The Impex DataLock will sit between two or more networks and only allow transfer of files between them that have passed all the checks. Since it will sit in a zone boundary, or in a DMZ, it will also work as an application level firewall, with knowledge on which files should be passed or not.
Impex also has file exception handling and can allow a file to pass through even if one or more scanning engines would have blocked the file.
A unique feature of the Impex products is that they use multiple engines, such as antivirus products, to scan files and devices. A large number of scanners can be used as a layered defense. One antivirus product might not detect all malware, but using a combination of multiple products will reduce the risk of not detecting known threats.
Upload one or more files to the DataLock. Use one of the supported methods of transfer to get files onto the DataLock
When the files have finished uploading, the checks are started. One or more checks are done, depending on settings made in the configuration of the DataLock. The DataLock generates an audit trail that is sent to the ICC server. If any malicious files are detected, these files are sent to the quarantine on the ICC, if the quarantine option is enabled.
If all the examinations check out and the files are considered OK, the uploaded files are transferred onwards from the DataLock towards the final destination. An electronic receipt can be added for the possibility to verify files on the target side.
A key feature of Impex is its ability to create audit trails of the actions and integrate these events with a SEIM solution. The product allows for detailed reports on who imported or exported which file, at which Impex DataLock, at what time, and what security controls where performed. An import or export action will generate audit tracks that get sent to the ICC server. An electronic receipt created will show that malware checking is performed in compliance with your security process.
An electronic receipt is automatically created by the ICC. It can be sent forward, together with the transferred files, to make sure that the receiving end can perform a check, e.g. recalculate checksums, on the files that were received. The electronic receipt is also signed by the Impex DataLock, so it can be verified that the files have been sent through the DataLock, and that the checksums in the receipt are genuine and valid.
The Impex DataLock service is connected to Impex Control Center, ICC, a server component, where configuration is made. The flows are set up in the ICC. A flow is a map of uploading credentials and the associated target destination and folder
The ICC is also the component that keeps logs and audit trails from the DataLock. The ICC is also where files are quarantined, if a malicious file is found.
Impex DataLock is a secured solution based on Linux and then hardened further. SELinux and Landlock is used to control and lock down processes and to protect the system from potential malicious code. The service runs several scanning engines and multiple AV engines. The system runs in confined namespaces controlled by the kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.
It is possible to activate a quarantine function in Impex DataLock. Files flagged as malicious can be transferred to the ICC quarantine.
The administrator is able to download files from the quarantine, or compare the quarantined files to see if the same file has been seen by the ICC at some earlier time
The Impex DataLock uses similar components such as its sibling, the kiosk Impex USB Protect. A single ICC can serve both USB Protect kiosks and network based Impex DataLocks. If there are special security requirements or architectural requirements, a separate ICC can be installed to handle the Impex DataLocks.