THE "ALL IN ONE" IT SECURITY SOLUTION

BY PT SYDECO

ALL-IN-ONE,

THE ULTIMATE CYBER PROTECTION

trough ZERO TRUST ARCHITECTURE

Which

Creates a security perimeter inside an enterprise or any establishment where no actor, system, network or service operating outside or within this security perimeter is trusted.

This ALL-IN-ONE IT Security Solution from PT SYDECO is a  ZERO TRUST ARCHITECTURE (ZTA) * that is based on zero-trust principles and is designed to prevent cyber-attacks such as Ransomware or data breaches and, in the event of an attack, allows the computer network to continue to function by preventing viruses or worms from having any effect and by preventing any lateral contamination within a network.

The ALL-IN-ONE IT Security Solution from PT Sydeco focuses on protecting resources (all data and computing service) of an establishment, such as assets, data, services, workflows, network.

The ALL-IN-ONE IT Security Solution from PT Sydeco protects all enterprise assets (devices, applications, virtual and cloud components) and subjects (end users, applications and other non-human entities that request information from resources).

The ALL-IN-ONE Cybersecurity Solution from PT Sydeco secures all communication , all transfer of data regardless where the network is located.

The ALL-IN-ONE IT Security Solution from PT Sydeco is fully auditable, so the state of the assets as well as the integrity and security posture of all owned and associated assets is observable.

The ALL-IN-ONE IT Security Solution from PT Sydeco, thanks to its MICRO SEGMENTATION ARCHITECTURE ** that isolates segments for reducing the attack surface, is limiting the impact of an attack and preventing any lateral contamination inside the enterprise.

NETWORK SECURITY

The computer network of an enterprise, or of any establishment is protected by ARCHANGEL©, the sophisticated firewall created by PT SYDECO which is one of the components of the ALL-IN-ONE IT Security Solution.

ARCHANGEL© protects servers, computers and other connected objects from cyber-attacks coming from the outside world and prevents any lateral spread of viral contamination within the establishment.

Servers, computers that are in the internal network of a company and that are connected to ARCHANGEL© are themselves protected by SP-One©.

SP-One©, which is another component of the ALL-IN-ONE IT Security Solution, is a program and a system that is creating hermetic secure shelter around the source code or programs that are in use in the computer network of an office, administration, University, or in Cloud and in SaaS.

SP-One© protects servers, programs or source codes against any cyber-attack from the outside world and against those coming from inside a private computer network.

The security of the computer network of the enterprise is enhanced by the MICRO-SEGMENTATION system that ALL-IN-ONE creates. Thanks to this MICRO SEGMENTATION ARCHITECTURE , users can only access the servers they need to work on and after being registered as an authorised user.

It follows that if a user inadvertently or intentionally contaminates his computer, the virus or worm he has downloaded can only attempt to attack the server to which he is connected. And this server is protected by SP-One, so that not only the user will not be able to infect the server to which he is connected but also no other server in the network.

SECURITY OF DATA IN MOTION

All data in move inside the internal network or outside, in the outside world, are protected by SST©, Secure System of Transmission, which is another creation of PT SYDECO, and are conveyed inside a VPN.

SST© protects data by encrypting it without using a key, without the intervention of a third party, using artificial intelligence to do so. SST© also protects all passwords used in the All-IN-ONE IT Security System.

VPN is created by ARCHANGEL and is encrypted by SST©.

This is E2E protection and only the receiver can read the data. Data vanishes if someone tries to intercept it.

SECURITY OF DATA AT REST

The BACKUPS are protected by SP-One and by the LOGIC MICRO SEGMENTATION ARCHITECTURE used by the ALL-IN-ONE system. Finally all data even when at rest, are encrypted by SST©.

SECURITY OF THE INDUSTRIAL CONTROL SYSTEMS (ICS) ENDPOINTS’

ALL-IN-ONE protects the ICS endpoints of the SCADA (Supervisory Control And Data Acquisition) or DCS (Distributed Control System) against the worms such as for example StuxNet, or viruses such as ShaMoon or any Troyes Horses such as BlackEnergy and will avoid interrupting activities or services.

The ZERO TRUST ARCHITECTURE of the ALL-IN-ONE system, by partitioning the company’s networks into sub-systems, namely the corporate network, the control network and the industrial network, which are separated from each other by security devices such as the firewall, ARCHANGEL ONE WAY, reduces the exposure of industrial infrastructures to various threats and sets up a system for increased monitoring of installations and detection of incidents.

Of course, the safety of ICS does not only depend on the material elements of protection but also and above all on the respect of strict policies regulating the access to the installations, their use and the conduct in case of problems.

But, thanks to its ZERO TRUST architecture and the elements that make it up, including ARCHANGEL ONEWAY, or SP-One, there will be no more:

  • Disruptions in the operation of ICS due to blockages or delays in the flow of information,
  • Unauthorized modifications to the system or its deactivation due to unfriendly penetration or unauthorized and malicious instructions and which are of such a nature as to cause enormous human, material or financial damages,

ALL-IN-ONE protects the INDUSTRIAL CONTROL SYSTEMS ENDPOINTS’ as a whole, the servers, the communications networks through which data and instructions pass, the data itself, the terminal and individual components.

Here are some of our clients & business partners

They Trust Us

error: Content is protected !!

*

Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned)” (1.9.3.1 Architecture Description, Department of Defense (DOD) of the United States of America, Zero Trust Reference Architecture, Version 1.0, February 2021 Prepared by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team).

 

**
Micro segmentation - This is the practice of creating logical network zones to isolate segments. These segments are secured by enabling granular access control, whereby users, applications, workloads, and devices are segmented based on logical attributes. This also provides an advantage over traditional perimeter security, as the smaller segments present a reduced attack surface (for malicious personas). In a Zero Trust Architecture, security settings can be applied to different types of traffic, creating policies that limit network and application flows between workloads to those that are explicitly permitted. Segmentation Gateways and API access decision points can limit access on a per identity basis to explicitly allowed API invocations, with allowance granularity down to the "verb" level” (ibid, p. 16).
**
Micro segmentation - This is the practice of creating logical network zones to isolate segments. These segments are secured by enabling granular access control, whereby users, applications, workloads, and devices are segmented based on logical attributes. This also provides an advantage over traditional perimeter security, as the smaller segments present a reduced attack surface (for malicious personas). In a Zero Trust Architecture, security settings can be applied to different types of traffic, creating policies that limit network and application flows between workloads to those that are explicitly permitted. Segmentation Gateways and API access decision points can limit access on a per identity basis to explicitly allowed API invocations, with allowance granularity down to the "verb" level” (ibid, p. 16).