Multiple layers and mechanisms of protections for best results

A unique feature of the IMPEX is that it uses multiple antivirus products to scan files and devices. A large number of scanners can be used as a layered defense. One antivirus product might not find all malware, but using a combination of multiple products will reduce the risk of not detecting known threats.

IMPEX also has file exception handling and device filtering technology to control which devices are used, for example block certain drives that come with pre-installed executables when purchased.

An equally unique feature of IMPEX is that it can be configured to archive all files that it analyses for rescanning purposes. Continuously and systematically checking previously imported files is something that unfortunately is needed today, since some threats will just be known after a period of time.

Scanners

  • Multiple AV scanners
  • Private AV rules scanner
  • File exception scanner

Central management

  • Scanning statistics of files
  • Scanning statistics of devices
  • Central configuration of invidual station

Device cleaner

  • Format devices
  • Shred devices

Device filters

Block or allow USB-devices based on vendor, product name or serial numbers

Audit trails, statistics and reports

A key feature of IMPEX is its ability to create audit trails of the actions and integrate these events with a SEIM solution. The product allows for detailed reports on who imported or exported which file, at which IMPEX station, at what time, and what security controls where performed. An import or export action will generate audit tracks that get sent to the ICC server. An electronic or paper receipt created will show that malware checking is performed in compliance with your security process.

Detailed statistics as well as overview or detailed reports are available in the central server.

Secure kiosk device

IMPEX station is a secure kiosk solution based on Linux and then hardened further. SELinux is used to control and lock down processes and to protect the system from potential malicious code. The service run several scanning engines and multiple AV engines. The system runs in confined namespaces controlled by the kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.

Use cases of IMPEX protection

IMPEX was initially developed as a response to multiple Nordic customer requirements with real life problems that needed a solution, custom made. This has led to a practical, easy to use scanning solution with audit trails.

Third party field personnel who need temporary access to install software updates on these computers, systems and appliances and thus bring files into the environment

Operational personnel that need to get operational data, data series, statistics, etc out from the environment

Export of data or information from a high security organization that requires that all data transfers is checked to comply with data handling controls to avoid information leakage.

Service personnel that need to extract data dumps, backups, copies of the current configuration out from the environment

Management Server

The server component for managing a fleet of IMPEX stations is called ICC, or the Impex Control Center. See the images for some basic information about the functionality.

Impex ICC

Interested in Impex?

Contact sysctl