Preloader Close
Awesome Image
Awesome Image
get appointment
Awesome Image
Awesome Image
get appointment

Finding The Best
ICT & OT Services

SC4T can build your HLD/LLD architecture to help you migrate from a traditional legacy network infrastructure to a more up to date design integrating public/private and on-premises or Cloud solution and next generation Data Centers and Industrial networks

Contact Us

Project Description

Digital Next Generation Infrastructure Cyber Security with Hybrid Cloud for Financial Bank”

SC4T offers a comprehensive set of solutions that address customer data security for a CISCO SYSTEMS Access Control solution.

Case: Finance Corp: Banks need to have Access Control Infrastructure to identify each and every access to check whether these are internal or external. 

Here the macro objectives are:

  • Recognition of connected devices: Corporate ones (internal company) vs non-corporate ones (external consultants, residents, guests, etc.).
  • Device profiling: Recognize the function of the devices, the operating system, connected users, open ports, active processes, type of connection
  • Compliance control: Evaluate compliance of connected devices with company policies. In particular, regarding the manageability of clients, the status of operating system updates and the status of installed antivirus.
  • Remediation in case of a non-compliance of a device: take action to remedy and/or isolate it from the network.

SC4T designs and implements solutions that fall within the orbit of CISCO SYSTEMS addressing the following issues:

  • People Control Access Protection: CISCO DUO
  • Endpoint Protection: CISCO AMP and CISCO ANY-CONNECT
  • Network Infrastructure Protection: CISCO Firewall NGFW Firepower 4130
  • Integration Signature Protection with Radius: CISCO ISE Integrated Security Engine
  • Security Management Software: CISCO Firewall Management Control FMC + Secure-X

The separation of IT Security

The goal is to interact with network systems from different manufacturers via SNMP and/or Telnet / SSH in order to act on the configurations to change the configuration of the network ports (moving the VLAN and shutdown of the port…)

  1. Apply traffic restrictions to devices connected on unmanaged switches
  2. Detect unauthorized hubs or switches and inhibit access to the network
  3. Control and manage access to the network without using 802.1X
  4. Check Clients Compliance (Windows, Linux and Mac) with or without agent. Checking the status of the EPP installed updating the definitions and status (running, installed) and/or Microsoft and Apple security patches depending on the severity.
  5. Ensure compatibility with the Endpoint Protection used by the Customer. Being able to install a temporary agent that does not require administrative rights to be started and won’t re-run at the next logoff / logon or system restart in order to be able to check the security profile on the PC
  6. Check for the presence unauthorized PCs: modems, gateways putting Customer’s network in communication with untrusted external networks and in case disabling it.
  7. Authorize access to the network via captive portal using credentials of specific Active Directory groups or self-registration validated by a Sponsor.
  8. Differentiate access to the network according to the type of user
  9. Scheduled or instant reports of the authorizations granted to guests
  10. Manage the permissions granted to guests revoking those thru Active Directory
  11. Automatically identify devices connected by type and function (cameras, clocks, alarms)
  12. Customize categories of devices not automatically identified
  13. Automatic enforcement depending on the type of devices even without the use of 802.1X, acting on the configuration of managed switches, and by limiting access to the network by blocking the traffic generated.    
  14. Provide inventory of network resources thru web portal for consulting the inventory of resources 
  15. Instant or scheduled reports Listing devices, filtering them by type
  16. Verify the vulnerability: malware / security bugs (i.e. Heartbleed, Meltdown, Spectre)

The Cybersecurity model today

SC4T is Cisco Partner for ICT/OT Security using «ZERO TRUST» Methodology. Zero Trust for SC4 is based on 4 main pillars with well-defined guidelines:

SC4T’s approach to ICT / OT Security with Cisco Systems Technologies for  “Trusted Security” = Security Integration for the Bank.  The Security solution for Banks according to SC4T.

Benefits

    1. Complete integration of the Cisco Security solution into the network

    2. “End-to-end” management from endpoints to within the network (port programmability if Cisco network with SD-Access technology of the DNA platform

    3. Endpoints:

  1. Multi Factor Authentication Management with DUO, integrated with Cisco Any-Connect
  2. Cisco Any-connect allows VPN, Malware control and credential management with ISE, programmability with Cisco DUO NAG with Reverse Proxy for Strong authentication integrated with Cisco ISE
  3. Integrated control of Video cameras, IP Phones, Smartphones (with IOS and Android) with Cisco DUO and Any-connect to access the corporate network, IoT devices if they have an IP address with MAC Address for profiling in Cisco ISE

    4. Networks:

  1. Integration with CISCO ISE and Firepower 4130 with FXOS for complete management of user profiles, network devices, endpoints, integrable with Active Directory and with Radius or Tacacs + database
  2. Full profiling (see slide backup)

    5. Data Center:

  1. Profiling and authentication of access to applications and opening and / or closing of L4 UDP / TCP ports and management at L7.

Go To Top