy products . Instead of the user accessing the website directly, these solutions only show the rendered image of the website. Nothing changes for the user, but a compromise via an infected website is made impossible. Don’t you believe us? Ask for a PoC, we will be happy to convince you.
Confidential and reliable
Our partners: Fortinet, SEPPMail
In addition to the well-known anti-malware and anti-spam functions, secure e-mail solutions also offer the possibility of encrypted and signed communication with the whole world in a simple manner, without each user needing their own S/MIME certificate.
Checking for viruses and malware as well as the suppression of spam mails are still very much required. We offer you high-performance solutions that can process up to 2 million e-mails per hour on one appliance.
With SPF, DKIM and DMARC entries you can take effective action against forged senders. However, these additional security measures often fail due to implementation. Due to Sidarion’s expertise in the area of DNS, we can also support you in creating and editing these entries.
You can obtain all of our solutions as hardware appliances, virtual appliances or as a managed security service.
Administration and processes simply automated
Our partners: Tufin, Redhat
Managing large firewall environments with over 100 firewalls is a challenge. With a suitable management system, however, this works well today and boundaries are managed. Independent of the manufacturer, you can manage entire firewall landscapes, generate reports, check compliance and consistently roll out changes to multiple systems at the same time.
An automated workflow is essential for managing the complete ruleset. The user should be able to submit their applications in a self-service portal. The automation can then make risk-based decisions and, if necessary, implement them automatically (zero-touch). Thanks to the high flexibility, the workflow that the customer wants can be implemented.
Sidarion projects: insurance, automobile manufacturer
Automation in the security arena
Our partner: Tufin
The rules on the firewalls are adjusted every day, new access lists are recorded on routers or temporary exceptions are configured for a test. Because new projects are coming in every day, there is often not enough time to clean up old and expired configurations.
Automation of the ruleset enables optimisation and auditing in real time. In this way, even complex rulesets can be managed and documented on a project basis.
With an integrated change management process, other teams also have insight into which communication relationships their systems have and how these are configured on the firewalls. The whole change process becomes transparent and many tasks only take minutes instead of hours or days. This makes it very easy to introduce new systems and dismantle old ones.
Network Access Control (NAC)
Detect who is on the network
Network Access Control (NAC)
Our partners: Fortinet, Macmon
One reason the internet has risen so rapidly is that it is accessible to everyone. This cornerstone of the network permeates every protocol and architecture. As enormous as this benefit is, it represents a challenge to be solved for internal networks. How do we prevent users from connecting their devices to open network ports in an uncontrolled manner? How can we grant visitors access to projectors and televisions, but keep them away from internal company resources? And what do we do with employees’ personal devices?
The answer is 802.1x. With RADIUS-based logon mechanisms, the network can recognise company-internal devices and move them to the correct segment. Whether wired or wireless, Sidarion supports you in the selection and integration of this basic protection for your infrastructure.
Is your infrastructure not 802.1x compatible or is the project over budget? Based on the information from a CMDB or IPAM, you can achieve quick results with minimal risk. Our consultants will help you to find the right architecture for your environment.
Risk minimisation in the data cloud
Our partners: Nutanix, Rubrik
Sidarion offers a comprehensive range of solutions to protect your data and ensure the availability of your cloud applications. We offer suitable solutions for all cloud offerings from SaaS to PaaS to IaaS installations.
Our experienced IT architects support you on your way to the cloud; in planning the migration, securing the services and in the central administration of a hybrid enterprise cloud infrastructure.
To do this, we use technologies such as:
- Cloud Firewalls
- Cloud Access Security Broker (CASB)
- Cloud Loadbalancer
- Cloud IPS Systems
- VPN connections from your network to your cloud provider
- Cloud appliances for secure email and web-server installations
Or the art of identifying problems quickly
Our partners: Fortinet, LogRhythm
Who isn’t familiar with vague error descriptions from end users: “The network is slow”, “The VoIP phone is not working properly”.
In such cases, it is important that the network team can find the cause quickly and efficiently, if only to determine that it cannot be the network infrastructure. Modern monitoring solutions cover many aspects of a network such as round trip time, jitter, packet loss and dropped packets. Response times of applications such as DNS can also be included in monitoring. This allows you to keep an eye on the state of the network at all times and often you have the solution to a problem before the first call from a user.
Our monitoring solutions cover many aspects of a network, including:
- Link quality: round trip time, jitter, packet loss, discards
- Network utilisation
- Response times of network applications such as DNS
- Log distribution
As the speed of the network increases, so does the urgency of resolving issues.
Our goal is to optimise alerting so that only relevant events are reported. Thus, you save time and money.
Protection through Segmentation
Our partners: Illumio, Fortinet
Microsegmentation eliminates unnecessary network connections within your data centre and cloud. It is different from network segmentation, which has been around for years and was originally developed to improve efficiency and reduce broadcast domains.
Your segmentation strategy should apply the right type of segmentation to provide the security you need:
- Environment-specific segmentation: separates environments within the data centre and is the coarsest form of segmentation. It prevents intruders from entering multiple environments.
- Location-based segmentation: Cross-country or cross-data centre segmentation. Manage or control access of devices from different data centres (e.g., due to data sensitivity or regulatory requirements).
- Application-aware segmentation: separates individual applications, preventing cross-application communication, even within the same environment. Critical applications are thus given an additional layer of security.
- Tier segmentation: is even more granular than application-based segmentation. It divides the tiers within an application (e.g., web, application, and DB tiers).
- Process and service related segmentation: also called nanosegmentation and is the most granular form of segmentation. It ensures that only enabled connections are allowed. Highly critical processes and services can be protected in this way.
- User-based segmentation: prevents “credential hopping” – a common tactic in which an intruder attempts to use acquired access rights to gain access to critical applications.
We have extensive experience in implementing data centre firewall and IPS systems, and can help you make sense of segmentation based on security classes and protection needs.
Appropriate coverage of buildings and open spaces
Our partner: Fortinet
Many modern devices such as smartphones and tablets require a wireless connection. WLAN is also becoming increasingly important for mobile PCs, so almost all companies have a WLAN solution in place.
However, there are some important aspects to consider for a secure WLAN that are not supported by every product. We recommend that you take these points into account when using WLAN:
- Automatic management of BYOD (Bring Your Own Device) and guest access
- Distinguishing between managed and unmanaged (BYOD) devices
- Separate guest access (multi SSID)
- Integration into the company directory (e.g. AD)
- Device-based or user-based access rights
- Filtering of Internet access, especially for malware or abusive behavior
- Automatic WLAN roaming between different sites
- Adequate encryption
We are happy to support you in the design and implementation of your secure WLAN infrastructure and take care of the appropriate coverage of buildings or open spaces.
Web Application Firewall (WAF)
Close security loopholes
Web Application Firewall (WAF)
Our partner: Fortinet
Classic firewalls offer little protection for increasingly important web applications. Next-generation firewalls with IPS and AntiVirus can offer a certain basic protection for vulnerabilities in the server software. But this usually does not help against a vulnerability in the programming of the page logic, because the content is created individually per customer and installation.
With Web Application Firewalls (WAF) we can protect your servers and improve data integrity as well as server availability. We also use them to minimise the risk of your website being used to spread malware. A WAF takes care of many web security issues such as:
- Code injection
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Unwanted data leakage
- URL whitelisting and blacklisting
You can learn about the top 10 risks in web programming at OWASP Top Ten Project.
Consulting & Services
“As long as you talk yourself, you don’t learn anything” (Marie von Ebner-Eschenbach). That is why we listen carefully to get to know you as a customer with individual needs.
The range of IT security solutions on the market can quickly become confusing. It is all the more important to find the right partner who listens, understands and works with you to put together the right solution. Due to the number of projects we have implemented, we can fall back on a wealth of experience and know what is important.
After assessing the current situation and formulating a strategy, the concept will be outlined and the design will be created. With this design blueprint, we ensure that the project is implemented according to the required specifications and that the agreed goals are achieved. In a continuous exchange of ideas, we work with you to create a concept that covers your needs and fits into your IT environment.
All of our specialists work on projects and cover for each other in the event of absences. With this approach, we guarantee a very well-rounded knowledge in the areas of conceptual design, project implementation and any troubleshooting. Overall, this helps us to better understand the needs of our customers and thus to offer you first-class service.
The ability to integrate standard products into your existing environment is one of the particular strengths of Sidarion. We help you to automatically synchronise data between systems, to create customised interfaces for routine tasks (e.g. as a web GUI) or to implement other requests.
We train your employees on site in your environment and thus help you to work quickly with the new solution. This includes the imparting of basic knowledge, product-specific know-how for administration and troubleshooting, as well as for the support processes of Sidarion and the manufacturer.
In addition, we are happy to offer you the official manufacturer training courses and certification exams. In this way you get to know the product from the manufacturer’s point of view and often see other uses and functions that were previously untapped.
The Sidarion support services (SIDcare) include flexible remote maintenance or on-site support for your devices by our specialists. This is an expansion of the project delivery and the support subscription. As your local partner with a good knowledge of your system environment, customer-specific features and a sound knowledge of the network and security technologies of our products, we are able to help you and solve your problems quickly and efficiently.
You don’t want to take care of running the infrastructure yourself? No problem, we will be happy to do this work for you. We take care of operations, monitoring, patch management, change management and reporting. We will discuss the service status with you at regular intervals and make adjustments if required.
Our partners in the security area
Your security is important to us. Protect your IT environment with solutions tailored to you. Anything that does not fit is adapted. Our specialists are also happy to write a script that simplifies the maintenance or use of a product for you and supports you in your daily work by automating procedures and processes.
Next-level networking – control, administration and protection of the critical network basic services DNS, DHCP and IP address management. The integrated grid technology guarantees reliable administration of the services, offers simple management of the data and provides transparency and monitoring over the entire network.
Expert Partner and Managed Security Service Provider
Next-Generation Firewalling – Fortinet provides intelligent, seamless protection across the expanding attack surface and the ability to meet the ever-increasing performance requirements of the borderless network. Fortinet Security Fabric architecture addresses the most critical security needs.
Next-Generation Security – Palo Alto Networks is shaping the cloud-centric future with technologies that are transforming the way people and organisations work.
Microsegmentation – security through segmentation independent of the network architecture. The Adaptive Security Platform® (ASP) prevents the spread of security loopholes and supports compliance with legal regulations by mapping application dependency in real time and segmenting security.
Gold Service Delivery Partner
Orchestration Suite – Tufin® is the market leader in Network Security Policy Orchestration. With Tufin, companies can centrally manage, visualise and control security guidelines in hybrid environments (cloud, physical networks and virtualised infrastructures). The award-winning Tufin Orchestration Suite™ is a complete solution for the automated planning, implementation and checking of changes in the area of network security.
Secure E-Mail Gateway – SeppMail, the experts in e-mail encryption in Switzerland for 18 years. The award-winning product portfolio includes solutions for secure sending and receiving of confidential data via e-mail, guaranteeing the authenticity of the sender and ensuring the confidentiality and integrity of the message.
Network Access Control – Knowing which devices are on the network and where they are. All devices from PCs to printers, laptops or medical and technical devices are identified, efficiently monitored and protected against unauthorised access.
Security Cloud Platform – The Netskope Security Cloud Platform offers unparalleled transparency and real-time data and threat protection when accessing cloud services, websites and private applications from anywhere and on any device. Netskope takes a data-centric approach to cloud security and tracks the data wherever it goes.
Cloud security and administration – OneSpan (formerly Vasco) is a leading provider in the field of cyber security technology and offers solutions for strong authentication and digital signatures for online accounts, remote access and identities.
Security through isolation – Menlo Security has developed a new type of security approach, which is built in the cloud for the cloud. The Menlo Security Isolation Platform combines web security, email security and phishing awareness training in a single solution. It blocks malware before it can even reach the user.
Digital identity – Imprivata develops and sells the OneSign platform, which secures employee access to computers, applications and networks. The platform brings together an end-to-end authentication and access management solution that enables authentication, single sign-on and virtual desktop roaming.
Cloud Access Security Broker – The next-generation Bitglass Cloud Access Security Broker (CASB) solution enables your company to use the cloud while ensuring data security and legal compliance. Bitglass secures your data across every cloud application and device.
Insight Platform – Rapid7’s cloud platform offers full transparency, analytics and automation capabilities for monitoring vulnerabilities, detecting suspicious activities, investigating and preventing attacks, and automating tasks.
“What I appreciate about Sidarion is the uncomplicated cooperation and the immediate response when matters are urgent. Having a partner with the necessary know-how makes it easier to keep our focus on our core business."Jan K., IT System Engineer, SSM
“As a leading investment controlling and consulting company, we rely on stability, trust and continuity. In Sidarion we have found a partner who shares these values and has been doing an excellent job for many years."Tobias K., Manager IT, PPC Metrics
“Sidarion’s troubleshooting is textbook. We like to use it for training purposes. It represents a great added value for us."Isabelle B., Manager IT Services, Kantonsschule Olten
“Infoblox can be installed and then forgotten, it just works. It's one of the best solutions we've ever implemented. It has been more than worth it."Sven S., IT Infrastructure Management, Aargauische Kantonalbank
“As a general contractor for SAP environments, we depend on competent partners. Sidarion meets this profile perfectly with its broad expertise and its great commitment to projects."Urs B., Business Development, Avectris / Räto F., Team Leader MidMarket Operations and Storage, Avectris
Security originates in the team
Due to our many years of experience and a culture based on mutual support, we face challenges with calm and professionalism.