Multiple layers and mechanisms of protections for best results

A unique feature of the IMPEX is that it uses multiple antivirus products to scan files and devices. A large number of scanners can be used, as a layered defense. If one antivirus is not updated with signatures to fetch the latest threats a combination of multiple products will reduce the risk of not detecting known threats.

An equally unique feature of IMPEX is that it can be configured to archive all files that it analyses for rescanning purposes. Continously and systematically checking previously imported files is something that unfortunately is needed today, since some threats will just be known after a period of time.

Scanners

Multiple numbers of scanners can be configurated.

Rescan Files

Check previously imported files for unknown threats.

Archive Files

Archive files for future rescanning purpose.

Set your config

Use a number of pre-set configs or custom make your own config.

Audit trails, statistics and reports

A key feature of IMPEX is its ability to create audit trails of the actions. The product allows for detailed reports on who imported or exported what file at what IMPEX station at what time and what security controls where performed on that time. An import or export action will generate audit tracks that gets saved into databases as well as beeing used for a receipt. An electronic or paper receipt can be a critical part of a process to verify that the checking has been performed and all work that is performed is compliant with the process.

Detailed statistics as well as overview or detailed reports are available in the solution.

IMPEX was initially developed as a response to multiple Nordic customer requirements with real life problems that needed a solution, custom made. This has led to a practical, easy to use scanning solution with audit trails.

Based on Linux and using SELinux

IMPEX is based on Linux and then hardened further. SELinux is used to control and lock down processes. The services running AV and handling the USB drives run in confined namespaces controlled by the Linux kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.

IMPEX also uses black and whitelisting technology to control which devices are used, for example black listing certain drives that come with pre-installed executables when purchased.

Use cases of IMPEX protection

Third party field personnel who need temporary access to install software updates on these computers, systems and appliances and thus bring files into the environment

Operational personnel that need to get operational data, data series, statistics, etc out from the environment

Export of data or information from a high security organization that require that all data transfers is checked to comply with data handling controls to avoid information leakage.

Service personnel that need to extract datadumps, backups, copies of the current configuration out from the environment

Management Server

The server component for managing a fleet of IMPEX stations is called ICC, or the Impex Control Center. See the images for some basic information about the functionality.

Impex ICC

Interested in Impex?