Consultancy and Project Management

Our highly trained consultants will be happy to discuss your requirements and assist you to define solutions that will work within your environment. Once the design has been defined, the project will be managed from start to completion to deliver a working and supported solution.

Our broad technology experience and multiple vendor qualifications put us in an ideal position to provide our customers with unbiased solutions that will integrate with your existing network and other vendors. Much of this experience is obtained from 'real live' experience that is not possible to be achieved in running single networks or working in a test lab.

Installation Services

Breathe Technology Consultants deploy many vendor solution, from basic Firewall or Remote Access Solution in various organisations from Education to SME and Enterprise.

Our consultants will work with your Management and/or technical team to ensure the solution is installed correctly and with as little inconvenience as possible.

All consultants have broad network installation and support experience and will be trained directly by the vendors to understand the solutions we offer.

Training/ Knowledge Transfer/Documentation

Once a solution is installed, documentation will be provided. We understand that this may be required in the future and could render an entire solution useless if there is no trail of the setup information.

If required, we will happily spend the time with your technical team to run through the functionality and settings. Our support team will be readily on hand to help post implementation.

Vendor training can also be arranged at our or the customer's premises by the individual Vendors and breathe technology i.e. CSSA (Certified SonicWall Systems Administrator).

Vulnerability Assessment

The majority of systems connected to the internet are at risk from attack due to incorrectly configured devices, lack of security patching or flawed network design. An External Vulnerability Scan is designed to provide a thorough examination of internet-facing systems from the perspective of a hacker. Vulnerability assessments can range from a toolkit-based scan, with limited intervention by a Consultant, to a bespoke manual test that relies on the knowledge and expertise of the tester.

Reports include an executive summary that clearly sets out our findings as well as recommendations for securing any discovered vulnerabilities. The detailed section of the report includes sufficient detail to allow technical understanding of the findings and comprehensive resolution recommendations. Subsequent to the test the consultant will be able to offer advice and further explanation by e-mail and phone, or by presenting the results to the Client.

Support

We believe in taking responsibility for our work and hope to have long term relationships with our customer. 90% of our business is generated by return customers. Our experienced and friendly team will assist you in looking after the solution once installed and will be available to provide information, remotely resolve issues or attend site as required. Basic maintenance, firmware update and reporting is included as standard tasks.

Firewalls

There are many firewalling technologies available and it isn't always that easy to choose the right vendor, licensing, gateway security technologies and specification.

Breathe technology will assist you in selecting the right solution for your requirement and guide you through the implementation.

Firewalls will only protect your gateway if deployed correctly and used with the correct services such as Gateway Anti Virus, Anti Spyware, Intrusion Detection, Application firewalling and more.

Understanding your organisation and processes is key to this process. Together with the world's leading security vendors, we are confident that we will be able to secure your perimeter.

Access from anywhere

Classic IPSec VPNs were designed to offer remote access via encrypted channels over the public Internet. With the advent of the world-wide-web, and the proliferation of SSL-encryption-enabled web browsers to the point of ubiquity, complicated clients are no longer needed in order to establish secure channels across the Internet. With simple web browsers users can utilize standard and secure SSL tunnels to achieve remote access to a vast number of applications. From a business standpoint SSL VPNs offer three significant benefits over classic IPSec VPNs:

• They typically cost far less to implement and manage
• They offer greater convenience to users leading to better employee productivity, and
• They are more secure.

Of course, offering access from anywhere includes allowing access from Internet kiosks and other machines not known to be secure. Although an organization may be willing to extend network connectivity from the organizational LAN to trusted company-owned laptops (as is done with IPSec VPNs), no security-conscious enterprise would ever place a long Ethernet cable from the Internet kiosks to its corporate LAN.

As such, SSL VPNs must not mimic the connectivity functionality of IPSec VPNs, but rather establish secure access to applications from anywhere, and protect against the threats created when offering access from insecure computers. These threats include problems of data remaining on machines after usage, session re-reinstatement, and other serious concerns. If these threats are properly mitigated against, then SSL VPNs can offer cost savings and greater convenience than their IPSec counterparts. Of course, if these threats are not addressed, users will need to use company-owned laptops for access - defeating the benefits of the SSL VPN.

When SSL VPNs are implemented appropriately, they typically offer cost savings when compared to classic IPSec VPNs because there are no clients to maintain, and the simplicity of browser access yields a far smaller demand on organizational helpdesk resources.
Below are some of the costs that are greatly reduced when utilizing an SSL VPN

• Hardware costs of providing employees with laptops and home computers, as well as ongoing maintenance of these machines
• Deployment costs, including the purchase and installation of client software on all employees' computers
• Personal security software purchase and management (e.g. personal firewalls, anti-virus software)
• VPN management and maintenance costs including software upgrades, training, help-desk costs, connectivity (e.g., dial-up) costs, and more.

As for convenience and user experience, SSL VPNs free employees from being bound to particular locations, laptops, or devices for the purpose of accessing internal resources. Users access all of their internal resources through a single, convenient customizable portal web page - from any web browser, anywhere, anytime. Employees can travel without having to carry laptops, and the IT staff has fewer support nightmares. Your workers will thank you - and be more productive! Of course, this is all contingent upon the aforementioned browser-side security risks being addressed.

Because SSL VPNs allow remote access to applications without attaching the user's computer to the internal network, they eliminate the serious security problems associated with having infected PCs attached to the enterprise LAN via a VPN. When properly implemented, SSL VPNs can filter requests to ensure no worms or viruses can tunnel through it to internal systems.

An SSL VPN requires specialized capabilities to allow remote access to internal applications. For example, it must allow access to multiple back-end systems through the use of a single hostname, and be able to translate internal references -- such as internal host names and IP numbers found in URLs, JavaScript, cookies, headers, and parameters -- so that they will work from the Internet. (Of course, this should be done without disclosing information about the internal network topology to users in public locations.)

Terminal Services

Some users may need access to Client/Server applications (e.g. Lotus Notes Client, legacy CRM systems, etc.). To deliver such access without forcing users to use the SSL VPN from machines with clients installed (which would undermine the benefits of SSL VPN technology), SSL VPNs should integrate with terminal-services. Such integration allows users to access their client/server applications from anywhere -- even from machines on which they do not have client software installed.

Breathe Technology can assist with the complete project which could typically consist of SSL VPN Appliances, Windows Terminal Servers/ Remote desktop Servers and Secure Authentication such as Vasco Fobs or SMS authentication

Confidentiality

As email has become the preferred medium for business communications, organizations have become increasingly concerned about ensuring the security of individual messages. Email is now used to transmit both unclassified and sensitive or confidential information across all parts of the enterprise, including operational data, trade secrets, legal documents, financial information and human resources data.

The need to secure confidential information and comply with a growing body of regulations that govern the transmission of private data have made policy-based email encryption a "must have" feature of a complete messaging security solution.

Virus Protection

Email-borne viruses, worms and trojans continue to pose a substantial threat to enterprise operations. A competent messaging security solution should provide an always-up-to-date anti-virus solution with convenient, centralised administration, high-performance message analysis and flexible anti-virus policy management.

Spam Protection

Unsolicited Commercial E-mail, or Spam, has become a widespread problem because it is financially profitable. This is due to the low start-up costs for spammers, and because of the extremely low cost of sending each new spam message.

Spam is not only growing in volume, but also changing in nature; in order to be effective, a spam filtering solution must be self-updating and rely on several different technologies.

Email Encryption
Email Archiving

A firewall is not enough to protect your enterprise from the multitude of threats that exist. In addition to firewalls, most businesses need Intrusion Detection System (IDS), which is able to detect

• Inappropriate or malicious traffic, like remote attacks
• Traffic that violates Internet protocols
• Anomalous or unexpected activity, caused for example by network worms

which even a correctly configured stateful inspection firewall may well let through.

An IDS can be host-based or network-based, according to whether it operates on a host to detect malicious activity on that host, or on network data flows. Sometimes, a distinction is made between misuse and intrusion detection. The term intrusion is used to describe attacks from the outside, whereas misuse is used to describe an attack that originates from the internal network.

An IDS which is able to react to malicious traffic and prevent possible attack is usually called Intrusion Prevention System (IPS).

NTS' consultants have vast experience in configuring, deploying and managing Intrusion Detection and Prevention systems. We work together with our Clients to determine whether a separate IDS/IPS system is necessary (some firewalls now incorporate ID technolgy) and to devise the best implementation strategy.

There is now a legal risk to organisations when their employees introduce inappropriate, lewd and pornographic content and images into the work-place through their misuse of Internet Access, Email and Information Technology facilities provided for them (please register for our briefing paper entitled "Legal Exposure from without and Within").

The Internet contains a wide range of materials, some of which may be offensive or even illegal in many countries. Unlike traditional media, the Internet does not have any obvious tools for segregating material based on content. While pornographic magazines can be placed behind the counter of a store, and strip-tease joints restricted to certain parts of town, the Internet provides everything through the same medium.

Filters and ratings systems are seen as tools that would provide the cyberspace equivalent of the physical separations that are used to limit access to "adult" materials. In rating a site as objectionable, and refusing to display it on the user's computer screen, filters and ratings systems can be used to prevent children from seeing material that their parents find objectionable. In preventing access, the software acts as an automated version of the convenience-store clerk who refuses to sell adult magazines to high-school students. A content filter is one or more pieces of hardware/software that work together to prevent users from viewing material found on the Internet. This process has two components:

• Rating: Value judgments are used to categorize web sites based on their content. These ratings could use simple allowed/disallowed distinctions like those found in programs like CyberSitter or NetNanny, or they can have many values, as seen in ratings systems based on Platform for Internet Content Selection.
• Filtering: With each request for information, the filtering software examines the resource that the user has requested. If the resource is on the "not allowed" list, or if it does not have the proper PICS rating, the filtering software tells the user that access has been denied and the browser does not display the contents of the web site.

The first content filters were stand-alone systems consisting of mechanisms for determining which sites should be blocked, along with software to do the filtering, all provided by a single vendor.

The other type of content filter is protocol-based. These systems consist of software that uses established standards for communicating ratings information across the Internet. Unlike stand-alone systems, protocol-based systems do not contain any information regarding which sites (or types of sites) should be blocked. Protocol-based systems simply know how to find this information on the Internet, and how to interpret it.

Dealing with viruses

One of the biggest problems with antivirus technology is that, unlike many other security technologies, you cannot reliably use multiple antivirus applications on a single machine.

The invasive and probing techniques used in the process of looking for and removing viruses from a system often resemble the activities of viruses themselves, so running multiple antivirus applications on the same machine will usually result in one antivirus client mistaking another for a virus and vice versa.

The answer is to use different brands of antivirus spread across the IT infrastructure, ensuring that there is antivirus coverage on file servers, gateways and desktops/laptops, by using different brands on each to limit exposure resulting in a failure in any one make of antivirus. This three tier approach to antivirus is known as "Best Practice AV Deployment". But all this remains useless unless the applications are kept up-to-date. So prevalent are viruses that major antivirus vendors find themselves issuing def file updates (a def file is a database of known viruses and behavioural information to assist in heuristic scanning) on a daily basis.

Mechanisms need putting into place to ensure that applications on all platforms are up-to-date.

Most vendors have enterprise management tools that can automate the distribution of def files, application updates and patches at login and in the background, as well as allowing centralised management of all users of a given antivirus application.

NTS's approach is to reduce the administration headache wherever possible in an organisations infrastructure and to promote self managing/updating appliances where possible. We have partnered with the best of brand and best of breed manufacturers in this space to deliver an organisations total virus defence strategy.

Business Challenge: Managing Access to Mission-Critical Systems

Remember ancient business history (circa 1998) when organisations could more closely control access to their networks, applications and resources? Employees, contractors and suppliers usually had to be on site to access the network, and most applications were only available internally. In that environment, organizations could protect their most vital enterprise assets by setting up security at the perimeters.

By contrast, the highly-networked character of today's organisations means that an increasingly large and diverse set of users must be managed across many different corporate IT systems. In most organisations, each system has its own process and technology for managing user access. Furthermore, an extended enterprise is no longer the sole owner of the network identities of the users that access its online applications and services.

The challenge: enabling the highly efficient conduct of business through distributed IT systems while effectively managing user access across all of them.

The NTS Identity and Access Management Solution bring distinctive experience, tools, processes and resources to bear upon these vital information access issues. With a more secure extended enterprise, organisations have a stronger foundation for innovation and growth.

NTS's Approach: Productivity, Protection and Cost Reduction

With the NTS Identity and Access Management Solution, NTS works closely with clients to design and implement an identity management strategy with several business objectives in mind:

• Provide secure access quickly so employees and business partners can be productive immediately.
• Provide single sign-on to applications to increase customer satisfaction and employee productivity.
• Remove access immediately when people leave an organisation or change roles to protect assets and knowledge capital.
• Provide self-service functionality and delegated administration to reduce help desk costs and user administration activities.
• Provide more efficient auditing capabilities by enabling real-time analysis of the access privileges and activities to help meet regulatory requirements.

How is this accomplished? NTS has four primary ways to help jumpstart your identity and access management program:

Identity and Access Management Strategy

Delivery of an effective identity and access management solution is often a multi-year program involving organisational change, process reengineering and numerous technology components. Using our broad experience in technology and strategy, together with our unmatched delivery capabilities and deep industry expertise, we help you develop a strategic architecture blueprint, a business case and a clear roadmap for your identity and access management program. We help you translate ideas into action, delivering significant, measurable value with each phase of work.

Identity and Access Management Delivery

A successful identity and access management solution requires deep technology implementation skills, and something more. Understanding the transformational nature of the processes and then aligning the solution with the people in the organisation are critical to success. Using our deep systems integration capabilities, and our industry and security expertise, we help you implement all aspects of your identity and access management solution, including identity management portals, single sign-on solutions, strong authentication solutions, total access security encompassing firewall, AV, content management and provisioning. We also help you manage the program along the way.

Accelerated Identity and Access Management Delivery

Accelerated delivery of an identity and access management solution pairs NTS's consulting and implementation expertise with best-of-breed technology from our alliance partners. The result: rapid deployment of a focused identity and access management implementation that can easily co-exist with an organisations current security infrastructure and scale to the entire enterprise. NTS has developed numerous assets to support accelerated delivery of identity and access management solutions, including a rapid implementation methodology and delivery aids.

Unparalleled Resources and Delivery Capabilities

NTS is uniquely qualified to help plan, design and deliver world-class capabilities in identity and access management. We have an unparalleled ability to integrate technology and industry expertise, organisational and policy making skills, and knowledge of industry best practices to jumpstart any organisation's efforts to improve the performance of its security.

NTS uses proven methodologies, tools and frameworks to provide structure while tailoring a custom solution to meet the specific needs of each client. We provide a unique mix of comprehensive skills coupled with powerful and well-proven delivery methods that ensure on-time and on budget solutions. Additionally, we have strong alliances and partnerships with the best players in the security marketplace.

More than half of corporate data lies unprotected over endpoints in organizations. Sensitive information like customer data, trade secrets, intellectual property, and legal documents reside over endpoints for their productive use by authorized users.

However, easy access by users to portable devices and applications like USBs, DVDs, MP3s, file-sharing applications, Instant Messengers, and more, make it easy for them to maliciously or accidentally leak this data.

Today, the cost of lost/stolen data to an organization is massive with lost business resulting in 65% of breach costs, according to research. Hence, organizations need to protect their corporate data at endpoints from unauthorized sharing or leakage by insiders.

Besides, centralized, automated Asset Management is necessary at the endpoint due to the presence of large number of users, branch offices, rise in sophisticated attacks and the resultant bugs and vulnerabilities. Hence, securing the endpoint to protect corporate data and assets has become critical, with a rapidly rising number of organizations deploying dedicated data protection suites that offer user-level controls when handling data

Breathe technology can deploy solutions that protects the organization's endpoints from data leakage through Identity and group-based policy controls, encryption, shadow copies, logging, reporting and archiving. Cyberoam offers data protection and asset management in four easy-to-deploy and use modules –

These modules enable organizations to limit access only to trusted devices, applications and recipients while sharing data. Asset Management eliminates the IT burden on organizations with reduced support calls due to malware attacks, system recovery and performance issues. The easy-to-manage Cyberoam Endpoint Data Protection allows organizations to prevent data loss, enhance security, employee productivity and efficient management of IT assets while retaining business flexibility. In addition, organizations can meet regulatory and security compliance requirements.

Encryption requirements could be as simple as encrypting a USB memory stick or laptop hard disk. This type of technology is becoming more accessible for Educational institutions, SME. Using Vendors such as Cyberoam , Winmagic or Lumension we are able to encrypt data, email, backup and other sensitive forms of data transfer or storage.

The days of backing up crucial company data on unreliable backup tapes in biweekly backup cycles is part of history together with the Amstrad and large mainframes. Today's competitive environment and legal requirements do not allow for core systems to be made up of semi reliable technology and flawed processes. Breathe Technology can now provide your organisation with real time backup and offsite disaster recovery. Backup and recovery becomes easy, efficient and simple to manage with clear reporting to make your backup strategy more intelligent. More indepth requirements such as universal hardware image restores and backup of SQL & Exchange databases are included.