Thursday, November 29, 2012

Improve network security defense with NEXThink


Among the various networks managed by DIRISI , telecom operator Joint Department of Defense, the network INTRADEF is certainly larger. This is the current working network, classified Restricted Distribution. There is also a park rather heterogeneous, including software and hardware versions are spread over 5 years, with users (and administrators) more or less rigorous. Park user control is therefore unclear.

This network is obviously secure. Security solutions are deployed on servers and active elements of the network. But on workstations, USB ports are not locked while in the past, a tattoo, got a virus sas was necessary to connect a USB key. And especially in recent years, a mail gateway can communicate with the Internet. Obviously if this stream is filtered, the network is less compartmentalized. therefore the ministry has decided, as part of the defense in depth recommended by ANSSI, complete security solutions through a market to control in compliance and continuous use of network stations INTRADEF.

This is the Swiss company NEXThink with its eponymous software won the tender . It is a utility less than 500kb, which was installed on each PC, will collect a number of information and send it for analysis and visualization on a server. It allows you to supervise first large networks (active services and software versions ...), but also to control any abnormal behavior of client stations, the first sign of a viral infection or a virus attack.


If this solution does innovative and extremely light, a number of questions arise:
  • Firstly, without any chauvinism, why use a Swiss company . It is still equip a network DR Ministry of Defense. Admittedly, the Swiss neutrality has nothing to do with Chinese friends of Senator Jean-Marie Bockel. But still, there was no solution it French?
  • Because this is proprietary software, to what extent the 43 ° Transmissions Battalion , authority in this market expert in the field but especially SSI, he could analyze the code of the software ?Indeed, the purpose of this software is to make sure alerts to administrators. It should easily be able to exfiltrate information to another entity.
  • Currently smartphones INTRADEF accessing the network via the Internet are being deployed within the Department. Is NEXThink is limited to PC? If this is the case, it is a solution that has a time delay of network evolution.
  • The fact of adding a brick to the other components of the security of the network he will not, however, add complexity? A solution would probably be more effective.
  • CASSIDIAN , large defense industry which focuses on government procurement, concluded a partnership with NEXThink . It can now include in its NEXThink security solutions. Might there not be in a more or less near future, to buy the same software (more than € 4 million) through CASSIDIAN?
Anyway, and whatever the answers to these questions, we must nevertheless highlight the effort that is made ​​to take into account the weak link in the SSI, the end user .

No comments:

Post a Comment