Multiple layers and mechanisms of protections for best results
A unique feature of the IMPEX is that it uses multiple antivirus products to scan files and devices. A large number of scanners can be used as a layered defense. One antivirus product might not find all malware, but using a combination of multiple products will reduce the risk of not detecting known threats.
IMPEX also has file exception handling and device filtering technology to control which devices are used, for example block certain drives that come with pre-installed executables when purchased.
An equally unique feature of IMPEX is that it can be configured to archive all files that it analyzes for rescanning purposes. Continuously and systematically checking previously imported files is something that unfortunately is needed today, since some threats will just be known after a period of time.
- Multiple AV scanners
- Private AV rules scanner
- File exception scanner
- Scanning statistics of files
- Scanning statistics of devices
- Central configuration of invidual IMPEX USB
- Central configuration of invidual IMPEX Data Lock
- Format devices
- Shred devices
Block or allow USB-devices based on vendor, product name or serial numbers
Audit trails, statistics and reports
A key feature of IMPEX is its ability to create audit trails of the actions and integrate these events with a SEIM solution. The product allows for detailed reports on who imported or exported which file, at which IMPEX USB or IMPEX Data Lock, at what time, and what security controls were performed. An import or export action will generate audit tracks that get sent to the ICC server. An electronic or paper(IMPEX USB) receipt created will show that malware checking is performed in compliance with your security process.
Detailed statistics as well as overview or detailed reports are available in the central server. The central server can also be integrated with SIEM or SOAR solutions by sending information to the system. Third party solutions can also use the API from the central server for more advance integrations.
IMPEX USB and IMPEX Data Lock
Secure kiosk device
IMPEX USB is a secure kiosk solution based on Linux and then hardened further. The appliance is used to scan contents from USB devices with multiple engines. SELinux is used to control and lock down processes and to protect the system from potential malicious code. The service runs several scanning engines and multiple AV engines. The system runs in confined namespaces controlled by the kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.
Secure network device
IMPEX Data Lock is a secure network solution based on Linux and then hardened further. The appliance is used to scan files between servers in the networks with multiple engines. SELinux is used to control and lock down processes and to protect the system from potential malicious code. The service runs several scanning engines and multiple AV engines. The system runs in confined namespaces controlled by the kernel. These namespaces remove access to the rest of the filesystem, confines access to process lists and remove all network interfaces completely.
Use cases of IMPEX protection
IMPEX was initially developed as a response to multiple Nordic customer requirements with real life problems that needed a solution, custom made. This has led to a practical, easy to use scanning solution with audit trails.
Third party field personnel who need temporary access to install software updates on these computers, systems and appliances and thus bring files into the environment
Operational personnel that need to get operational data, data series, statistics, etc out from the environment
Export of data or information from a high security organization that requires that all data transfers is checked to comply with data handling controls to avoid information leakage.
Service personnel that need to extract data dumps, backups, copies of the current configuration out from the environment
Management Server
The server component for managing a fleet of IMPEX USB and IMPEX Data Lock is called ICC, or the Impex Control Center. See the images for some basic information about the functionality.
The ICC will also work as an historian and all operations are traceable, including metadata for files.
Alarms and monitoring can be configured as well as sending information to a SIEM or SOAR solution.
