IMPEX was developed to handle movable media used in sensitive environments. It can be viewed as a technical security control, as it allows for checking devices and files for malicious code, but more importantly it is also a strong policy enforcement tool. Import and export of information can be controlled based on rules that implement the information handling policies of the organization. Information handling policies can be broad like ”Allow any USB drives to be imported after they were scanned” to more specific policies like ”Only known USB models can be imported from and the destination device can only be a USB drive with serial numbers starting with 123483*”
IMPEX can be used in a number of scenarios where critical systems, legacy systems or IT components not under your own control is part of the environment. Those environments contain equipment that often lack antivirus for various reasons. IMPEX is an important defense line to prevent malicious code from ever reaching these systems.
Servers that is not covered by ordinary IT management procedures, such as SCADA servers, telephony servers, servers for physical access control, video servers for CCTV, medical devices, embedded devices, physical and virtual appliances and more are too often unprotected critical assets. For those servers and services, IMPEX can be used as an perimeter protection.
For price information, demonstrations, evaluations or additional product information, contact us for more details or requesting a demo!
A unique feature of the IMPEX is that it uses multiple antivirus products to scan files and devices. A large number of scanners can be used, as a layered defense. If one antivirus is not updated with signatures to fetch the latest threats a combination of multiple products will reduce the risk of not detecting known threats. An equally unique feature of IMPEX is that it can be configured to archive all files that it analyses for rescanning purposes. Continously and systematically checking previously imported files is something that unfortunately is needed today, since some threats will just be known after a period of time.
IMPEX is based on Linux and then hardened further. SELinux is used to control and lock down processes. The services running AV and handling the USB drives run in confined namespaces controlled by the Linux kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.
IMPEX also uses black and whitelisting technology to control which devices are used, for example black listing certain drives that come with pre-installed executables when purchased.
A key feature of IMPEX is its ability to create audit trails of the actions. The product allows for detailed reports on who imported or exported what file at what IMPEX station at what time and what security controls where performed on that time. An import or export action will generate audit tracks that gets saved into databases as well as beeing used for a receipt. An electronic or paper receipt can be a critical part of a process to verify that the checking has been performed and all work that is performed is compliant with the process.
Detailed statistics as well as overview or detailed reports are available in the solution.
IMPEX was initially developed as a response to multiple Nordic customer requirements with real life problems that needed a solution, custom made. This has led to a practical, easy to use scanning solution with audit trails.
The server component for managing a fleet of IMPEX stations is called ICC, or the Impex Control Center. See screenshots below for some basic information about the functionality. For more details, download the ICC manual.