Security

Building an enterprise-grade network with all the redundancies is great, but all that uptime is for naught if our network can be compromised. We are serious about network security, so it is one of the areas where we focus the most attention. We use a multi-stage defense to ensure our clients’ data is safe.

Perimeter firewalls

On the outside of our network are dual Fortigate200A firewalls that provide stateful packet inspection, IPS, and VPN tunneling for remote connections. We use only the best firewalls to defend from all common threats and denial of service attacks. We could have gone with a cheaper solution or with just a single firewall, but that could have left us with a single point of failure or a firewall that could buckle under attack. We are not willing to accept that kind of risk.

Security Monitoring

Sitting right behind the firewalls is the NSA-S10, winner of SC Magazine’s Best Buy Award for managed security services. The NSA-S10 managed intrusion and detection/prevention service detects anomalous, inappropriate, or other unauthorized data attempting to enter our network.  The system also captures and inspects all network traffic, regardless of whether it's permitted or not.  When harmful or potentially harmful traffic is detected—at either the IP or application level—protective actions are automatically triggered.  This service has the ability to detect and block more than 18,000 attack signatures. The system is automatically updated with new rules as new threats are identified.  This device is then backed up by a team of security experts that monitors our network 24/7.  Any anomaly is reported and responded to by a live person within 30 seconds. The bad guys don’t sleep and neither do we. With The Kotter Group, your data is protected by the following:

• Comprehensive attack prevention: Prevents buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, backdoors, Trojans, and operating system and application system vulnerabilities, DDoS clients, and much more.
• Zero-day protection: Signatures are rapidly developed and deployed by the Security Alert Team, usually within minutes of an attack being registered anywhere on the Internet.  If a machine is hit with a new threat in Bora Bora, we have the patch on our system within minutes.
• Attack capture and forensics: Captures attack packets in their human-readable form from the offending IP address in a hierarchical directory structure and stores payload on encrypted security server for future analysis or prosecution.
• Stealth mode deployment: Deploys as a "passive trap" to record and report on the presence of unauthorized traffic such as NFS or Napster connections.
• Defends against the inside threat: Detects incidents originating from inside and outside the network perimeter.
• Anomalous Traffic Pattern Detection: Creates a trouble ticket for investigation and follow-up if a host on the network exceeds average usage patterns.

In short, we have multiple safeguards in place to make sure nothing is running that should not be. No one can download and launch malware, spyware, or viruses on our network. The security analysts working in our state-of-the-art Security Operations Center (SOC) monitor both our network and the global threat environment 24x7x365, continually beefing up security so that your data is always protected. 

Proactive testing & reporting

We not only monitor for attacks and data loss, we also proactively monitor everything inside our network as well as any public-facing external parts of our network.  Every hour we launch a trial attack against our network for over 18,000 known threats, just to make sure we have no holes in our defenses. Does this work? We use the same service that the U.S. Army, Navy, and Marines, Lockheed Martin, Raytheon, NYCE, and many others use to monitor their networks. If this system is effective enough to secure the U.S. military grid, it is certainly effective enough for your data.

File lockdown

While monitoring and security testing are critical, another important component is system lockdown. To prevent the use of unknown or unwanted applications within a network,  we only allow specific applications to run on our network. This provides security protections as well as the following operational and compliance benefits:

• Keeping unlicensed software from running in our desktop environment
• Preventing vulnerable, unauthorized applications (malware) from running in our network.
• Stopping users from running applications that needlessly consume network bandwidth or otherwise impact the enterprise computing environment
• Preventing users from running applications that destabilize their desktop environment and increase helpdesk support costs
• Allowing  approved applications and software updates based upon business needs

If an executable is not on the list of approved applications, or if an application that is attempting to launch does not match the MD5 checksum comparison of the real executable, it is shut down.  On other networks, any user can download any file off the Internet and run it. This would allow a disgruntled employee who knows nothing about computers to use Google, download a pre-made attack and then wipe out all your data or log all key strokes and obtain everyone’s passwords. On The Kotter Group’s network, however, only those core files that are needed are allowed to run. We also use complicated security protocols to ensure that only the real file is run. For example, someone cannot upload any program that just happens to be called word.exe and expect it to run on our network. This protects everyone.

Physical Security

Our data center maintains rigorous physical access control to facilities and customer cabinets. We employ three-factor authentication with badge, pin pad, and biometrics to enter our facilities. To avoid social engineering, the data center keeps secret questions and answers for administrative contacts filed. If an administrative contact is not physically present to verify identity, we prompt them with challenges and responses. Our core routing and power infrastructure is restricted to a small subset of personnel according to the principal of least privilege. We use state-of-the-art electronic camera surveillance, which is under constant review both in our local market and by our centralized support teams. James Bond could not get into our primary data center without authorization. Your data is safe here.

Summary

The bottom line is that we have secured our network with the latest in proactive security defenses and lockdown file execution. We monitor and report everything and have the historical and current reports to prove how secure our network is.