The networked import/export controller
The Impex DataLock will sit between two or more networks and only allow transfer of files between them that have passed all the checks. Since it will sit in a zone boundary, or in a DMZ, it will also work as an application level firewall, with knowledge on which files should be passed or not.
IMPEX also has file exception handling and can allow a file to pass through even if one or more scanning engines would have blocked the file.
A unique feature of the IMPEX products is that they use multiple engines, such as antivirus products, to scan files and devices. A large number of scanners can be used as a layered defense. One antivirus product might not detect all malware, but using a combination of multiple products will reduce the risk of not detecting known threats.
- Multiple AV scanners
- Private AV rules scanner
- File exception scanner
- Scanning statistics of files
- Scanning statistics of devices
- Central configuration of IMPEX Data Lock
- Can also manage IMPEX USB Stations
- One can have multiple flows in a DataLock
- Each flow is using a dedicated crypto key
- Each flow can be directed to different targets
- Currently supports SFTP (for example sftp, scp and WinSCP using the SFTP protocol)
- Future releases will have API access over HTTPS
Three easy steps
Upload one or more files to the DataLock. Use one of the supported methods of transfer to get files onto the DataLock
When the files have finished uploading, the checks are started. One or more checks are done, depending on settings made in the configuration of the DataLock. The DataLock generates an audit trail that is sent to the ICC server. If any malicious files are detected, these files are sent to the quarantine on the ICC, if the quarantine option is enabled.
If all the examinations check out and the files are considered OK, the uploaded files are transferred onwards from the DataLock towards the final destination. An electronic receipt can be added for the possibility to verify files on the target side.
Auditing and audit trails
A key feature of IMPEX is its ability to create audit trails of the actions and integrate these events with a SEIM solution. The product allows for detailed reports on who imported or exported which file, at which IMPEX DataLock, at what time, and what security controls where performed. An import or export action will generate audit tracks that get sent to the ICC server. An electronic receipt created will show that malware checking is performed in compliance with your security process.
An electronic receipt is automatically created by the ICC. It can be sent forward, together with the transferred files, to make sure that the receiving end can perform a check, e.g. recalculate checksums, on the files that were received. The electronic receipt is also signed by the Impex DataLock, so it can be verified that the files have been sent through the DataLock, and that the checksums in the receipt are genuine and valid.
Connection to a central management server
The Impex DataLock service is connected to Impex Control Center, ICC, a server component, where configuration is made. The flows are set up in the ICC. A flow is a map of uploading credentials and the associated target destination and folder
The ICC is also the component that keeps logs and audit trails from the DataLock. The ICC is also where files are quarantined, if a malicious file is found.
IMPEX DataLock is a secured solution based on Linux and then hardened further. SELinux is used to control and lock down processes and to protect the system from potential malicious code. The service runs several scanning engines and multiple AV engines. The system runs in confined namespaces controlled by the kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.
It is possible to activate a quarantine function in Impex DataLock. Files flagged as malicious can be transferred to the ICC quarantine.
The administrator is able to download files from the quarantine, or compare the quarantined files to see if the same file have been seen by the ICC at some earlier time
Relations to the Impex USB Protect
The Impex DataLock uses similar components such as its sibling, the kiosk Impex USB protect. A single ICC can serve both USB kiosks and network Impex DataLocks. If there are special security requirements or architectural requirements, a separate ICC can be installed to handle the Impex DataLocks.