CHALLENGE ARCHANGEL 2.0

Started 2 May 2023

Update of the attacks:

Unsuccesfull Attacks

Succesfull Attacks

Visits

ARCHANGEL
THE Inteligent FIREWALL that protects NETWORK DATA DEVICES.

WHY ARCHANGEL?

Because the Outside world is full of danger

App
App

WHAT IS ARCHANGEL© NEXT GENERATION FIREWALL?

ARCHANGEL©2.0 Next Generation Firewall is:

  • A very sophisticate system of protection that includes in a same hardware3 Servers that give you the best protection. They are:
    • • ARCHANGEL© 2.0 Next Generation Firewall (FWNG)
    • • VPN Server that protects all the devices that are connected
    • • Online File Sharing Server (SydeCloud©)
  • Based on a whole new concept of protection against cyber attacks. The fundamental principles on which our defence system is based are ZERO TRUST and MICROSEGMENTATION, as well as the rule that nothing can enter the private network without system authorisation

WHY WOULD ARCHANGEL2.0© NGFW BE BETTER THAN OTHER FIREWALLS?

ARCHANGEL2.0© NGFW uses more advanced technology than traditional firewalls, making it better at identifying and blocking advanced threats. It can also inspect and block traffic based on specific applications, even if they use non-standard ports. This makes it more effective at preventing attacks that other firewalls might miss.

App

WHAT IS THE BENEFIT OF HAVING A FIREWALL, AND OVERALL A FIREWALL OF NEXT GENERATION?

The benefit of having a firewall, and particularly a next-generation firewall like ARCHANGEL2.0© NGFW, is that it helps protect your computer or network from threats that can cause damage, such as stealing your personal information, installing malware, or disrupting your system. This protection can help prevent financial losses, data breaches, and other negative consequences.

TO WHOM IS IT INTENDED?

A next-generation firewall like ARCHANGEL2.0© NGFW is intended for anyone who wants to protect their computer or network from advanced threats. This can include individuals, small businesses, and larger organizations. Anyone who uses the internet should consider using a firewall to protect themselves and their data.

ARCHANGEL© CHARACTERISTICS

The fundamental principles on which our defence system is based are ZERO TRUST and MICRO-SEGMENTATION, as well as the rule that nothing can enter the private network without system authorisation.




  • ZERO TRUST because we do not trust users at any level. Isn't the human factor the weakest part of a security system? The system is therefore designed to give the best security even if the network is potentially subject to human error.
  • MICRO SEGMENTATION in order to limit the devastating effects that an attack could have by circumscribing it to a single sector which is possible because each device is connected separately to the ARCHANGEL VPN server: Each sector of the network is isolated from each other.
  • THE INTERDICTION RULE is exercised by the existence of a succession of filters whose aim is to stop what is likely to harm the different components of the private network.

WHAT DOES IT DO?
  1. 1. DDoS is stopped by our IDS
  2. 2. Blocks Malware: It is impossible to block all the malwares before it enters the network because most of them are new and unknown or hidden. However in ARCHANGEL, because the rule is to stop what is suspicious, our system blocks:
    • • Anything that is still encrypted after passing through the SSL protocol.
    • • Anything that is hidden by obfuscation.
    • • Anything that contains an executable function (that allows a malware or virus to deploy in the network)
    • • Packets that are not signed or with encrypted signature.
  3. 3. Stops Data Leaks: There is a way to try avoiding leakage of data using AI based on the behavior of the users. But we have preferred to give the function to stop any attempt of leaking data to one of our Intelligent Agent whose only function is to scan the packet and block what is not allowed to go out. We know how hackers are doing to Exfiltrate data so when the Intelligent Agent finds that such way is used he will block the packet and the security officer will be able to act knowing the device that is used to send the packet and its destination.
  4. 4. Content Policy Enforcement: Because we make the system, we can adapt the function of our Intelligent Agents to the needs of the establishment.
  5. 5. Intrusion prevention: The rules of the Intrusion Prevention of ARCHANGEL are permanently updated to fight against new threats.

  6. 6. Advanced malware detection: In the system of ARCHANGEL, we do not need to analyze the types of intrusion because the system blocks everything that is suspicious coming from the outside world and anything that is suspicious that could be coming from a device in the private network.

    As we could already point it out, we don’t trust the users so all users are suspicious and all the traffic going inside or outside the network is analyzed by the system.

    All devices in the private network are connected by VPN tunnels to the VPN server located in ARCHANGEL. To reach the VPN server, data must pass through one of the firewalls and be examined by an intelligent agent before reaching another device inside or outside the network.

  7. 7. Application control: With its comprehensive dashboard, the security manager or anyone with authority to access the system can have an accurate view of how the system is reacting to any attempted attack or leak on the network and can react in real time: He has full visibility of the entire system and the network in general and all its parts.
    • • He can decide what to do with data or packages blocked by the system,
    • • He can immediately block the device that is contaminated,
    • • He can implement the policies of the establishment.
  8. 8. No lateral contamination: As each device in the private network is connected to the VPN server, there is no way for one device to be connected to another without going through the firewall and the intelligent agent controlling what enters the VPN server.
  9. 9. VPN server is totally secure:
    • • It is protected by 3 firewalls,
    • • It has an IP Leak Protection,
    • • It has Internet Kill Switch and,
    • • It stores zero log.
    • • It is free of charge.
  10. 10. Automatic update of the firewalls: When a new virus or malware is detected it is the mission of an Intelligent Agent to send its characteristics to Brain One who will analyze them and send to a second Intelligent Agent inside ARCHANGEL the instruction to update the 3 firewalls so they can stop such viruses in the future.
  11. 11. Missions of the Intelligent Agents: The Intelligent Agents are assigned to the task of:
    • - keeping the 3 firewalls and IDS/IPS always updated,
    • - detecting what is suspicious in the packets and scan inside the packets to stop any encrypted data,
    • - detecting the hiding malwares or their executable function and all executable function that could be in a packet,
    • - detecting the packets to stop the leakage of data.
  12. 12. ONLINE FILE SHARING:

    In addition to ARCHANGEL© Firewall of Next Generation, ARCHANGEL Integrate Protection System 2.0 includes SydeCloud©.

    SydeCloud© is the Online File sharing and backup system of PT SYDECO.

    SydeCloud© server is protected by ARCHANGEL Firewall and SST, the system of encryption of PT SYDECO that is no using any key.

    Thanks to SydeCloud, work can be remotely. You can access your data where you are and give access to who you want. A space of 2GB is allocated to each user. There is no third party that intervenes. All your data are secure and stay in your office or in the company. Also, there is no charge when using SydeCloud©.

WHY USING ARCHANGEL2.0© NGFW?


I – TO PROTECT THE INFORMATION SYSTEM:

By creating a private network, Archangel© protects the device from cyber-attacks and prevents lateral spread of virus contamination. Artificial Intelligence embedded in the system gives Archangel the ability to make decisions.

• EACH SECONDARY ARCHANGEL BOX IS GIVING THE SAME PROTECTION AS THE MAIN SERVER
• ARCHANGEL PROTECTS THE DEVICES AND CREATES VPN.

App

II – TO PROTECT THE INDUSTRIAL NETWORK:

The fundamental rule to be observed in interconnections between different networks is PARTITIONING, regardless of the type of network to which the industrial network must be interconnected. The best way to partition a network is to protect it with a FIREWALL, but not with just any firewall. This firewall must in fact be able to withstand increasingly sophisticated attacks, even those carried out from a quantum computer, and must be able to protect the data collected by the installation if it has this effect, and above all it must be unidirectional when it comes to protecting an installation of class 1 or 2.

App

This partitioning must be unidirectional in the case of an installation of class 1 from the industrial system to any other network, including another industrial network of the same company or institution, whether of lower class or of the same class.

CLASS 1: Companies which consist of only one department with a single programmable installation or which have several departments with such installations which are interconnected and for which this installation or these installations constitute(s) the main activity.

This partitioning must also be unidirectional in the case of an installation of class 2 from the industrial system to a public network or to another industrial network of class 3.

CLASS 2: Companies which comprise more than one department and whose connected and/or programmable installations are not interconnected with each other but for which such facilities constitute the principal activity.

The system developed by PT SYDECO, ARCHANGEL OW©, meets all these requirements in that it allows the unidirectional and is completely impermeable to the attacks led even by a quantum computer because its protection and that which it provides are not based on theory of numbers.


III – TO PROTECT THE INDUSTRIAL CONTROL SYSTEMS (ICS) ENDPOINTS’:


ARCHANGEL is part of the ALL-IN-ONE IT Security Solution from PT SYDECO which is a ZERO TRUST ARCHITECTURE designed to prevent cyber-attacks such as Ransomware or data breaches. The ICS endpoints of the SCADA (Supervisory Control And Data Acquisition) or DCS (Distributed Control System) can be protected by the ALL-IN-ONE system developed by PT SYDECO, which will avoid interrupting activities or services for several days.


Talk To Us

PT SYDECO INDONESIA