Made4Biz Dynamic! Security FAQ

Identity thieves, whether internal or external to your organization, are phishing for legitimate credentials which they can than use to enter your network.

As a matter of fact, it is the weakness of the credentials that created the entire market of security products such as firewalls, smart cards and tokens. If the credentials were strong enough to stand a password cracking attack, your life as a security professional would much easier and less demanding.

Wouldn’t life been wonderful if there were no credentials for predator usage?

DS is in the business of fortifying the credentials so they stand against all those predators’ attacks.

What good will it do to the hackers if they couldn’t make use of the credentials they worked so hard to obtain?

DS converts the hackers’ pain into your gain.

First and foremost let’s understand that Dynamic! Security can only help you prevent Laptop thefts from your own campus and not from an airplanes’ overhead compartment or other external location. However, it can minimize the damage from theft of the laptop outside your campus.

By keeping track of the owner - laptop relationship and correlating it with the physical location of both the owner and the laptop, Dynamic! Security helps you fight effectively against those laptop thieves.

For example:

In the past, anyone who wanted to access network assets they needed to somehow cross the physical check-point while identifying themselves to the guards or to the automated Access Control system.

Than the Internet was invented, and suddenly people could enter the network electronically while bypassing the physical check-point. This situation called for a solution, and pretty soon companies such as Checkpoint invented the firewall concept which, in essence, is an imitation of the physical check-point. You needed to be identified first in order to be allowed inside.

The Wi-Fi invention made these two access methods obsolete for the hackers. Now they do not have to enter through physical or logical screening and they can enter the network directly, bypassing both barriers. Some organizations argue that they are Wi-Fi hacking proof since they do not deploy this technology.

They are usually dead wrong!!!

With the proliferation of Wi-Fi devices (laptops, Smart phones, Cellular phones, simple plug-in Wi-Fi access points, home Wi-Fi networks and cheap Wi-Fi signal boosters), the working assumption of the security teams must be that the network might and will be exposed to an unprotected Wi-Fi exploit.

It’s enough that one employee synchronizes his or her Smartphone with his Outlook, while the Wi-Fi option on the Smartphone is on.

The thought of all those employees who are allowed to enter from home, and of their children installing a home unprotected Wi-Fi access point, can drive any security professional into sleep deprivation.

The risks which came with the Wi-Fi technology are real and numerous, but whatever they are, the predators still have to find valid credentials if they really wish to enter the network -- and that is exactly where Dynamic! Security comes to your rescue, by drying up the fountain of credentials and correlating physical presence with the ability to login from within the campus.

Various regulations require that the organization try to prevent unauthorized access on one hand, and monitors who could have accessed at any given time, on the other hand.

That is exactly what Dynamic! Security does.

IDM deals with the employee in three occasions:

Now let me share with you a true story which occurred in one of the largest European financial institutions.

The organization runs branch offices throughout the world. In one of those offices they fired an employee who was an over five year veteran.

The branch office resides in a shared building which enjoys the security services of the landlord for the whole building.

Immediately after the employee was let go, the IDM went into action and revoked all the employees’ access rights.

The first Saturday after being fired, the ex-employee came to the buildings’ lobby and told the guard on duty that he forgot his employee badge at home, which is 60 minutes drive from the office.

The guard, who knew the ex-employee for a number of years, but didn’t know that he no longer works for the financial institution, felt bad for the guy and offered to open the office door for him with his master key.

The ex-employee thanked the guard and went into the office, used one of his ex-peers’ credentials and sent out to his web mail tons of confidential information which he was going to use in his next job.

Although the simplicity of this story is mind boggling, you can rest assured that with Dynamic! Security this could not happen, just because Dynamic! Security wouldn’t allow credentials to log-in while the credentials’ owner is not physically present in the campus.

DS can detect changes on a computer screen. When the screen comes back from energy saving mode, (the black screen mode it goes into after some idle time) into a lighted screen mode (usually after someone touched the mouse or the keyboard).

An event of that type, if happens during non working hours, when presumably nobody is supposed to be in that area, can be reported to the guard on duty, and the guard can then check the area.

If the organization has a security panel on which the last to go out moves the alarm system to ‘night mode’; Dynamic! Security can acquire that event and move the network also to ‘night mode’. This mode will typically include logging off all administrators’ User-IDs, locking all active desktops and monitoring the network for suspicious activities until an event such as moving to ‘day mode’ again. 　

DS, through its IDentiWall option, performs multi-factor authentications for both restricted Web and direct network clients.

IDentiWall has various modes of operation, but the common functionality of them all is that it uses the clients’ mobile phone to perform its authentications.

The following is a list of some of the IDentiWall’ modes:

In this mode the client logs into the network or the Web site using his or her original credentials.

IDentiWall’ Radius challenges the client with a One Time Password (OTP) which is sent to him or her via SMS.

The client copies the OTP to the challenge response screen, and only then is authenticated and allowed to enter the web site or the network.

This mode adds a pro-active response possibility. Imagine yourself sitting by the seaside sipping a nice glass of wine, when out-of-the-blue you get an SMS with OTP from your online bank or organizational network. Wouldn’t it be helpful if you could respond with an agreed SMS code telling the bank or the organizational network to block your account to any online access until further notice?

In fact, that is what the Pro-Active mode of IDentiWall makes possible.

In this mode, mobile client software is installed on the client mobile device.

This mobile client is the only one that can read the encrypted SMSs.

In order for that mobile client to work it has to be invoked by the owner of the phone, by entering a pin code.

This mode supports Voice Identification, which is a unique biometric identifier for every person.

DS has the following functionality:

Those functions, when implemented, harden the security in a very meaningful way.

DS supports ‘Alert Level Context’ behavior. It is equipped, out-of-the-box, with one-stop behavioral changes in response to changes in the:

In response to each alert level change, Dynamic! Security changes its response to the same events it used to respond to differently before the change occurred.

The failure of the first invented IT security measure, the credentials, lead to expensive implementations of point security solutions which you probably would have avoided if the credentials could have defended against the predator attacks.

Regrettably, Dynamic! Security was not around before to help you fortify the credentials to a satisfactory level.

The fact that it converges physical and IT security into one realm enables DS to provide you with peace of mind that was not available before its emergence.

When you add to that its add-on modules such as:

Coupled with built-in technologies such as:

You get a strong, robust and scalable solution for your important security problems.

Dynamic! Security, impressive as it is, is merely in the first phase of its road map.

Our commitment to you is to develop it further into uncharted security areas for your benefit.

We realize that there is no other product like that in the market today and we hope that with the progress we are going to make in implementing its road map, you’ll realize that DS is going to stay the unchallenged market leader. 　

Dynamic! Security is designed to strengthen organizational security without invading the privacy of employees. The product manages ‘employee card number’ without storing the actual employee name.

Furthermore, Dynamic! Security protects employee privacy by fighting the ID thieves and not allowing them to exploit the employee ID that they obtained, to convert the employee’s life into living hell.

DS implementation consists of the following phases:

In any case, it is our responsibility to supply integration for local access control.

By the end of the builder execution, which runs right after the actual installation of the product, the solution should be running and implemented.

The builder is also our responsibility and we arrive with it to the customer’s site on the installation date.

DS’s impact on the customer’s network depends on the policies the customer wishes to implement. It is obvious that an organization that wishes to ping all its networked devices every minute might feel some network performance degradation.

However, our experience shows that we never encountered an implementation in which the organization wanted such comprehensive ping practice, and in fact we never experienced network performance issues.

Since DS is highly scalable and can be configured to run in various configurations, it is not likely that we’ll face a situation where the implementation can’t be planned to avoid network performance issues.

Your proof of concept is the product’s Silent mode. All you have to do is have us install the product, integrate it with your physical access control, have us build the implementation builder for you and run it in Silent mode for some time until you’re content that it performs to your utmost satisfaction.

We’re sure you understand that this proof of concept requires some work on our end, which is why we must charge for proof of concept.

However, if you move from POC status to purchased status within an agreed timeframe, you can get 50% of POC payment credited towards the purchase cost.

DS was designed to cater to extremely demanding implementations. It supports huge implementations as well as complicated ones.

DS can be implemented in a hierarchy of DSs where each instance controls part of the network (one or more subnets) and they all are interconnected in a web of copies that are able to support any demanding requirement.　

As was discussed above, DS can be implemented in a phased manner and the options are as follows:

DS runs on Windows 2003 server, although in some instances we can set it up to run on desktop hardware rather than on pure server hardware.

In any case, the Win2003 operating system has to be installed on that hardware.

DS monitors physical presence of people and devices. By correlating their activities, it implements Location-based Security, converting the security landscape from a static to a dynamic one.

Messages can be sent over the network encrypted and digitally signed. DS supports console filtering so that each person who has access to the console sees only the information type that is defined in their filter.