Integration &
Managed Security Services
Boundary Defence
For boundary defence network firewalls are deployed to secure traffic bidirectionally across networks. Although the firewalls are primarily deployed as hardware appliances, Black Cell is increasingly deploying virtual appliance firewalls, cloud-native firewalls, and firewall as a service (FWaaS) offerings hosted directly by us. Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
Capabilities of the next-generation network firewalls in Black Cell’s portfolio include:
- Application awareness and control
- Advanced malware detection
- Content filtering (URLs and data)
- Intrusion detection and prevention
- Logging and reporting
- Remote access and Site-to-Site VPN solutions
- SSL traffic decryption and inspection
Recommended solutions
To ensure seamless planning, implementation, and operations, Black Cell offers tailored professional services with Palo Alto Networks and Sophos next-generation firewalls. These solutions provide comprehensive protection for your network boundaries, allowing you to focus on your core business activities.
Palo Alto Networks Strata
Black Cell offers the latest in next-generation firewall technology with Palo Alto Networks Strata. Next-generation firewalls combine the capabilities of previous firewalls with additional features like application awareness, intrusion prevention, deep-packet inspection, and more. Palo Alto Networks Strata provides all these capabilities in a single-pass architecture that reduces performance impact.
Data logs
With data logs that machine learning can use to analyze telemetry data, Palo Alto Networks Strata provides accurate device discovery and risk assessment with native policy enforcement, reducing the need for deployment of additional sensors beyond the NGFWs. The IoT Security app provides policy recommendations for safer IoT device behavior, saving time, reducing human errors, and facilitating the security of IoT devices.
ML-powered NGFW
With ML-powered NGFW, Palo Alto Networks Strata offers tightly integrated functionality that enables consistent protection. It allows you to prevent known threats, proactively stop unknown threats, gain network-wide visibility (including IoT devices), and reduce errors with automatic policy recommendations. ML is embedded into the core of the NGFW to prevent all known threats, while AI and ML analyze potential unknown threats in the cloud to determine whether they are benign or malicious. As soon as protections are available, Palo Alto Networks instantly makes them available as signature updates to all NGFWs worldwide.
Flexible deployment options
Palo Alto Networks Strata offers flexible deployment options through a common operating system, PAN-OS, across the NGFW series of products. The PA-Series firewalls are physical appliance ML-powered NGFWs that offer feature parity across the range, with multiple models available to meet your requirements for size, scale, and connectivity. The VM-Series firewalls are virtualized form factor ML-powered NGFWs that you can deploy in a range of cloud and virtualized use cases. The CN-Series firewalls are container form factor NGFWs that offer cloud-delivered security services on top of the NGFWs, giving you the ability to deploy Layer 7 network security and threat protection in your Kubernetes clusters for advanced protection and compliance. Prisma Access is a cloud-hosted NGFW service that provides secure access to internet and business applications that are hosted in SaaS, corporate headquarter.
All in one platform
Palo Alto Networks Strata’s NGFWs provide a single platform to perform multiple security functions in a single-pass architecture, increasing the performance and flexibility of the firewall. This differs from legacy firewalls, which typically follow a sequence of separate functions in packet processing, reducing the overall performance of the firewall and the flexibility to easily add new features. Black Cell offers tailored professional services to enable seamless planning, implementation, and operations for Palo Alto Networks Strata.
Palo Alto Networks Panorama
Panorama is a centralized management platform that simplifies managing a distributed network of NGFWs, including Prisma Access, from one location. It provides multiple administration capabilities, such as role-based administration, allowing staff to access the tasks and data they need. Panorama is easy to deploy in both physical and virtual appliance form factors and enables consistent policy, easy rollout of common configurations using templates and device groups, and centralized deployment of security content updates, software updates, and automated policy deployments. Black Cell offers professional services to streamline the planning, implementation, and operations of Palo Alto Networks Panorama centralized management for your organization.
Sophos Firewalls
Sophos is a leading provider of cybersecurity solutions, and their advanced technologies offer unparalleled protection and performance capabilities. Sophos firewalls are equipped with TLS 1.3 inspection capabilities, enabling it to decrypt and inspect encrypted traffic while maintaining the high-performance throughput.
Powerful protection & performance
Sophos provides powerful protection and performance capabilities through the following features: application acceleration, deep packet inspection, SD-WAN, and TLS 1.3 inspection. These features enable organizations to maintain high security standards and protect against the latest threats while ensuring that their network traffic is optimized for high levels of performance and efficiency.
XStream Flow Processor
The Xstream Flow Processor offloads the encryption and decryption processes to accelerate the performance of SSL inspection.
Trusted source
Additionally, Sophos Firewall includes a feature called trusted source, which enables trusted traffic to bypass SSL inspection, ensuring that critical business applications are not unnecessarily slowed down.
Tailored support
Additionally, Black Cell offers tailored professional services to assist with planning, implementation, and ongoing operations for Sophos firewall deployments, ensuring seamless integration and optimal performance.
Sophos Central
Sophos Central is the cloud management platform that powers all Sophos products for seamless management. It provides a unified console for managing Sophos firewalls and other security solutions. Sophos Central makes it easy to set up, monitor, and manage multiple firewalls with its user-friendly interface.
Sophos Central also offers zero-touch deployment, which enables remote setup of firewalls with just a configuration file and USB key, eliminating the need for technical staff on-site. SD-WAN orchestration is also made easy with Sophos Central, allowing quick and easy creation of interconnecting SD-WAN overlay networks between multiple Sophos Firewalls.
Sophos Central’s powerful reporting tools provide increased visibility into network activity through analytics, enabling analysis of data to identify security gaps, suspicious user behavior, or other events requiring policy changes. The flexible reporting experience combines pre-defined modules with powerful tools to create custom reports that can be tailored to specific use cases.
Endpoint Detection
& Response
The Endpoint Detection and Response Solutions (EDR) market is defined as solutions that record and store endpoint-system-level behaviours, use various data analytics techniques to detect suspicious system behaviour, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems.
EDR solutions must provide the following four primary capabilities:
- Detect security incidents
- Contain the incident at the endpoint
- Investigate security incidents
- Provide remediation guidance
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is an advanced endpoint security platform designed for enterprise networks to prevent, detect, investigate, and respond to sophisticated threats. It integrates seamlessly with Microsoft’s cloud-managed services to provide a powerful security solution that uses a combination of technology built into Windows 10 and cloud-based security analytics.
Embedded behavioural sensors
This includes embedded behavioural sensors that collect and process signals from the operating system and send the data to a private, isolated cloud instance of Microsoft Defender for Endpoint. Using big data, machine learning, and unique Microsoft optics, behavioural signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence
Threat intelligence is generated by Microsoft hunters, security teams, and augmented by partners to identify attacker tools, techniques, and procedures and generate alerts when they are observed in the collected sensor data.
Capabilities & modules
Defender for Endpoint offers several capabilities and modules, including:
- Core Defender Vulnerability Management, which uses a risk-based approach to identify and prioritize endpoint vulnerabilities and misconfigurations.
- The Attack Surface Reduction set of capabilities provides the first line of defense by ensuring configuration settings are properly set and exploit mitigation techniques are applied to resist attacks and exploitation. This set of capabilities also includes network and web protection to regulate access to malicious IP addresses, domains, and URLs.
- Endpoint detection and response capabilities (EDR) are put in place to detect, investigate, and respond to advanced threats that may have bypassed the first two security pillars.
- Advanced hunting provides a query-based threat-hunting tool that enables proactive threat hunting and custom detections.
- Automatic investigation and remediation capabilities help reduce the volume of alerts in minutes at scale, allowing for quick response to advanced attacks.
- Finally, Microsoft Defender for Endpoint includes Microsoft Secure Score for Devices to help assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve overall security.
Sophos Intercept X Endpoint with XDR
Sophos Intercept X Endpoint with XDR is a comprehensive endpoint detection and response solution that helps organizations streamline their endpoint visibility and response capabilities. With industry-leading protection that reduces unwanted noise and a prioritized list of detections paired with AI-guided investigations, Sophos XDR provides better accuracy and reduces the workload for IT admins.
Advanced protection technologies
Starting with industry-leading protection, Sophos XDR intercepts breaches before they can start. Intercept X, the endpoint protection component of Sophos XDR, uses advanced protection technologies such as deep learning that predictively prevents attacks and CryptoGuard which rolls back the unauthorized encryption of files in seconds.
Cross-platform & Cross-OS support
One of the key benefits of Sophos XDR is its ability to answer critical IT operations and threat hunting questions quickly. With its native endpoint, server, firewall, email, cloud, mobile, and O365 integrations, organizations can access data from multiple sources in the data lake or pivot to the device for real-time state and up to 90 days of historical data. This level of cross-platform and cross-OS support is crucial for organizations that need to inspect their environment whether in the cloud, on-premises, or virtual across Windows, macOS, Linux, Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Infrastructure deployments.
Exploit prevention feature
Additionally, Sophos Firewall includes a feature called trusted source, which enables trusted traffic to bypass SSL inspection, ensuring that critical business applications are not unnecessarily slowed down.
Device Management
Device management refers to the administration and control of all the devices used within an organization. These devices can include computers, laptops, smartphones, and tablets. Effective device management is critical for ensuring the security, efficiency, and productivity of an organization.
- Inventory Management
- Software Management
- Security Management
- Performance Management
- Compliance Management
- Remote Management
- User Management
Microsoft Intune
Black Cell recommends using Microsoft Intune to manage the challenges of supporting a hybrid and remote workforce. Intune is a cloud-based endpoint management solution that simplifies app and device management across various devices, including mobile devices, desktop computers, and virtual endpoints. It manages user access and ensures the protection of access data on organization-owned and privately-owned devices, supporting a Zero Trust security model.
Features
Intune can manage users and devices, including personally-owned devices, and supports various client devices such as Android, Android Open Source Project (AOSP), iOS/iPadOS, macOS, and Windows. It simplifies app management with a built-in app experience, allowing app deployment, updates, removal, and more. It also automates policy deployment for apps, security, device configuration, compliance, conditional access, and more.
Self-service features
Employees can utilize the self-service features in the Company Portal app to perform actions such as resetting a PIN/password, installing apps, and joining groups. The Company Portal app can be customized by Black Cell to reduce IT operations overhead.
Integration
Intune integrates with mobile threat defence services, including Microsoft Defender for Endpoint and third-party partner services, to enable endpoint detection and response. Policies can be created to respond to threats, conduct real-time risk analysis, and automate remediation.
Sophos Mobile
Sophos Mobile is a Unified Endpoint Management (UEM) solution that secures traditional and mobile endpoints with minimal effort. It integrates natively with a leading next-gen endpoint security platform, Intercept X for Mobile, to protect against known and never-before-seen mobile threats. Sophos Mobile supports managing iOS, Android, Windows 10, and macOS devices, including BYOD environments.
Features
Sophos Mobile offers configuration and policies, inventory and asset management, app management, enterprise app store, app control, whitelist/blacklist, detailed reporting, EDR, anti-phishing, web protection, and web filtering. With these range of features Sophos Mobile provides businesses with the tools they need to secure their mobile devices and protect sensitive data.
100% privacy
With the Android Enterprise Work Profile and iOS User Enrolment modes of management, business data remains separate from personal information to enable productivity without compromising security or privacy.
Sophos Central
Everything is managed seamlessly through Sophos Central, alongside Sophos’ entire portfolio of next-generation cybersecurity solutions.
Identity Management
Identity management is a crucial aspect of cybersecurity that involves the management of digital identities and user access rights to various resources within an organization’s network. This process involves verifying the identity of users, granting or denying access to sensitive data, and ensuring that user actions are traceable and auditable.
Key features of Identity Management:
- User authentication and verification
- Authorization and access control
- User activity monitoring and auditing
- Password management and self-service
CyberArk Privileged Access & Identity Management
Black Cell enables organizations to implement Privileged Access management (PAM) & Privileged Identity Management (PIM) by CyberArk to protect against the threats posed by credential theft and privilege misuse. By enforcing the principle of least privilege, Black Cell enables organizations to reduce the attack surface and mitigate the risk from malicious insiders or external cyber attacks that can lead to costly data breaches.
Privileged Access Management (PAM)
PAM refers to a comprehensive cybersecurity strategy – comprising people, processes and technology – to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment. Black Cell leverages CyberArk’s PAM solutions, grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions.
Privileged Identity Management (PIM)
CyberArk Privileged Identity Management (PIM) is a solution designed to protect and manage privileged accounts and credentials within an organization. Privileged accounts refer to accounts that have administrative rights, allowing users to access sensitive systems, applications, and data. PIM helps organizations secure, control, and monitor privileged access to critical assets, reducing the risk of cyber attacks and data breaches. CyberArk’s PIM offers automated access provisioning to dynamically provision and revoke access to corporate resources, identity orchestration to simplify and automate complex identity processes, as well compliance controls to establish organization-wide compliance and access attestation controls, and comprehensive reporting to use audit reports and detailed dashboards to gain visibility into access permissions and entitlements.
Managed Security Services
Managed cybersecurity services can be a crucial component of any modern organization’s security strategy. These services are designed to provide businesses with the expertise, tools, and resources needed to secure their digital assets and protect against cyber threats.
Key benefits of Managed Security Services:
- Scale security resources
- Access to a team of security experts
- All without investing in expensive security resources
Black Cell Managed Security Services
Managed Security Services can be a valuable investment for any organization that values the security of their digital assets. By outsourcing the management of security infrastructure to Black Cell, businesses can benefit from advanced security tools and expertise without having to invest in expensive security resources themselves.
Implementation
We offer comprehensive implementation services for firewall, endpoint protection, device management and identity management solutions to ensure the security of your organization’s network and devices. With Black Cell Integration team’s expertise, we can help you design and deploy firewalls that meet your organization’s security requirements. Additionally, our endpoint protection services utilize the latest security technologies such as EDR and ML based prevention to safeguard your devices from potential threats. We can also implement device management solutions, including mobile device management (MDM) and mobile application management (MAM), to manage access and security for devices that access your organization’s resources. Trust Black Cell to provide expert implementation services for all your organization’s security needs.
Managed Detection and Response
The managed detection and response service is provided through Black Cell Fusion Center. The team has seasoned experts across all required domains to facilitate incident detection, response and prevention 24/7:
- computer security incident response team (CSIRT) for cross-functional business incident response,
- security operations centre (SOC) for dedicated security command and control,
- computer emergency response team (CERT) for threat intelligence.
Change and Incident Management
With our change management service, you can control the lifecycle of all changes, with the primary objective to enable beneficial changes to be made with minimum disruption to your information security systems in terms of the security systems deployed by us, such as firewalls, endpoint detection and response, device management or identity management.
With our incident management service, you can manage the lifecycle of all incidents, i.e., unplanned interruptions or reductions in the quality of information technology services and processes, with the primary objective to reduce the impact and probability of such events.
Change and incident management services are based on ITIL v4 principles, tailored to your cybersecurity and compliance requirements. Requests are tracked in Black Cell’s service management system, prioritized according to their assigned severity level, and automatically assigned to priority queues.
Depending on the priority of the request, the issues in the priority queues are automatically routed to senior Technical Support Engineers. Black Cell continuously monitors all issues to facilitate timely response and resolution.