Venustech proposes an overall security solution for government organizations based on the requirements of relevant laws, regulations and the industry's best practices.
1. Architecture Security
Dividing a network into subnets can ensure that primary network devices have redundant service processing capacity to meet peak demands, and also the bandwidth for each network part meets peak demands. A secure access path can be established by controlling the routing between a service terminal and service server.
2. Access Control
Security devices (such as firewalls and UTM products) are applied to isolate security domains and perform access control. The network access is controlled depending on the user and information categories. Security devices implement network access control to prevent unauthorized access to core resources of the current security domain by users from another security domain.
3. Intrusion Prevention
The data flowing into a system security domain and its subzones must pass through security boundaries, where access control, anti-virus control, and intrusion detection are performed. The intrusion prevention system (IPS) can constantly update its detection methods for new attacks. Using signatures, behaviors, sandboxes, algorithms, and other detection techniques, the IPS can not only keep its traditional advantages but also defend against advanced persistent attacks (such as unknown malicious files and unknown Trojan channels), 0-day attacks, and sensitive information leakage behaviors.
4. Security Auditing
Full-path security audit can be conducted by using both database auditing and bastion hosts. A customized auditing plan can be applied to organizations to help them improve their internal IT control and auditing systems to meet compliance requirements, and enable them to successfully pass the IT auditing.
5. Vulnerability Scanning
A vulnerability scanning system can be deployed to scan security vulnerabilities on the entire network. A security system is established following the steps of "discovering > scanning > defining > fixing > auditing". Using various latest international vulnerability scanning and detection technologies, the vulnerability scanning system can quickly discover network assets, accurately identify asset attributes, thoroughly scan security vulnerabilities, clearly define security risks, offer fix suggestions and preventive measures, and effectively audit risk control strategies. Therefore, it can help users implement a comprehensive assessment of vulnerabilities and achieve control over their system security.
6. Security Supervision
A security management platform can be deployed to summarize and analyze all security events, audit logs, threat information and attack events, display the required information, and achieve overall monitoring of hosts, network devices, and security devices.
7. Related Products
Unified threat management (UTM), intrusion prevention system (IPS), intrusion detection system (IDS), security operations center (SOC), vulnerability scanning, and database auditing.
8. Success Cases
a. Perimeter security solution for government network
The user is satisfied with the protection capabilities of Venusense Unified Security Gateway (USG) in anti-virus, P2P protection, and buffer overflow attack prevention. The unified security management platform and the one-click configuration function provide great convenience for their management.
b. Security management platform for Jiangxi information center
The user can promptly deal with security issues through centralized management and monitoring, and keep abreast of the operation conditions of each department's assets by displaying the topology.