Solutions

Solutions map

Selected solution type

IT SYSTEM REFERENCE ARCHITECTURE

We provide you with a guide developed by CLICO experts to help you choose solutions in the area of network and IT security that meet high quality and reliability requirements. The scope of the study covers all the main elements of the modern ICT system.

Choose a solution

List of security device categories dedicated for cloud in CLICO portfolio:

Reference to Cloud Security Alliance reference architecture

Cloud Access Security Broker

On-premises or cloud-based security enforcement tool placed between consumers of cloud services and providers of cloud services. It combines and enforces enterprise security policies as resources in the cloud are accessed.

Benefits for organization

  • CASB solutions enable organizations to conveniently use SaaS cloud services (including Office 365, Salesforce, Box) for business purposes, while maintaining a high level of security of the organisation's sensitive data and reducing the risk from malware.
  • Extended monitoring of SaaS business applications - insight and enforcement of security policies within the application.
  • Introducing security requirements into areas that are often invisible to web inspection tools.

CLICO portfolio products

  • Fidelis Security - the solution analyzes outgoing and incoming email traffic in terms of threats such as malware, dangerous attachments and command and control activities. Additionally, Fidelis Network enables network traffic analysis using Azure Virtual Network TAP (Terminal Access Point) and Netgate TNSR for AWS.
  • Forcepoint - is a solution that responds to the rapid increase in cloud popularity and adoption, as well as the Cloud First and BYOD (Bring Your Own Device) initiatives. They have created new vulnerabilities in the area of security and compliance. Forcepoint CASB, which is an important component of Forcepoint’s human-oriented security strategy, helps to address those vulnerabilities. CASB provides insight into and control over the way in which employees use cloud applications, enabling companies to understand the pace of work and flow of data in the organization. Forcepoint CASB not only detects and evaluates the risk associated with the use of unauthorized cloud applications, but also controls how authorized applications such as Office 365, Google Suite, Salesforce, Box or Dropbox are used by employees, which helps to protect the organization’s data and intellectual property.
  • Netskope - The Netskope Security Service Edge (SSE) component of Netskope's Cloud Access Security Broker (CASB) solution enables you to quickly identify and manage the use of cloud applications, whether they are managed or unmanaged applications. It prevents confidential data from being stolen from your environment by risky people or processes from within or malicious software aimed at data leakage. Netskope Security Cloud provides real-time access and data protection against threats while accessing cloud services, websites and private applications from anywhere and on any device.
  • Zscaler - The Zscaler platform focuses on the Zero Trust concept, eliminating the need for traditional VPNs and enabling secure access to websites and cloud applications.

Cloud Infrastructure Entitlement Management

CIEM tools are solutions focused on Cloud Identity and Access Management (IAM) that are often too complex and dynamic to be effectively managed with native CSP tools alone. The CIEM category is intended for technologies that provide identity control and access management. They are used to limit excessive rights to the cloud infrastructure and apply access control restrictions to only the necessary rights in dynamic, distributed cloud environments.

Benefits for organization

  • Coherent and standardized structure of privileges and rights in the environment
  • Ability to react to threats related to permissions
  • Reduction of overly broad, incorrectly granted permissions
  • Better understanding of dependencies in the environment

CLICO portfolio products

Cloud Security Posture Management

CSPM is a category of products that automate the processes of ensuring security and verification of compliance with the requirements / standards of the organization. CSPM enables proper control over the configuration of the infrastructure of the cloud environment. Thanks to this class of tools, it is possible to automatically verify that the configuration of the cloud environment complies with the guidelines of security teams and implement appropriate corrections. Often, such tools can also detect anomalies and incidents in the environment.

Benefits for organization

  • Increasing the level of security of the cloud environment by implementing, monitoring and enforcing the company's security rules / standards. Multi-cloud support.
  • The possibility of capturing incidents and their analysis thanks to the data collected by the tools.
  • Possibility of auditing and reporting security status in a cloud environment. Automatic remediation actions in an unsafe configuration. Support for IaaC implementations as well.
  • Assistance in the implementation of safety on the user's side according to the "shared-responsibility" model.

CLICO portfolio products

  • Netskope - Netskope Cloud Security Posture Management (CSPM) provides security assessment for your IaaS resources in Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) with the ability to generate security alerts that the Administrator can remedy. You can configure one or more policies that will assess whether your environment is compliant, incl. with CIS or NIST standards. Netskope also provides its best practices, according to which the Administrator can perform a security assessment. Your infrastructure is constantly monitored against configured policies that verify potential security vulnerabilities that can be exploited.
  • RAPID7 - Compliance reporting based on compliance standards, management of configuration and vulnerabilities in the environment, risk assessmen, a large number of predefined standards and rules, IaaC support and CI / CD implementationsand automation and remedial actions.
  • Tufin Technologies - Providing monitoring of the configuration of the cloud environment based on own rules or in relation to the CIS standard, visualization of the environment, analysis of network connections in relation to defined rules, detecting violations and grouping of workloads in any way using tags.

Cloud Workload Protection Platform

CWPP are products focused on the protection of "workloads" in hybrid and multi-cloud environments. CWPP provides consistent visibility and control of physical machines, virtual machines (VMs), containers and serverless "workloads", regardless of location. CWPP components implement protection by verifying system integrity, controlling applications, monitoring behavior in the environment, preventing intrusions and (optionally) protecting against malware while the system is running. CWPP mechanisms should also provide the functionality of active scanning for risks related to "workloads" during the system operation.

Benefits for organization

  • Securing cloud application resources throughout the full application lifecycle (build, deployment, runtime). Ensuring an appropriate level of safety in the environment.
  • Reducing the level of risk associated with the presence of vulnerabilities or improper configuration of "workloads"
  • Support for SOC teams in the field of cloud infrastructure security management
  • Better environmental monitoring
  • Security included in the software delivery proces (CI/CD, DevOps).

CLICO portfolio products

  • Tufin Technologies - Security requirements in CI / CD processes, detection of violations and unsafe network connections in various structure environments, connection monitoring in a container environment, management of security policies

Cloud-Native Protection Platform

CNAPP is an integrated set of security and compliance features designed to secure and protect cloud-native applications during development and production - securing the entire application lifecycle. CNAPP is consolidating many cloud-native security tools and data sources, including container scanning, cloud security management, IaaC template scanning, cloud infrastructure authorization management and cloud-based production environment protection platforms. CNAPP = CSPM + CWP

Benefits for organization

  • Securing cloud application resources throughout the entire application lifecycle (build, deployment, runtime). Ensuring an appropriate level of safety in the environment.
  • Aggregated capabilities of CSPM and CWP modules
  • A broad vision of securing the cloud environment
  • Security layer implemented automatically

CLICO portfolio products

  • Cloudflare - Cloudflare also provides services for developers and DevOps teams to streamline software development processes. A serverless-based platform allows the execution of application code without the need for managing infrastructure and components on which the code runs. This platform automatically creates workloads, provides disk space, and offers API access. Various enhancements such as video streaming support, chat rooms, and support for payment processes make it easier to conduct application testing and manage it effectively.

Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE) is a security framework that provides a single cloud-based network that connects and secures any physical, cloud, or mobile enterprise resource at any location. This platform includes WAN edge functionalities (SD-WAN, QoS, Routing, SaaS Acceleration etc.) and functionalities from the security area (SWG, CASB, ZTNA / VPN, FWaaS, Encryption / Decryption etc.).

Benefits for organization

  • A unified platform that provides aggregated web services
  • A single and unified layer of security - decentralized and common to the organization
  • Service located in the cloud, maintained by the manufacturer - no need to maintain the platform
  • A wide range of functionalities provided by the platform
  • Safe access regardless of location
  • Many security functionalities inside the platform (including FWaaS functionalities)

CLICO portfolio products

  • Cloudflare - Cloudflare offers an integrated Zero Trust platform that combines several product classes. At the core of the Zero Trust platform is SASE solution (Secure Access Service Edge), which provides multi-layered protection in a distributed environment, especially in the context of connections to public networks. SASE enables the definition of unified security policies regardless of the location of the protected resources and also includes protection for remote users. SASE solutions can be equipped with additional modules that allow for the filtering of sensitive data (DLP - Data Loss Prevention) and CASB (Cloud Access Security Broker) tools that integrate with SaaS applications, enabling breach detection and remediation actions. Another tool in the Zero Trust platform is the Cloud Email Security service. Its primary goal is to effectively process and filter email messages to eliminate potentially malicious or unwanted content, such as phishing, malware, or spam.
  • Netskope - As enterprises move their data to the cloud at an alarming pace, which carries the risk of loss of sensitive data, configuration gaps, or incompatibility of devices with access to SaaS resources, the entire migration becomes a serious challenge. Like CSPM, Netskope SaaS Security Posture Management (SSPM) refers to security assessment, but SaaS applications include Microsoft 365 (Exchange Online, Sharepoint), Salesforce or ZOOM. Thanks to Netskope SSPM, you will expose and reduce the risk of misconfiguration, enforce the compliance of devices using the application and protect your environment against threats and malware.
  • Zscaler - U.S.-based company Zscaler provides cloud security solutions according to the Secure Access Service Edge (SASE) concept.

Security Service Edge

Security Service Edge (SSE) secures access to the Internet, corporate cloud services and private applications. Platform capabilities include access control, threat protection, data security, security monitoring, and acceptable use control enforced by web-based and API-based integration. The SSE solution is delivered primarily as a cloud service and can include local or agent components.

Benefits for organization

  • Cost reduction due to no need to maintain on-premise infrastructure.
  • Consolidation of multiple security solutions (sometimes from multiple vendors) into a unified platform.
  • One management console, one set of policies, one agent on the user's computer.
  • Acceptable and safe use of the Internet and corporate cloud applications, such as M365 (SWG and CASB).
  • Secure remote access to business applications from unmanaged stations, no VPN (ZTNA).
  • Possibility to implement work on private computers (BYOD).
  • Security of sensitive corporate data, regulated data and intellectual property (DLP).

CLICO portfolio products

  • Netskope - Netskope SSE is based on Netskope Security Cloud, a platform that provides real-time data visibility and protection when accessing cloud services such as websites and private applications from anywhere and on any device. SSE technologies enable organizations to support employees anywhere, anytime with a cloud-centric approach to enforce security policies. It offers a unified architecture and improves the user experience by consolidating many different security functions into a single solution.
  • Zscaler - Zscaler is recognized by Gartner as one of the leaders in the SSE (Security Service Edge) market.