Enterprise Security

Identity and Access Management (IAM)

IAM is about defining and managing the roles and access privileges of individual users — this includes customers, contractors, suppliers, and partners as well as employees — and the context in which users are granted (or denied) those privileges. IAM systems simplify access and adherence to security protocols, corporate policies, and government regulations – both for systems administrators and users. They are centralized, automated, orchestrated, and frictionless.

A predecessor of modern IAM is network access control (NAC). NAC has been used for many years to grant endpoints — which could be a BYOD smartphone or an IoT device like a pacemaker — access to network resources once the system authenticates and authorizes that device. Most wireless vendors have built NAC into their onboarding platforms and the technology is meant to integrate easily with different types of endpoints and security products.

Deploying NAC, like newer IAM platforms, requires a lot of up-front planning and policy development but pays dividends when it is automated and working well. Structured’s engineers and compliance professionals have a lot of experience guiding clients in how to best deploy this technology.

Next-Generation Firewalls (NGFW)

NGFWs retain the same purpose as their stateful inspection forebears – to consistently protect users, data and network resources from attack – but their integrated and powerful inspection, defense and prevention capabilities now dwarf those devices released just a generation ago.

Available as either physical or virtual appliances – or even delivered via the cloud as a SASE solution – now-ubiquitous NGFWs are core to every security architecture. No longer relegated to simple port and protocol inspection of north-south network traffic to detect malware or miscreants, NGFWs supply critical capabilities for establishing and supporting a comprehensive Zero Trust security strategy.

They allow security administrators to create and automatically enforce granular controls for what users and devices are able to do or access; enable microsegmentation of network and application flows to limit damage in the event of a breach; integrate with and boost the efficacy of 3rd party threat-intelligence solutions and technologies like SD-WAN and SD-Branch; and — oh yes — they detect and prevent advanced threats stemming from malware, phishing, and other vulnerability exploits like buffer overflows, port scans and command-and-control maneuvers.

Endpoint Protection Platforms (EPP)

EPP evolved as a response to advanced persistent threats and zero-day threats that old signature-based antivirus (AV) software could not stop. These platforms leverage advanced algorithmic capabilities inherent in artificial intelligence and machine learning and very often are delivered as subscription-based, cloud-managed solutions that include lightweight agents for endpoints.

EPPs detect, investigate and prevent known and zero-day file-based, fileless, and script-based threats – those that detonate immediately and those that dwell for days or months in a network before activating. In addition to being very powerful computing platforms that are constantly supplied with new data from global repositories, they integrate well with other on-premises and cloud-based security hardware and software tools for sandboxing, application control, data loss prevention, endpoint detection and response, and — very critical — with next-generation firewalls (NGFW).

In fact, EPPs are steadily growing to comprise all of those processes and technologies in a holistic framework.

Multifactor Authentication (MFA)

Security-minded organizations — especially those with distributed workforces also turn to multifactor (or at least two-factor) authentication (MFA) to add an extra layer of protection when end users try to access corporate applications and data. In the case of two-factor authentication, users are challenged to provide something they know (such as a password) and something they have (such as SMS confirmation on an approved smartphone).

True MFA takes the sign-in process one step farther in that it requires something you are — provided by facial recognition, iris scan, or fingerprint.

Physical Security

No discussion of enterprise security would be complete without a mention of modern AI-enabled, cloud-based physical security devices like cameras and BLE-enabled tech. Structured has partnered with security firms offering plug and play video surveillance solutions that seamlessly integrate with cloud-based access control to save organizations on server, storage, and maintenance costs. These systems also provide remote accessibility, powerful analytics and live alerting during unusual activity.