General requirements for information security systems

  • Information security solutions must meet the ability to protect information in many aspects. Information must be available, complete and confidential, at any potential risk.
  • Applying technology is not only concerned with its brand and reputation, but also has to consider the aspect of applying technology to the actual situation, whether it is appropriate and brings real effectiveness.
  • Possibility to expand the feature in the future. Security risks are always developing complexly, so the chosen technology must match the trend of world technology.
  • Choose popular technologies, have many support teams right away, and have a certain number of users.
  • The selected solution and technology must be concerned with management methods, user-friendliness, and easy centralized administration because of large-scale deployment and wide-area networks.
  • The system must meet the requirements at a reasonable cost, reuse the existing equipment, and must ensure the investment value for a long time from 3 to 5 years.
  • The system must use devices (hardware and software) that ensure compliance with international standards, avoid using local technologies (hardware will be difficult to find replacement devices, software will be difficult to develop and integrate with other systems)
  • The information security system can affect the entire information system when there is a problem, so the after-sales support and troubleshooting support of the good brands is also a criterion that is considered by the company

Solution model

  • At the center (HO): equipped with a pair of Next-Gen Firewall running HA (active/passive – number 1 & 2). Aims to control access and protect the entire HO network. And data connection with branches/offices.
  • At the branch (BO): equip each BO with a Next-Gen Firewall device (3 – 4). Besides the protection function, also the routing and connection to the HO.
  • User workstations and servers: equipped with software to protect and prevent malicious code.
  • We centrally managed the entire equipment solution through a single interface–Sophos Central (5)

System security solution

Proposing a solution to protect the system with a multifunctional integrated firewall device, along with advanced protection solutions by cloud computing (Cloud). Integrated solutions will revolve around Synchronized Security technology, unified centralized management through Sophos Central.
 

Sophos XGS Firewall – Next-Gen Firewall

  • Future of controlling users’ access to network resources
  • Prevent outside attacks, prevent intrusion
  • Networking features: Load Balcing, Routing, Bridge…
  • Control internet access, website, content
  • Anti-malware feature
  • Support site-to-site and client-to-site VPN connection
  • Support Synchronized Security to synchronize status between Client and Firewall.
  • Manage firewall through Central Firewall Managemen

Endpoint Protection–Next-Gen Endpoint

  • Next-Generation Threat Protection: Sophos uses a lot of tools to analyze behavior, prevent exploits, and detect malicious traffic to eliminate unknown threats at the root.
  • Application Control: Allows monitoring and preventing the use of applications on their computer, ensuring policy in place
  • Device Control: Limit, control peripheral devices such as USB…
  • Web Control: filtering the web on the user’s computer by actors, preventing downloading of dangerous files such as *.exe, flexibly customizing the time frame.