secure sd-wan · secure sd-wan service description 2.4 by open systems, proprietary...
TRANSCRIPT
1 Secure SD-WAN service description 2.4 by Open Systems, proprietary open-systems.com
Secure SD-WAN by Open Systems provides all the benefits of SD-WAN while reducing cyber risk, simplifying regulatory compliance, and eliminating the headachesassociated with managing an «ecosystem».
Secure SD-WAN packages
Business Enterprise Enterprise Plus
SD-WAN Base X X X
Bandwidth Control X1 X X
Path Selection X1 X X
Application Optimization X X
DNS Filter X2 X X
Firewall X X
Secure Web Gateway X X
Unmanaged NDR X X
Managed NDR X
Unified Threat Protection X X X
How Open Systems works and supports your SD-WAN operationsWith Open Systems Mission Control, you are never alone – a well-trained team
of experienced professionals is always behind you. Highly skilled, certified Open
Systems engineers monitor your systems proactively 24x7, handle alerts and
ensure compliance with your security policy. Additionally, they work with your IT
staff according to clearly defined processes in order to inform you of anomalies
as well as perform global changes that are driven by the dynamic needs of your
organization. Contacts are notified instantly by SMS, email or phone.
Open Systems Mission Control
24x7 operations: Security analysis Monitoring Coordination Implementation Change Summary Documentation Topology update Tickets
Proactive intervention
Open a ticket
Execution and report
MC Company Administrator MC Company-Unit Administrator MC Service Administrator manage requirements of • clients • users • partners •…
Customer
Highly skilled engineers monitor your systems proactively 24x7 and ensure compliance with your security policy.
1 Limited scope
2 Standard policy
SERVICE DESCRIPTIONDeveloped in response to
customer needs, Secure
SD-WAN is enabling digital
transformation at some of the
world’s leading enterprises. The
solution significantly reduces
operating costs, enables cloud
adoption, decreases downtime,
increases application
performance and provides
protection against today’s most
advanced cyberthreats.
Secure SD-WAN
Approved for public use.
2 Secure SD-WAN service description 2.4 by Open Systems, proprietary open-systems.com
PeopleCalls to Open Systems Mission Control go directly through to people who have
the knowledge and infrastructure to tackle and resolve highly complex technical
issues. The engineers at Open Systems answer technical questions, analyze the
situation with the necessary skill and experience, and offer solutions. All the
security engineers have attained a high level of technical education and passed a
background check as well as the Open Systems Mission Control certification.
OrganizationOpen Systems is a high availability organization and a reliable partner that
understands security and SD-WAN. Open Systems Mission Control is capable of
reacting quickly to urgent large-scale incidents no matter which global location
is affected, and has access to a global network of incident response and security
teams (FIRST). Open Systems Mission Control Engineers also participate in various
IT-security consortiums to keep abreast of the latest developments, whereas the
Open Systems global customer base reflects the current operational and security
hotspots.
Core processesOpen Systems Mission Control operates according to ISO 27001 standards. The
core processes in the area of Open Systems services are assessed annually by an
independent auditor and results are presented in a SOC 1 report.
Open Systems Customer PortalThe starting page in the Customer Portal shows an overview of services in real time
for all the sites of an organization. A global map summarizes the same data at a
glance, which helps users perceive their networks more naturally.
Starting page of the portal shows an overview of services in real time for all the sites of an organization.
The core processes in the area of Open Systems services are assessed annually by an independent auditor and results are presented in a SOC 1 report.
3 Secure SD-WAN service description 2.4 by Open Systems, proprietary open-systems.com
Graphs of the network utilization, CPU usage and system load are provided for the
machines that the service is running on. A click on a summarizing graph expands
the detailed view, with statistics of the last day, week, month, and year.
Statistics generated in real time. A click on a summarizing graph expands the detailed view.
The Customer Portal offers graphical availability statistics of the various services,
showing uptime, ISP outage, maintenance, connection down and inactive states over
time. Every ISP outage or lost connection are listed as well as the corresponding ticket
if a threshold was reached and the issue escalated to Open Systems Mission Control.
Service availability statistics in the Customer Portal.
Delegated administrationThe Customer Portal distinguishes between permissions for managing services and
permissions for managing users. To work with services, the following Administrator
and Monitor (view only) roles exist for three levels – the whole company, a particular
business unit, or a particular service. Additionally, the service Auditor role permits a
service Administrator or Monitor to view sensitive data such as logs. For example,
you can grant a branch-office employee both the Administrator and Auditor roles
for just the Open Systems service being used at that branch. The employee can
then monitor the local service, look at its audit trail, view the network topology files
associated with the service, create Open Systems tickets and edit notifications. The
employee can also look at the service logs, which is helpful for troubleshooting.
To manage the users who work with the Customer Portal, the following Administrator
and Monitor roles exist for two levels – the whole company, or a particular business
unit. Additionally, the Auditor role permits a user Administrator or Monitor to
view the user log files. For example, you can grant a branch-office employee the
Administrator role for managing the user data of the local business unit.
4 Secure SD-WAN service description 2.4 by Open Systems, proprietary open-systems.com
Sign-offSign-off contacts can be defined at the business-unit or company level. Only a
sign-off contact has the authority to approve changes to a service.
Open Systems services are ISO 27001 certified.
©2020 MS, April 16, 2020
5 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Enable secure site-to-site connections.
SD-WAN BaseWAN Encryption and RoutingThe WAN Encryption and Routing feature enables secure site-to-site connections
through the internet, MPLS, VSAT or other WAN transport layers, ensuring that all
traffic between the sites is automatically encrypted and authenticated. Business-
critical data remains secure and the risks of miscellaneous internet eavesdropping
are reduced.
Security hub
Branch office
Branch office Branch office Branch office
Branch office Branch officeBranch office Branch office
Branch office Branch officeBranch office Branch officeBranch office
Branch office
Star topology Partial mesh topology Full mesh topology
Star topology, partial mesh topology and full mesh topology.
The topology of site interconnections is configurable as star, full mesh or partial
mesh. The star topology, also known as «hub and spoke», uses one central switching
point that acts as a security hub. In the full mesh topology, each site is capable
of directly reaching any other site through the logical circuit. The partial mesh
topology, also known as «explicit mesh», does not connect each site to every other
site for practical reasons, but implements a few alternative routes to still ensure
sufficient network redundancy.
Partitioning is used to divide huge virtual networks into parts, and explicit meshing
provides the freedom of selectively connecting any sites according to demand.
Partitioned topology that divides huge virtual networks into parts.
SERVICE DESCRIPTION
• SD-WAN Base
• Application Visibility
• Bandwidth Control
• Path Selection
• Application Optimization
• DNS Filter
Secure SD-WAN Core Functions
Approved for public use.
Branch office
Branch office
Branch office
Branch office
Security hub
Security hub
Branch office
Branch office
Branch office
Branch office
Branch office
Security hub
6 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
The Customer Portal provides the status and usage information about all VPN
connections. Where available, VPN connections are compared with similar links,
and their rating is based on Open Systems customer benchmark data.
The Customer Portal provides the status and usage information about all VPN connections.
The VPN tunnel monitoring statistics show latency, packet loss and traffic volume.
Round-trip time in a VPN tunnel for the last 24 hours.
The core processes in the area of Open Systems services are assessed annually by an independent auditor and results are presented in a SOC 1 report.
7 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
The graphs are available for the last 24 hours, last week, last month and last year.
Packet loss in a VPN tunnel for the last 24 hours.
Routing is either set up as static or dynamic. Routing information can also be
propagated to the local LAN to enhance the network performance within and
between site-to-site services. The routing table in the Customer Portal shows what
networks are reachable over the WAN, which helps analyze routing issues or acts
as a pre-check for the reachability of a location.
Routing table in the Customer Portal.
8 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
On request Open Systems Mission Control can measure the de-facto upload and
download bandwidth (on VPN-connected internet links). This allows a site to verify
the throughput capacity of the ISP line.
Results of real-time bandwidth monitoring from the network toolbox.
DHCP Server
The Dynamic Host Configuration Protocol (DHCP) enables a server to automatically
assign an IP address to a machine. The IP addresses are taken from a defined range
of numbers that are configured for a specific network.
DHCP Server does standalone, local network configuration allocation. It is locally
configured per site and is, therefore, independent of a central security hub or WAN
connection.
Service Delivery Platform with DHCP Server
Branch office
Service Delivery Platform
DHCP response
DHCP request
DHCP Server does standalone, local network configuration allocation.
Proxy auto-configuration, dynamic DNS updates and multiple networks and
network pools are supported.
DHCP RelayDHCP Relay performs centrally defined and locally deployed network configuration
allocation. Local DHCP requests are relayed to the customer’s central DHCP server,
and the answer is sent back to the Service Delivery Platform, which relays it to
the original sender. The delivery of the network configuration is conditional to
a running network connection between the central DHCP server and the Open
Systems Service Delivery Platform. The central DHCP server is usually set up and
maintained by the customer.
Service Delivery Platform with DHCP
Relay
Branch office
Security hub
Service Delivery Platform
DHCP response
DHCP request
Central DHCP server
DHCP Relay performs centrally defined and locally deployed network configuration allocation.
Application Visibility provides an accurate and complete picture of the application landscape on your WAN.
9 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Application VisibilityApplications that perform well are essential to global business. All sorts of
applications constantly compete with each other for network resources, but it is no
longer sufficient to just make the network fast with plenty of bandwidth. Now it is
necessary to find a way of controlling, monitoring, optimizing and governing how
these applications use the network. Additionally, being able to distinguish between
the different types of applications makes it possible to focus on those that are
critical and necessary for business.
Identify, prioritize and monitor the business-critical applications in your network.
10 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Application Visibility provides an accurate and complete picture of the application
landscape on your WAN. You can identify mission-critical business applications
such as SAP, prioritize them and get a direct indicator of how healthy your network
environment is and how it reflects the user experience.
Application Visibility Dashboard in the Customer Portal.
Bandwidth Control is all about traffic – it ensures that your business-critical applications still perform well 24x7 worldwide, even if your WAN links are congested.
11 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Bandwidth ControlBandwidth Control is all about traffic – it ensures that your business-critical
applications still perform well 24x7 worldwide, even if your WAN links are
congested. As not all network traffic situations are the same, your ISPs are grouped
into profiles according to bandwidth, type of link, or link behavior. That way, you
can make profile adjustments so the network reacts faster to your business needs
and so «greedy» applications don’t monopolize the bandwidth.
TopRate=13%
HighRate=13%
MediumRate=50%
LowRate=24%
Rate=25% Rate=75%
1-5 Mbps ISPExamples: 1 Mbps ISP, 3 Mbps ISP, 4 Mbps ISP
TopRate=20%
HighRate=30%
MediumRate=30%
LowRate=20%
Rate=20% Rate=80%
TopRate=12%
HighRate=38%
MediumRate=25%
LowRate=25%
Rate=50% Rate=50%
100 Mbps ISPExamples: 70 Mbps ISP, 100 Mbps ISP, 200 Mbps ISP
TopRate=40%
HighRate=45%
MediumRate=10%
LowRate=5%Rate=60% Rate=40%
High LatencyExamples: 512 Kbps ISP, 1 Mbps Regional ISP, 1 Mbps VSAT, 2 Mbps VSAT
MPLSExamples: 1 Mbps MPLS, 3 Mbps MPLS, 8 Mbps MPLS
Examples of profiles into which ISPs can be grouped and their priority classes.
To make room for top and high-priority traffic, each profile is split into the following
priority classes: top, high, medium, and low. The minimum guaranteed bandwidth
(rate) and maximum allowed bandwidth (limit) can be configured for all priority
classes and subclasses to ensure best reaction times. The Customer Portal shows
the bandwidth settings as percentages as well as actual values.
Configuration of Bandwidth Control in the Customer Portal.
12 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Bandwidth Control statistics show the throughput in total and by application.
Bandwidth Control statistics in the Customer Portal.
The key statistics show the amount of time that traffic was queued per class for a
given time period, and the amount of time that the throughput per class exceeded
its set rate.
Key statistics for Bandwidth Control.
13 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
A click on a class opens the details that show the subclasses, throughput by
subclass, packet drops and packet queue.
Bandwidth Control details showing throughput of the medium class, followed by dropped packets and packet queue, and more information about the subclasses.
14 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
ISP Lines dashboard
If Bandwidth Control is part of your portfolio, the ISP Lines dashboard is included
to support your capacity planning, so you can check which locations need ISP line
upgrades. All registered ISP lines are shown with key figures such as line availability
and a usage indicator.
ISP Lines dashboard in the Customer Portal.
The Customer Portal shows the statistics for each connected ISP line, no matter
which technology it is based on, for example MPLS and internet. The graph reports
the availability of the ISP line, colored in uptime, downtime, maintenance, and
inactivity. The corresponding ticket is listed if the escalation threshold was reached
and the outage was escalated to Open Systems Mission Control. Customers can
configure escalation notifications to be sent by email or text messages.
Yearly availability statistics for an ISP line.
Path Selection is about how traffic gets from one point to another when multiple paths are involved.
15 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Path SelectionPath Selection is about how traffic gets from one point to another when multiple
paths are involved. Policies define which traffic takes which path and what happens
when a path is no longer usable or has a significant reduction in performance.
Specifying which traffic uses which path.
What happens when a path is no longer available.
What happens when there is a significant reduction in performance.
16 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
As with Bandwidth Control, profiles are used for the configuration. The profiles
allow the same policies to be easily applied to multiple locations.
MPLS
ISP
MPLS
ISP
ISP 2
ISP 1
ISP
Profiles make it easy to group locations according to policy.
Policies are set on a specific profile to determine what happens with the traffic, but
it is still possible to use overrides at a specific location to supersede policies in the
profile applied to that location.
MPLS
ISP
A profile that sets a policy at large sites for Skype-for-Business traffic to use MPLS, while Office 365 and Salesforce use the internet.
17 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
The statistics for Path Selection are integrated into the application visibility
statistics.
Application visibility information that shows the Path Selection statistics.
Make applications even faster by helping to reduce their footprint in the network.
18 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Application OptimizationWith everyone connecting on the move, more applications and instant file sharing,
bandwidth can be a problem during peak hours at important locations. Due to
congested lines, packet loss or long latencies, application performance might be
reduced to such a low level that the end-user experience is seriously impacted.
The Application Optimization feature makes applications faster by helping reduce
their footprint in the network because more data can be sent, and in some cases,
accessed quicker. A combination of redundancy elimination and optimization
techniques are used.
Caching, compression, and protocol optimization.
• Caching stores certain data locally and is effective for repetitive user behavior,
Content is identified that is suitable for caching and reduces bandwidth through
block-level deduplication. The cache works for uploads and downloads, and
across protocols. The caching engine uses advanced rolling hash and indexing
techniques to quickly and accurately locate blocks. It transports small block
references in place of the original data. This means a file shared via file transfer
will also be offloaded if the same file is uploaded or downloaded via HTTP, e.g. if
a user requests data already accessed by another user in the WAN, a cached
local copy of the data is sent.
• Compression reduces redundancy in real time. Compressed data is transferred
by using a lossless compression protocol. Up to 50% reduction in data volumes
is achieved for many common uncompressed data types such as XML, Office
documents, database queries, file transfers and many web applications.
• Protocol optimization:
• Reduces HTTP message costs by losslessly encoding lengthy header
information.
• Profits from TCP optimization which uses an adaptive congestion control
algorithm of the WAN link to one that is more suitable for links with high
latency or high levels of packet loss. This allows the throughput to be
maintained at a higher level than if using standard congestion control
algorithms which do not cope well with these types of links.
• Improves the efficiency of the chatty CIFS file sharing protocol by using
read-ahead and write-behind optimizations.
Note: Application Optimization is available for the Enterprise and Enterprise+ packages only.
19 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
DNS FilterThe DNS Filter feature stops malware before it can become active. It inspects every
DNS query passing through the SD-WAN platform. Responses to DNS queries
which resolve disallowed domains are blocked, preventing the response from being
delivered to the client. Similar to URL filtering on the Secure Web Gateway, the DNS
Filter blocks queries according to domain name categories. A policy defines which
categories are allowed, and which categories are blocked. Blacklists and whitelists
allow fine-tuning of the policy, and configurable error pages raise user awareness.
DNS Filtering Log Viewer showing which queries were blocked.
Stop malware before it can become active.
20 Secure SD-WAN Core Functions service description 2.4 by Open Systems, proprietary open-systems.com
Integrated Service ManagementAs an intrinsic part of every Open Systems service, Integrated Service Management
delivers flexible technology, maximum transparency, and around-the-clock network
security and monitoring by a high-reliability organization. Integrated Service
Management closes the gap between security policy and operations, and reduces
complexity. The service fee includes the following:
• Service Delivery Platform: All services run on extendable, industrial strength
hardware for reliable 24x7 operation. The location of the hardware is flexible,
be it on your premises, at a data center or in the cloud. The high availability
option provides continuous connectivity if the hardware fails. Open Systems
best practices ensure that a hardened operating system is deployed, where
only essential tools and utilities are activated and, therefore, cannot lead to
unexpected instability and compromised systems. Open Systems Mission Control
makes sure that a technical configuration, contacts and escalation procedures
are defined, and that all appropriate security-related settings are up to date and
configured correctly.
• 24x7 Operations: Highly skilled certified engineers in Open Systems Mission
Control monitor your systems proactively and react to breaches within the
periods defined in the SLA. The engineers ensure compliance with your security
policy and work according to clearly defined processes in order to review
and perform global changes that are driven by the dynamic needs of your
organization.
After extensive testing procedures, all required security updates and patches
are installed on a regular basis, always keeping the systems up to date. The
device is capable of booting different releases, which facilitates an effective
fallback and rapid recovery if required. All environment-specific configurations
are automatically generated, based on the configuration database operated by
Open Systems Mission Control. This is an essential part of an efficient disaster
recovery process because it makes it possible to generate and reinstall an
identical configuration in a very short time.
• Open Systems Customer Portal: The state-of-the-art web portal makes it
easy to communicate with Open Systems Mission Control. The portal provides
transparency over your network and applications in real time, including reports
and tools that support the implementation and management of global IT security
and availability.
For more information, see the «Integrated Service Management» service description.
Open Systems services are ISO 27001 certified.
©2020 MS, April 16, 2020
21 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
Distributed firewalls reflect both the local demands of single sites and global filtering requirements.
A distributed firewall policy is defined centrally and is automatically installed and
updated on multiple sites. The policy enforces granular, customer-specific filter
rules. Uniform firewall rules can thus be set up at every site of an organization and
can include flexible site-specific rules where needed. It includes a stateful packet
filter that protects the site from the internet and filters the traffic according to the
active modules. For example, a service can include all filter rules that protect the
site from the internet and also the rules that allow users to surf through the proxy.
Maintained by local IT
Managed by global IT
Local deployment
Global policy
Local
Local
Local
Ideal balance between security and operability. Global IT defines a global corporate security policy. Local IT maintains and updates local firewall objects.
The network resources of the distributed firewall policy consist of internal and
external components. All internal components are modeled with distributed
firewalls, and are the network resources that are under your control. For example,
they can be the IP address of an internal web server, the external address for a
web server, an internal LAN network or a dynamic IP group that represents all local
networks of all sites in the WAN. External resources can be, for example, the IP
addresses of the Bloomberg servers.
Distributed firewalls reflect both the local demands of single sites and global filtering
requirements. The process of setting up a global firewall policy is as follows: first
the global network is segmented into different security zones.
Production
Internet
LAN WAN
1. Zoning: The global network is segmented into different security zones.
SERVICE DESCRIPTIONThe Firewall protects an
organization’s network servers
and end-user machines by
filtering traffic from both
the internal network and the
internet. The firewall offers
several major advantages for
corporate security, such as
central management, logging
and access-control granularity,
which make it easy to deploy a
corporate security policy.
Firewall
Approved for public use.
22 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
For each zone transition, the policy is defined: drop, reject, or accept. For example,
general communication from the LAN to the internet is rejected.
LAN
Production
Internet
WAN
2. Zone transition policy: For each zone transition, the policy is defined: drop, reject, or accept.
Firewall rules are implemented whenever an exception from the general zone
transition policy is needed. For example, using Skype from the LAN to the internet
is allowed. Firewall rules can be defined for IPs, DNS names, protocols, ports and
applications.
Production
Internet
LAN WAN
3. Firewall rules: Firewall rules are implemented whenever an exception from the general zone transi-tion policy is needed.
Firewall objects or groups for global rules can be defined (per location). Hence,
each local administrator can advise which IPs or network segments belong to a
certain group (for example the local print servers). All the standard services will
automatically be working through the implemented global firewall rules.
Production
Internet
LAN WAN
4. Object/Group definition Firewall objects or groups for global rules can be defined (per location).
The core processes in the area of Open Systems services are assessed annually by an independent auditor and results are presented in a SOC 1 report.
23 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
The use of dynamic IP group objects and dynamic install targets reveals the full
power of distributed firewalls. They allow you to define network resources at an
abstract level and avoid manual and error-prone listing of network elements. Every
new site that is joined to the WAN automatically becomes part of a firewall and is
immediately compliant with the security policy.
Dynamic IP group name Description
LAN / DMZ network The LAN or DMZ network of the site
(network at a specific interface)
Site networks All networks of the site
(everything behind all internal interfaces)
Customer WAN The set of networks that build the customer WAN
External interface IP address IP address of the external interfaces of the site
Install targets of distributed firewall rules can be defined based on the location in
the WAN or presence of modules. The following table lists the installation conditions
that can be defined. A rule is only applied at a specific site if the installation criteria
are fulfilled.
Context Description
Running module x Installation if a certain module is subscribed
In country x Installation if service is in a certain country
Being in VPN partition x Installation if service is in a certain VPN partition
Log ViewerThe Firewall Log Viewer shows the firewall logs in real time and it is possible to filter
by a specific port, IP address, rule ID or interface, as well as by protocol or action.
Firewall Log Viewer with filter criteria for searches.
24 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
Rules, configuration, distributed policy and ticketsThe configuration for the Distributed Firewall is available in the Open Systems
Customer Portal. It shows the current firewall policy, routing table and interface
configuration. It is also possible to view previous versions of the distributed firewall
policy.
The current firewall policy shows the rulebase and is fully auditable
Each distributed firewall rule is linked to the corresponding tickets, showing
timestamps, detailed descriptions and the complete course of events. If you
double-click on a rule, the additional context information is shown.
Each rule is linked to the corresponding tickets. .
25 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
DNS objectsThe network and application landscape changes rapidly – especially the introduction
of cloud applications results in high dynamics, making it cumbersome to use filters
based on IP addresses. In such cases, it is preferable to create filter rules based
on an application‘s domain name. The firewall makes it possible to create filter
rules based on DNS objects, allowing access to applications even if the application
server changes or adds additional IP addresses. To provide a reliable resolution
and be capable of dealing with DNS load balancing and GeoIP, it is crucial that the
preceding DNS traffic passes through the firewall so that the service dynamically
learns the relevant IP addresses for a connection and remembers them until the
TTL value of the DNS record expires.
The following figure shows a rule with DNS objects in the destination section.
Wildcards are possible, e.g. *.office.com applies to all subdomains of office.com.
A rule with DNS objects in the destination section.
26 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
Virtual Packet TrackerThe Virtual Packet Tracker tool makes it possible to track a virtual packet through
the firewall. The tool shows how the packet is routed and how it is handled by the
firewall policy.
The Virtual Packet Tracker shows how the packet is routed and handled by the firewall policy.
Integrated Service ManagementAs an intrinsic part of every Open Systems service, Integrated Service Management
delivers flexible technology, maximum transparency, and around-the-clock network
security and monitoring by a high-reliability organization. Integrated Service
Management closes the gap between security policy and operations, and reduces
complexity. The service fee includes the following:
• Service Delivery Platform: The service runs on extendable, industrial strength
hardware for reliable 24x7 operation. The location of the hardware is flexible,
be it on your premises, at a data center or in the cloud. The high availability
option provides continuous connectivity if the hardware fails. Open Systems
best practices ensure that a hardened operating system is deployed, where
only essential tools and utilities are activated and, therefore, cannot lead to
unexpected instability and compromised systems. Open Systems Mission
Control makes sure that all appropriate security-related settings are up to date
and configured correctly.
• 24x7 Operations: Highly skilled certified engineers in Open Systems Mission
Control monitor your systems proactively, ensure compliance with your security
policy and work according to clearly defined processes in order to review
and perform global changes that are driven by the dynamic needs of your
organization.
27 Firewall service description 2.3 by Open Systems, proprietary open-systems.com
After extensive testing procedures, all required security updates and patches
are installed on a regular basis, always keeping the systems up to date. The
device is capable of booting different releases, which facilitates an effective
fallback and rapid recovery if required. All environment-specific configurations
are automatically generated, based on the configuration database operated by
Open Systems Mission Control. This is an essential part of an efficient disaster
recovery process because it makes it possible to generate and reinstall an
identical configuration in a very short time.
• Open Systems Customer Portal: The state-of-the-art web portal makes it easy
to communicate with Open Systems Mission Control 24x7. The portal provides
transparency over your network and applications in real time, including reports
and tools that support the implementation and management of global IT security
and availability.
For more information, see the «Integrated Service Management» service description.
Delegated administrationThe Open Systems Customer Portal distinguishes between permissions for
managing services and permissions for managing users.
To work with services, the following Administrator and Monitor (view only) roles
exist for three levels: the whole company, a particular business unit, or a particular
service. Additionally, the service Auditor role permits a service Administrator or
Monitor to view sensitive data such as logs. For example, you can grant a branch-
office employee both the Administrator and Auditor roles for just the Open Systems
service being used at that branch. The employee can then monitor the local service,
look at the audit trail, view the network topology files associated with the service,
create Open Systems tickets and edit notifications. The employee can also look at
the service logs, which is helpful for troubleshooting.
To manage the users who work with the Customer Portal, the following Administrator
and Monitor roles exist for two levels – the whole company, or a particular business
unit. Additionally, the Auditor role permits a user Administrator or Monitor to
view the user log files. For example, you can grant a branch-office employee the
Administrator role for managing the user data of the local business unit.
Sign-offSign-off contacts can be defined at the business-unit or company level. Only a
sign-off contact has the authority to approve changes to a service.
Open Systems services are ISO 27001 certified.
©2020 MS, January 27, 2020
28Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Secure Web Gateway enforces internet access security policy for all requests in the public internet.
This service provides a proxy server for HTTP and FTP. SSL connections are checked
against the security policy and tunneled through if granted. The company-wide
distribution of the proxy configuration is supported with proxy auto-configuration
(PAC). It stores a configuration file on the proxy server, which is fetched by clients
for dynamic configuration.
Web Gateway Dashboard in the Customer Portal.
Blacklisted entries based on IP addresses, domains, domain names or hostnames
can be customized in the proxy. Additional flexibility and broader configuration
options can be achieved with the URL Filter, introducing category-based access
rules and customizable blacklists and whitelists. Group and port access policies are
granularly definable and assign access rules to groups of network resources such
as IP addresses and ports.
SERVICE DESCRIPTIONThe Secure Web Gateway acts
as an intermediary enforcing an
organization’s internet access
security policy for clients that
request access to resources
located in the public internet.
Depending on the modules
that are activated, it increases
the level of protection of client
machines against malicious
content and restricts access to
URL categories.
Secure Web Gateway
Approved for public use.
29Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
All statistics and operational figures are pulled from the systems and processed at
the time of display. They provide information about performance and utilization,
blocked requests, connectivity errors, top second-level domains or proxy clients,
connectivity error details, and policy violation attempts. Detailed malware statistics
are also displayed if activated.
All statistics and operational figures are pulled from the systems and processed at the time of display.
The built-in load balancing capability of the proxy offers great flexibility to extend
the throughput of web traffic from 10 Mbit/s up to Gigabit speed. The Secure Web
Gateway also offers dual-stack capability, which enables users to reach IPv6 sites
in the internet from an IPv4 network.
The internet browsing policy, defined at a central point and visualized in the Open
Systems Customer Portal, is distributed to all Secure Web Gateway services. This
provides a unique global policy and, therefore, an efficient approach to global
internet access policy enforcement.
The core processes in the area of Open Systems services are assessed annually by an independent auditor and results are presented in a SOC 1 report.
30Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
If users go against policy or are faced with errors, the proxy displays error pages
that inform users in a clear way about what happened, why, and what to do next.
The error pages are configurable and, together with the report link, make it possible
to set up an efficient support process that lowers operations effort.
Example of an error page that informs users about what happened, why and what to do next.
Monthly browser compliance and traffic volume reports provide an overview
of the company’s browser distribution and web traffic, and are tailored to an
executive management audience. The figures are benchmarked against the overall
performance of all Open Systems Web Gateway services worldwide. The reports
are downloadable in PDF and Excel format, giving full portability and reusability to
the statistical data.
Consolidated report for executive management, showing traffic volumes and browser distribution.
31Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
The Customer Portal offers graphical availability statistics of the various services,
showing uptime, ISP outage, maintenance, connection down and inactive states
over time. Every ISP outage or lost connection are listed as well as the corresponding
ticket if a threshold was reached and the issue escalated to Open Systems Mission
Control.
Service availability statistics in the Customer Portal.
The Customer Portal features a log viewer that allows authorized personnel
to display and access log information either in real time or based on historical
data. It offers detailed data about every web request, including scanned HTTPS
connections, which gives insight into each step that a request takes when passing
through the proxy. The filterable output displays information relevant to a particular
browsing session and, therefore, supports an organization’s staff in locating internet
access issues reported by their users.
32Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
The log viewer also consolidates the log of the load balanced proxy clusters. For
URL filtering, the log viewer shows the category of each URL. Additionally, the
logged names and group memberships of authenticated users give a brief overview
about which group policy was applied.
The Log Viewer allows authorized personnel to display and access log information either in real time or based on historical data.
The log files can be delivered using secure copy (SCP) or file transfer protocol
(FTP) in customizable and periodic time intervals. Syslog forwarding continuously
forwards the syslog entries as soon as they are available on the proxy.
33Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
A powerful utility for network traffic capture is available to employees with audit
privileges. They can follow the high-level packet information directly in the live view
or download the PCAP file to inspect it on their computers in more detail and get a
better idea of the traffic that passes through the Secure Web Gateway.
Network traffic capture utility that is available to selected employees with audit privileges.
34Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Ever wondered how a proxy handles a specific request to a website? The URL
Tracker will show you every step of a request through the proxy. This lets you easily
verify which group policy gets applied and which decisions and actions the proxy
takes.
The URL Tracker shows every step of a request through the proxy.
35Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
User AuthenticationSecure Web Gateway is available with the following protocols to authenticate
users, and grant or disallow internet access:
• Kerberos is a security protocol that provides mutual authentication by
establishing session keys between two entities with the help of a trusted third
party and symmetric cryptography. It is based on the Needham-Schroeder
protocol and is widely used in Microsoft Windows domain environments
without being limited to specific architectures. Kerberos is the most secure and
reliable of the generally available authentication protocols for integrated proxy
authentication.
The Kerberos authentication method uses Kerberos v5, typically supported by
Microsoft Windows 2000 and newer. Kerberos can seamlessly authenticate a
supported client (integrated authentication) against the Secure Web Gateway
by making use of an organization’s Active Directory infrastructure. The
authentication takes place within the HTTP conversation with the help of the
SPNEGO mechanism (HTTP Negotiate).
• The LDAP authentication method uses the LDAP protocol. LDAP can
authenticate a user against the Secure Web Gateway by making use of an
organization’s LDAP infrastructure. The user is presented with a pop-up
window that requests the user credentials. Authentication is done by a bind
operation to the LDAP directory. Internet policy memberships can be assigned
to a user, based on LDAP group attributes.
Additional Internet PolicyAn additional internet policy creates a new set of Secure Web Gateway configuration
parameters (group policy) that can be used on every Open Systems Web Gateway.
This is used to distinguish malware protection, URL filtering and SSL scanning for
different departments or groups of people.
Policy mapping for different departments or groups of people.
The assignment is either based on the client IP address or the Active Directory/
LDAP group if used in conjunction with the Distributed Proxy Policy module.
36Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Malware ProtectionThis feature performs malware protection with protocol scanning technologies for
HTTP and FTP. It uses a combination of several filters to detect both known and
unknown malware.
Configuration options for specific characteristics of internet browsing traffic such
as archive handling policies and media type filters can be defined and are visualized
in the Customer Portal.
Configuration options for specific characteristics of internet browsing traffic.
The following figure shows the configuration for media type filters, including
skipped and blocked media types as well as blocked extensions.
Configuration of media type filters defining skipped and blocked media types, and blocked extensions as part of Malware Protection.
37Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Malware Protection provides additional proxy functionality with an FTP proxy. This
enables FTP access for native FTP clients. SSL connections are checked against the
security policy and are tunneled through if granted.
Real-time malware protection reports are available online in the Open Systems
Customer Portal.
Blocked malware types and their frequency in one month.
Executive management reports are automatically generated on a monthly basis
and summarize the logs of all Malware Protection modules operated by Open
Systems Mission Control. They give an excellent overview of the top and last viruses
including the change from the previous month.
Executive management report showing the monthly statistics for Malware Protection.
38Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Advanced Malware ProtectionAdvanced Malware Protection in the Web Gateway detects malware by using
artificial intelligence concepts. The basis for the feature is a global, cloud-based
system that provides state-of-the-art, dynamic file classification.
UserSecure Web
Gateway
Real-time lookup in the cloud with artificial intelligence
Downloaded files
10’000virus strains added every day
6’000file properties for statistical analysis
100’000’000participants updating regularly
200’000suspicious files scanned daily
State-of-the art classification of binary and executable files in real time.
A real-time lookup is performed in the cloud to check whether the downloaded
files contain known malware. Unknown executables or binary files are uploaded to
the cloud and then analyzed for similarity to other malware variants. Consequently,
rapidly evolving malware can be tracked and blocked in real time. As Advanced
Malware Protection is done in the cloud, it becomes impossible for malware authors
to test their new malware against existing signatures.
Advanced Malware Protection makes use of a self-teaching platform that implements
machine learning to quickly analyze and classify unseen software. Extraction of
several thousand file properties are used for the dynamic classification that greatly
benefits from the collective intelligence gained from more than 100,000,000
participants who regularly upload malicious and benign files to the cloud-based
system. This approach makes it possible to detect and block advanced threats
such as CryptoLocker ransomware. Due to prior fingerprint checks, there is no
significant use of extra bandwidth.
While behavioral analysis by a standard sandboxing solution adds considerable
delay, Advanced Malware Protection classifies a file within seconds. With real-time
analysis there is no gap in protection until pending signature updates are applied.
URL FilterThe URL Filter enforces an organization’s internet access policy and protects against
risks associated with the employees’ internet use. It reduces legal liability, enhances
web security, increases productivity and preserves bandwidth for business-related
activities.
The URL Filter does category-based content filtering with both predefined and
customizable categories. The predefined categories are managed and monitored,
which provides a comprehensive and proven source of millions of global URLs that
are organized into categories.
39Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
The Secure Web Gateway uses innovative cloud technology for a live update of its
category database. Categories of previously unknown URLs are updated in near
real time. New websites are automatically detected and forwarded to the vendor
for categorization. The newly developed live technology offers zero-hour security
against phishing and malware content. A tool in the Customer Portal makes it
possible to look up URL categories so that recategorizations can be requested.
All web access over the web proxy is checked against Google’s Safe Browsing
database to prevent access to harmful, malicious or phishing websites.
Configuration options for category-based content filtering with predefined and customizable catego-ries and time-based conditions.
40Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Real-time reports display the number of blocked requests that were rejected by the
URL filter, and Google safe browsing, or caught by the malware scanner in one day,
one week, one month or one year – on one host or the whole service. Additional
real-time reports display information about the top blocked categories.
Real-time report about blocked requests in one week on a specific host.
41Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
The monthly executive management report summarizes the total number of
violation attempts and their top five categories. The number of connection requests
and blocked attempts are shown for each category, giving a clear overview of
the category statistics. URL category log consolidation with the proxy server’s
access log can be done on a daily basis before the log files are deposited on an
organization’s log server.
Executive management report for the proxy, which gives a monthly overview of URL filtering.
42Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
SSL ScanningSSL Scanning is an addition to the Malware Protection and URL Filter module.
SSL Scanning applies the existing security and internet usage policy to the HTTPS
protocol and, therefore, enforces an organization’s policy even for encrypted traffic.
It prevents viruses, spyware and Trojans from bypassing the malware protection by
using the HTTPS tunnel, a common and often unprotected hole in the perimeter.
SSL Scanning makes it possible to validate server certificates and define customized
actions to be taken for not fully trusted certificates. Depending on the policy, such
certificates can be allowed, blocked, or the decision can be passed on to the user.
SSL certificate mimicking uses the extensive built-in certificate handling in modern
browsers. Instead of completely hiding a web server’s SSL certificate from the user’s
visibility, certificate mimicking shows the user some critical information about the
original server certificate, which helps him or her decide whether to accept the
server certificate.
The Secure Web Gateway signs server certificates with its own certificate authority,
which is set up during installation. The client machine is required to accept this
certificate authority. Customer representatives manage the certificate authority
acceptance processes.
Example of an SSL scanning policy, which enforces the security policy of the organization even for encrypted traffic.
43Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
All connections with client certificates need to be tunneled through without
scanning.
Example of a configuration for trusted certificate authorities.
Web Traffic TapAs the majority of web traffic is encrypted, network security monitoring solutions
have limited visibility. In combination with SSL Scanning, the Web Traffic Tap closes
the blind spot and provides full visibility of all proxy traffic including web traffic that
is normally encrypted.
The Web Traffic Tap is a designated network interface on which simulated
connections between the client and server can be passively monitored. The
behavior is similar to what could be observed on the network if a client connected
to a web server, with the difference that decrypted HTTPS traffic can be observed
in plain text. Threat detection solutions are configured to monitor the proxy traffic
on the Web Traffic Tap interface like they would be configured to monitor any other
network traffic.
44Secure Web Gateway service description 2.3 by Open Systems, proprietary open-systems.com
Integrated Service ManagementAs an intrinsic part of every Open Systems service, Integrated Service Management
delivers flexible technology, maximum transparency, and around-the-clock network
security and monitoring by a high-reliability organization. Integrated Service
Management closes the gap between security policy and operations, and reduces
complexity. The service fee includes the following:
• Service Delivery Platform: The service runs on extendable, industrial strength
hardware for reliable 24x7 operation. The location of the hardware is flexible – it
can be it on your premises, at a data center, or set up as a virtual platform in the
cloud. Open Systems best practices ensure that a hardened operating system
is deployed, where only essential tools and utilities are activated and, therefore,
cannot lead to unexpected instability and compromised systems. Open Systems
Mission Control makes sure that all appropriate security-related settings are up
to date and configured correctly.
• 24x7 Operations: Highly skilled certified engineers in Open Systems Mission
Control monitor your systems proactively, ensure compliance with your security
policy and work according to clearly defined processes in order to review
and perform global changes that are driven by the dynamic needs of your
organization.
After extensive testing procedures, all required security updates and patches
are installed on a regular basis, always keeping the systems up to date. The
device is capable of booting different releases, which facilitates an effective
fallback and rapid recovery if required. All environment-specific configurations
are automatically generated, based on the configuration database operated by
Open Systems Mission Control. This is an essential part of an efficient disaster
recovery process because it makes it possible to generate and reinstall an
identical configuration in a very short time.
• Open Systems Customer Portal: The state-of-the-art web portal makes it easy
to communicate with Open Systems Mission Control 24x7. The portal provides
transparency over your network and applications in real time, including reports
and tools that support the implementation and management of global IT security
and availability.
For more information, see the «Integrated Service Management» service description.
Service Delivery Platform Options10-Gigabit InterfacesThis option provides two concurrent 10-Gigabit connections. The following
enhanced small form-factor pluggable (SFP+) fiber optical transceivers are
included in the price:
• 10GBase-SR (850 nm wavelength) LC connectors
• 10GBase-LR (1310 nm wavelength) LC connectors
Note: This option is available for Platform Node L. The minimum throughput of the service applies. Higher throughput cannot be guaranteed and is provided based on best effort.
Open Systems services are ISO 27001 certified.
©2020 MS, January 27, 2020
45 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
NDR closes the gap between traditional detection by aggregating enterprise-wide security sensor capabilities.
In today’s world, a breach is inevitable and will eventually happen to every company or
organization. Network Detection and Response closes the gap between traditional
detection combined with security monitoring and costly SIEM/SOC solutions by
aggregating enterprise-wide security sensor capabilities and providing a unified
presentation layer that shows the full scope from management-friendly global risk
scores to packet-level details.
Focus on detectionThe NDR finds compromised systems quickly and enables efficient analysis and
response. The service provides a holistic view of which hosts behave suspiciously
in a monitored network by assigning a threat score to each of them. Contrary to
conventional detection systems, Network Detection and Response is built around
and focuses on the security of end users rather than on individual events.
A combination of protocol and signature inspection methods are used to analyze
network traffic and detect network threats, making it possible to respond to suspected
intrusions quickly. Due to multilayer event processing by a central correlation unit,
the generated alerts have maximum relevance in the security context.
No more blind spotsIt is crucial to gain visibility into all network segments that pose a risk to your company
if compromised. The implementation of Network Detection and Response on all your
network nodes gives you a fine-meshed sensor network and eliminates your blind
spots.
If Secure Web Gateway is part of your portfolio, the Web Traffic Tap allows you to
monitor even encrypted web traffic.
WorkflowManaged NDRFor Managed NDR, engineers at Open Systems Mission Control perform a triaging
process on high threat-score hosts to provide an initial classification of the
alerts based on contextual information and event analysis. Host alerts classified
as «suspicious» are escalated to you for verification and further action, while
«uninteresting» or «imprecise» alerts are kept away from your analysts and resolved
by Open Systems Mission Control.Threat DetectionWith
Managed Threat Detection Customer
Start investigation
Classification: Uninteresting
Classification: Suspicious
Triage
Process feedback
Host alert
Learning End investigation
Managed NDR: Open Systems engineers perform the triaging process.
Managed NDR is available for the Enterprise Plus package of Secure SD-WAN, or as part of Managed Detection and Response (MDR).
SERVICE DESCRIPTIONNDR finds compromised
systems quickly and enables
efficient analysis and response.
Network Detection and Response (NDR)
Approved for public use.
46 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
Unmanaged NDR In this scenario, you manage the triaging process internally. Your analysts can
access detailed contextual and event information for their analyses.Threat DetectionWithout
Managed Threat Detection Customer
Start investigationHost alert
Learning End investigation
Unmanaged NDR: You are in charge of your triaging process.
ComponentsNDR consists of three main components: sensors, threat scores, and the dashboard
and Security Center in the Open Systems Customer Portal.
Monitored host Threat score
Dashboard and Security Center
Sensor
Sensor
Sensor
Main components of NDR.
• Sensors monitor the network, match traffic against their signature base, and
generate events upon a match.
• Threat scores indicate whether an infection and/or malicious or unwarranted
behavior is likely. A threat score is assigned to each monitored host.
• Dashboard and Security Center provide a real-time overview of the global
threat scores allowing you to drill down to the host details and further down to
the single event details.
The core processes in the area of Open Systems services are assessed annually by an independent auditor and results are presented in a SOC 1 report.
47 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
Threat scoreThe threat score is the fundamental concept and metric behind Detection and
Response. It consists of a single metric between 0 and 10, and provides an indicator
of the likeliness of an infection and/or malicious or unwarranted behavior. A threat
score is assigned to each monitored host.
The host threat score is determined by the most critically scored event for that
host. Focusing on hosts rather than single events makes it possible to get better
leverage of contextual information about the host, including historical behavior or
related events. The inherent prioritization of hosts based on threat scores allows
every company – no matter how much security personnel is available – to focus on
analyzing the hosts with the highest threat scores first.
The threat score is the fundamental metric behind NDR.
Factors that increase or decrease the threat score:
• Categorizing a host or events will directly update the threat score of a host. The
system assumes that after a categorization the host is tracked internally, and
past events no longer attribute to the most current threat score. Categorizing
events or hosts also increases or decreases the impact on future threat scores
depending on the selected category.
• Creating whitelist entries and filter rules will directly influence the threat score
of future events and originating hosts. For example, if an event filter with action
«log» is created, corresponding events will no longer trigger a high threat score.
48 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
DashboardThe world map in the dashboard shows the location of monitored hosts and their
sensors with threat scores in the high, moderate and low threat levels. A sensor is
listed as high if it monitors a host that currently has a high threat score. The metrics
can be used as an indicator of the threat observed for a specific location or the
company as a whole.
World map in the dashboard shows the location of the hosts and sensors as well as their threat levels.
49 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
Security CenterA click on a sensor in the Threat Protection widget on the starting page of the
portal opens the Security Center with key statistics for the sensor, and an overview
of all suspicious hosts monitored by the sensor.
Security Center in the Customer Portal.
A monitored host can have four different threat levels:
• High: The host triggered events which are highly indicative of an infection and/
or malicious behavior. It should be closely monitored and the root cause for
triggering these events analyzed.
• Moderate: The host triggered events which lead to a moderate threat score and
thus should be prioritized over hosts with a low threat score. You may choose to
investigate such hosts internally depending on your security policy.
• Low: The events that were triggered by this host lead to a low threat score
and thus have low security relevance. These events are usually not related to
infections but may still indicate noteworthy behavior of hosts. A typical example
are policy violations.
• None: No events were triggered for the monitored host. The threat score is zero.
50 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
Host detailsA click on any of the monitored host links listed under the three threat levels opens
the host details, which include events triggered since the last categorization,
traffic patterns for the host and its history regarding previous threat scores and
investigations. The information serves as the basis for analysis by your operations
team or by Open Systems Mission Control whenever there is a host alert.
SECURITY EVENTS tab of the Host Details page.
The HOST INFORMATION tab of the Host Details page shows more statistics about
the host.
HOST INFORMATION tab of the Host Details page.
51 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
The HISTORY tab of the Host Details page shows what happened to the host in
the past.
HISTORY tab of the Host Details page.
Investigation CenterThe Investigation Center can be thought of as a company-internal «to do» list for
hosts that are marked for investigation. It allows you to track the most pressing
threat indicators and helps specify tasks outside of Open Systems ticket handling.
Investigation Center for internal tracking at your site.
52 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
Log viewerThe log viewer in the Open Systems Customer Portal provides an overview of all
logged threat detection events. It offers powerful functionality to categorize groups
of events in just a few mouse clicks.
The log viewer provides an overview of all logged threat detection events.
To focus on the events that are currently important to you, it is possible to filter the
event log by various criteria, such as signature, IP address or status. Additionally,
it is possible to choose between four types of events: All, New, Pending and
Categorized. By default, the new events of the past week are shown. The list of
events can be grouped by signature, conversation, source or destination, or it can
be ungrouped. A double-click on an event or event group shows more information
about it by drilling down to a deeper level.
ReportingOpen Systems Mission Control issues a monthly NDR report that focuses on an
executive management audience. On the introduction and summary page, the
event occurrences and event categories are compared with previous months, so
that trends are visible.
53 Network Detection and Response (NDR) service description 2.3 by Open Systems, proprietary open-systems.com
Service Delivery Platform Options10-Gigabit InterfacesThis option provides two concurrent 10-Gigabit connections. The following enhanced
small form-factor pluggable (SFP+) fiber optical transceivers are included in the price:
• 10GBase-SR (850 nm wavelength) LC connectors
• 10GBase-LR (1310 nm wavelength) LC connectors
Note: This option is available for Platform Node L. The minimum throughput of the service applies. Higher throughput cannot be guaranteed and is provided based on best effort.
Open Systems services are ISO 27001 certified.
©2020 MS, April 7, 2020
1 Unified Threat Protection service description 2.4 by Open Systems, proprietary open-systems.com
By protecting against the two dominant attack vectors, the risk of becoming infected is dramatically reduced.
Most of the successful cyberattacks start with browsing a compromised website, or
receiving a malicious email. By protecting against the two dominant attack vectors,
the risk of becoming infected and of financial and reputational damage caused by
a successful cyberattack is dramatically reduced.
Attacks coming in via web browsing or email most often include communication
between an end user and a malicious entity in the internet. This entity is usually
a URL (evil.com/downloadvirus.js), a domain (badguy.org), or an IP address
(66.66.66.66). Blocking access to such entities stops malware from being installed,
or fraud from happening.
Threat Protection Dashboard in the Customer Portal.
Unified Threat Protection aggregates different third-party databases and threat
intelligence feeds which deliver known malicious URLs, domains, and IP addresses
in real time. These feeds combine information from millions of end users and
devices to classify the URLs and domains.
The service consists of selections of threat intelligence feeds of different focus that
are consumed by the subscribed Open Systems services. The selections consist of
commercial as well as open source feeds and are consumed on all Open Systems
services where meaningful. The current coverage is for Secure Web Gateway, DNS
Filter and Secure Email Gateway.
SERVICE DESCRIPTIONUnified Threat Protection is
available for the following
services in Secure SD-WAN:
• Secure Web Gateway
• DNS Filter
• Secure Email Gateway
Unified Threat Protection
Approved for public use.
2 Unified Threat Protection service description 2.4 by Open Systems, proprietary open-systems.com
Extensive reporting capabilities contain geographical overviews, reporting by
category, and reporting by Open Systems service that blocked the access, including
drill-down capabilities.
The used threat intelligence feeds are curated by Open Systems engineers and
security specialists to always have a powerful and first-class quality set of feeds
covering different attack vectors from various threat intelligence vendors.
Integrated Service ManagementAs an intrinsic part of every Open Systems service, Integrated Service Management
delivers flexible technology, maximum transparency, and around-the-clock network
security and monitoring by a high-reliability organization. Integrated Service
Management closes the gap between security policy and operations, and reduces
complexity. The service fee includes the following:
• 24x7 Operations: Highly skilled certified engineers in Open Systems Mission
Control monitor your systems proactively and react to breaches within the
periods defined in the SLA. The engineers ensure compliance with your security
policy and work according to clearly defined processes in order to review
and perform global changes that are driven by the dynamic needs of your
organization.
After extensive testing procedures, all required security updates and patches
are installed on a regular basis, always keeping the systems up to date. The
device is capable of booting different releases, which facilitates an effective
fallback and rapid recovery if required. All environment-specific configurations
are automatically generated, based on the configuration database operated by
Open Systems Mission Control. This is an essential part of an efficient disaster
recovery process because it makes it possible to generate and reinstall an
identical configuration in a very short time.
• Open Systems Customer Portal: The state-of-the-art web portal makes it easy
to communicate with Open Systems Mission Control 24x7. The portal provides
transparency over your network and applications in real time, including reports
and tools that support the implementation and management of global IT security
and availability.
For more information, see the «Integrated Service Management» service description.
Quickly detecting and blocking access to malicious entities stops malware from being installed or fraud from happening.
Open Systems services are ISO 27001 certified.
©2020 MS, April 7, 2020