Every organization has multiple points of entry for data from outside sources. What most companies do to protect their desktops from malicious content is simply run virus scanners. Though a valid solution, this approach has distinct drawbacks.

As the number of desktops increases, so does the cost and complexity of managing and maintaining the virus scanning solution. Meanwhile, reliability decreases. All it takes is a single desktop that is not up-to-date to let an errant virus, trojan or worm deliver its dangerous dose and contaminate the entire system.

In addition, virus scanners scan only for known virus patterns and do not offer “zero day protection.” Zero day protection is the ability to protect the organization from harmful content that is yet undetected, including malicious Java and ActiveX applets as well as unidentified viruses.

igxglobal supplements the desktop anti-virus solution by employing two powerful agents to scan and scrub the data at its point of entry into the network:

Virus Scanning
Transport mechanisms such as HTTP(S), FTP and IM, while mission critical to all businesses, are difficult to control. The Security Anywhere service analyzes all content with anti-virus scanners and stops all viruses, worms and trojans before they reach the network.

Malicious Code Scanning
Aside from viruses, worms and trojans, malicious Java and ActiveX code may be delivered when a user surfs the web or simply opens an e-mail. Such malicious code can be used to perform a variety of devious tasks such as scanning the network for vulnerable systems, deleting files from the hard drive or delivering worms to other machines, both internal and external. The Security Anywhere service employs a unique technology that identifies malicious code based on intent and prevents it from reaching the user desktop.

Content-based Access Control
igxglobal's Security Anywhere employs vigorous access controls based on desirable or undesirable content. There are more than 30 categories of sites – such as sexually explicit and hate oriented – from which a company can choose to prevent access for its users. Alternatively, there are ways to allow users to access only specific types of sites. The Security Anywhere content-based access control can be customized for individuals, a group of users, an entire organization or any combination.

Black/White Control Lists
To complement the content-based access control features of the Security Anywhere service, granular controls may be implemented to allow or deny users access to specific sites. This feature may be implemented for all or a single user. Combining these granular controls with the content-based access control component create a forceful control capability.

Partial Site Access Control Lists
The Security Anywhere service also supports permission or denial of access to portions of a particular site. For example, an organization may want users to have access to all of Yahoo.com except for the finance section. In that case, Security Anywhere can specifically block just that section of the site. Conversely, it is also possible to deny access to all of Yahoo.com except the webmail section of the site.

A single mistyped character in the address bar can lead the user on a frenzied mission to shut down countless embarrassing pop-ups. Pop-ups are more than an inconvenience; they pose a real security threat. An ill-intentioned site may use a hidden pop-up to maintain an open connection for the purposes of loading malicious content to a user desktop. Regardless of the intent, pop-ups are unwanted and distracting.

Until now, the only option has been to load software on each individual desktop -- a fragmented and inconsistent approach to addressing this problem. The Security Anywhere service efficiently and centrally addresses the pop-up problem for all users, local and remote.

igxglobal's Security Anywhere service goes beyond the threshold of a standard firewall to deliver application-based security. Such a high standard for security allows control implementation for applications that have in the past managed to work around the thresholds of standard firewalls. The Security Anywhere components are also certified by ICSA, an independent laboratory widely known for its high security standards.

• File Type Control
  The Security Anywhere service allows for control of specific file types to the user desktop. For example, an organization may want to allow or deny access to PDFs for all sites or only for a particular site. The Security Anywhere service enables organizations to control file downloads at a granular level. This feature combats techniques used to deliver malicious content into the system via files. igxglobal offers a large variety of file types from which to choose including doc, exe, zip, com, pdf, mp3, mpg and many more.
• MIME Type Control
  MIME components are applications that work within the browser as a user navigates the Web, such as Macromedia Flash. Security Anywhere allows organizations to control those applications that run integral to the browser. An example would be to allow or deny access to flash for all sites or for a particular site. This feature empowers organizations to control the user desktop to the level deemed appropriate based on each company's security policy. Supported MIME types include javascript, vrml, flash, oleobjects, ipphone, h.323 and many more.
• Header Type Control
  Header type control provides the means to allow only specified and authorized applications to access the Internet. This component enables Internet access or denial based on specified applications such as a particular version of a browser, specific e-mail clients or only applications on an organization's approved list.
  Alternatively, a company may desire to deny specific applications. One example: If a new vulnerability is identified for a version of browser common to an organization, header type control blocks that version from reaching users’ desktops until the IT staff updates it and applies the appropriate fixes.

Instant messaging (IM) is pervasive in today’s workplace. Although it facilitates communication, IM can also be difficult to control. The primary IM providers such as AOL, Yahoo and MSN have several mechanisms in place to ensure alternative means of connectivity, even if an organization blocks the primary means -- making IM especially dangerous, since it can be used not only to communicate but to transfer files.

• IM Access Control
  The Security Anywhere service is a highly effective mechanism to control or stop all IM communications based on a company's security policy. Security Anywhere allows organizations to specify with granularity the IM traffic deemed allowable. This includes both IM messaging and file transfer.
• IM Virus Scanning
  Since IM is often used to transfer files, Security Anywhere analyzes and scans all IM file transfers for virus, worm, trojan and malicious code prior to network penetration.
• IM Keyword Blocking
  For those organizations wishing to control information leaks or to establish standards for language and behavior, Security Anywhere can identify and block confidential or substandard communications, both into and out of the network.

Peer-2-Peer networks such as Kazaa and its derivatives, including Morpheus, Limeware and others, are the source of both undesirable and malicious content. These networks are a haven for pornography and viruses. Unfortunately, the client applications for these networks have built-in resiliency to ensure that common services such as web and DNS are leveraged to continue to deliver this functionality, even in the event the primary access is blocked.

Peer-2-Peer clients act as a client and a server simultaneously. It uses both bandwidths and allows unwanted and/or unchecked access into systems within your organization. Moreover, the recording industry has already started an aggressive legal campaign against organizations that allow Peer-2-Peer access both in and out of their networks.

The Security Anywhere service disallows the use of these applications reducing both utilization and security risk.

No one can predict every potential security threat to an IT infrastructure. Attackers know that organizations cannot possibly react fast enough to the sheer volume of vulnerabilities. igxglobal's Security Anywhere service stands between the organization and the “bad guys,” providing a central source of protection for all desktops and remote users alike.

igxglobal Security Anywhere clients have already benefited from protection against Code Red and MSblast attacks. Security Anywhere goes a step further by providing proactive protection as soon as vulnerability is identified. For example, if browser vulnerability were identified, Security Anywhere would effectively deny that version of the browser's access out until the appropriate systems are upgraded.

For organizations with requirements for specific applications, igxglobal will design a customized security policy.

Whenever users access a web site, the source site collects a multitude of information about the accessing system. This information includes browser type and version, operating system, display resolution and color depth, plug-ins and the specific source of access. The source of access allows the site owners to relate all of the information collected to a specific network or even desktop.

This opens the door to ill-intentioned individuals to “footprint,” i.e., the first phase of an attack.

The Security Anywhere systems make the organization’s access anonymous so that the end-site never recognizes the source of the access and is incapable of directly accessing the systems. This approach protects companies from the multitude of sources leveraging trace-back as an approach to identify targets.

The Security Anywhere service is extremely easy to activate. A knowledgeable igxglobal engineer is available to guide the entire process. Activating the Security Anywhere for the user community requires only three steps:

1. Define the organization’s security policy.
2. Point your browser to the appropriate Security Anywhere Configuration file.
3. Apply firewall policies to disable direct outbound access.

The Security Anywhere service was designed with the user experience in mind. Users will get clear and descriptive explanations if a particular action is not allowed. All event messages have an associated graphic with which users will become familiar and come to recognize at a glance. The two images below are screens an Security Anywhere user would see upon a policy-based denial or when malicious content is detected, respectively:

There are instances when a user needs to access content not available via the Security Anywhere service. Such instances include access to private intranet or partner extranet sites. Once the user is pointed to the central configuration file, all user access controls can be managed through igxglobal's centralized portal.

Organizations have numerous PAC files for various local or remote departments, groups or users.

igxglobal's central PAC file management site.

The Security Anywhere management portal puts reports right at the company’s fingertips. The portal provides a variety of utilization and access information on how users use the Internet and where they go.

Without igxglobal, the purchase, implementation and management of a solution for a 100-person organization would cost approximately $36,000.00 for the first year alone. igxglobal’s cost – with many additional values – is less than one-third of that cost. An analysis of the costs associated with building this type of system makes a strong case for choosing igxglobal’s service. Consider the following two points:

1. Some of the inherent benefits of the Security Anywhere service such as the anonymity, outage protection, high availability and easy 1-2-3 Turn-up cannot easily be satisfied internally, if at all.
2. Building an Security Anywhere type service requires time in selection and development of a multitude of technologies -- not to mention integration and implementation skills and time. The sustained costs of maintaining and managing the technology long-term are another consideration.

Clearly, igxglobal’s Security Anywhere service is the best choice.