Firewall services provide monitoring activities including the processing of firewall logs in real time to identify potential security threats. It measures availability and health of the firewall and escalates security and health incidents to initiate remediation. Management activities include troubleshooting and maintenance of the software configuration and rule set.
Application Level Firewall - Can only be sold together with Application Vulnerability Scanning Application Level Firewalls help protects web applications from attacks that aim to exploit vulnerabilities in business critical applications. Threats against the web infrastructure are monitored and escalated in real time for immediate action. The service provides software updates and implements policies that improve threat protection.
- Application Vulnerability Scanning
- Web Application Security Solutions Brochure
Proxy Server Proxy Servers processes client's web requests per a defined security policy. The device is located between the customer's internal network and the internet gateway, and the service forwards the requests to the Internet or denies them. The proxy server provides policy enforcement, user tracking, and caching capabilities. The following modules can be added as plug-ins: anti-virus, anti-spam, and content screening.
Router (Non Standard Offering - Requires Product Council Approval) Router service forwards IP packets and provides connectivity internally and externally with other enterprise networks or the Internet. Service is Limited to Monitoring only. Monitoring and Management requires Product Council approval.
Network Switch (Non Standard Offering - Requires Product Council Approval) The service monitors the switch logs for security events and escalates health and security incidents. Service is Limited to Monitoring only. Monitoring and Management requires Product Council approval.
VPNManages SSL or IP Sec devices which are used to establish, manage, monitor, and terminate VPN tunnels according to a customer defined policy.
Network Intrusion Detection (NIDS)/Prevention (NIPS) System NIPS/NIDS monitors the alerts generated from NIDS/ NIPS sensors located on the LAN segment behind the corporate firewall. Suspicious or malicious traffic can generate alerts and be allowed to pass through or be dropped according to the security policy. The monitoring service analyses the NIDS/NIPS security alerts and performs filtering, classification and correlation to prioritize and escalate security incidents. The signatures of the NIPS/NIDS sensors are kept up to date to maintain a strong security posture. NIDS external sensors are located in front of an Internet facing firewall. The availability of health of the sensor is monitored, alerts are stored, but it does not generate or escalate incidents.
Host Intrusion Detection (HIDS)/Prevention (HIPS) SystemsManaged HIDS/HIPS can be installed on servers and clients to operate at the host level to identify and deny potentially malicious activity. Policies can be unique or grouped together and customer specific thresholds are defined. Two types of escalation services are available: full escalation and threshold escalation:
- Full escalation for servers: security events and incidents are created for each individual HIDS/HIPS agent. Reporting is provided per agent.
- Threshold escalation for servers and clients: sensors with the same policy are grouped together. Each group has a number of specific thresholds defined to detect specific threats that are impacting all members of the group. When a threshold is exceeded, an automated escalation is sent to the customer. Reporting is provided per group.
Unified Threat Management (UTM) or Security Appliance UTM monitors and manages multiple security functions such as Firewall, VPN, IPS, Content Filtering and AV/AS through one device. The service operates in the same manner as the individual security devices.
Email Security Gateway (replaces Gateway Anti-Virus)Email Security Gateway includes anti-virus filter and e-mail encryption functionality. An anti-spam plug-in is available as an option.
Content ScreeningContent Screening is deployed at the Internet Gateway of the network via an appliance or software. It includes scanning and processing of web, e-mail and IM traffic to detect inappropriate content and information leakage defined by the security policy.
Log Monitoring and Management (Replaces Application Log Monitoring and Management)Log Monitoring and Management provides automated and centralized collection, current and historical analysis, comprehensive reporting, secure archiving, and retrieval of logs sourced from operating systems, web servers, database servers, and specific windows applications such as AD, DNS, DHCP.
Load BalancersEncryption and decryption of SSL sessions for secure web applications can be terminated on the load balancer instead of the web server. Load balancers provide an additional layer of security since Internet clients will not directly connect to the end applications, and may have security-specific functionalities like web application and regular firewalling.
Endpoint SecurityEndpoint Security solutions provide several combined protection mechanisms directly to the desktop/laptop using centrally managed "endpoint" agents. The protection mechanisms can provide services such as anti-virus, anti-spam, personal firewall, encryption or mechanisms which control whether or not peripheral devices can be connected to the endpoint (e.g., printers or USB-sticks). An "Endpoint Policy Manager" collects security logs from the various "endpoint" agents and manages centrally common enforced policies.
Advanced Threat ProtectionAdvanced Threat Protection leverages Verizon threat intelligence and FireEye’s Web Security, Email Security, Malware Protection Cloud and Central Management System to:
- Protect against web-borne threats, blended advanced targeted attacks
- Confirm zero-day attacks
- Detect advanced attacks
- Secure against spear phishing
Advanced Threat Protection services based on FireEye devices will help to protect customers against advanced persistent cyber threats. Verizon will monitor specifically for traces of activity of malware that are linked to advanced persistent threats and will provide in-depth knowledge of threat intelligence. The devices will reside inside the perimeter to detect and block indicators of compromise. Customers will benefit from Verizon’s highly experienced and knowledgeable team of security experts and will receive security incidents with actionable intelligence.
File Integrity and Policy Compliance MonitoringFile Integrity and Policy Compliance Monitoring tools are used by organizations to provide configuration control that combines file integrity monitoring with comprehensive compliance policy management to protect, detect, and correct IT systems throughout the enterprise.
- The File Integrity Monitoring component detects and alerts changes to IT files and configurations in real-time across heterogeneous physical and virtual IT infrastructures. It determines if it is an authorized/expected change or one that needs to be investigated manually.
- The Policy Compliance component protects IT infrastructures by assessing the configurations against industry standards, best practices, and internal policies for information security. It applies regulatory-based policies like PCI, NERC and FISMA to security standards like NIST, DISA and CIS. This provides visibility into non-compliant systems and allows for remediation steps to be taken to bring the systems back into compliance.
Refer to Cost Table 4.4 for additional details along with rates and charges.
Please contact your account manager or email us for more information.