We believe Security isn’t an add-on; it needs to permeate all design aspects of our services.
Businesses of all types and sizes are increasingly aware of the risks of data breaches, ransomware,and operational disruption which cyber threats represent. Blaze has therefore developed one of the most comprehensive approaches to cybersecurity, which is incorporated in all the solutions we provide.
Secure by Design
Blaze use multiple layers of security throughout every network we build for customers (both at the equipment and software level), so that threats are blocked not only at network entry points but at multiple points within each network.
The private SD-WANs which we build for our customers are designed to avoid the public internet, except at the point where the Blaze Private Core Network connects via highly secure and tightly monitored gateways. By providing connectivity that does not touch the internet, the attack surface of our customers’ private networks is immediately minimised.
This approach includes connectivity to most SaaS and PaaS providers: where a business’ applications are hosted externally, Blaze is able to provide direct links from the Blaze Core Network to all the major cloud providers, including Azure, AWS and IBM, and to major SaaS providers such as Salesforce.com and Microsoft 365 (formerly Office 365). Highly secure Edge firewalls provide added security at these junctures. Additionally, Blaze Cloud™ is our own cloud hosting service which is an extension off the Blaze Core Network itself (with all customer data and systems being held within the UK and with full security).
Finally, our own Network Operations Centre and the Blaze Service Desk (both of whom are key to the secure running customers’ networks, which they control and manage) are protected by military-grade cybersecurity through our own Management Zone (MZ) security measures.
Secure Control of all Network Elements
As a Managed Services Provider (MSP), Blaze can either fully manage or co-manage your Blaze Private SD-WAN™ on your behalf. The Blaze Private SD-WAN™ infrastructure offers a single pane of glass solution to your network environment. Use of Blaze Private SD-WANs is not limited to conventional corporate networks. Secure connectivity across operational systems can also be supported, providing next generation firewall and endpoint protection to (and from) IoT devices and systems such as CCTV, access controls, fire control, and building management systems.
While having centralised control of each customer’s SD-WAN is useful and powerful, mitigating human factor security vulnerabilities is also important. We therefore use Role-Based Access Control (RBAC) so each Blaze and customer engineer only has access to their required environment or areas within the SD-WAN stack. Additionally, each change is required to be authorized by a high-level Blaze engineer before it is implemented.
Blaze Private SD-WAN and our other Connectivity products leverage the Blaze Private Core Network. While businesses such as retailers who need to comply with PCI-DSS regulations will be well aware of their responsibilities within their own retail environments, some are less aware that their businesses network connections are also subject to PCI-DSS. Blaze connectivity customers have an easy way to comply: our Blaze Private Core Network, Blaze Service Centre and Network Operations Centre are fully audited to PCI-DSS standards and our AoC (Attestation of Compliance) is available upon request to help simplify your own PCI-DSS certification.
Partnership with Industry Leaders
Blaze has developed key partnerships with leading companies in order to deliver a comprehensive suite of security solutions.
For example, by partnering with industry leader Fortinet we are able to employ a secure network fabric which delivers intelligent, seamless protection across the expanding attack surface with the power to take on ever-increasing performance requirements of the borderless network.
We deploy world-leading endpoint protection on devices through a key partnership with Bitdefender. In so doing, we employ the largest and most sophisticated cybersecurity intelligence hub which uses live information from hundreds of millions of endpoints to ensure that even fileless and zero-day attacks can be mitigated in real time as they emerge elsewhere in the world.
Comprehensive Range of Cybersecurity Solutions from Blaze
Secure Remote Access
For many businesses working from home has become normal. For mobile workers and “informal” homeworkers (with occasional or lower-risk access profiles, for example) whose location obliges them to connect to company systems via the Internet, Blaze provides sophisticated endpoint protection products, end user device management, SSL VPN, network access control
Additionally, many companies also need to provide access to corporate systems to certain non-employees (such as consultants, auditors, or contractors). Blaze can manage and control the connectivity permissions of such third parties to networked resources through the management of access permissions.
For more permanent Home Office solutions, and for people dealing with more sensitive company information and critical systems (such as senior, finance, HR, or systems managers), Blaze can supply Broadband connectivity, WiFi, and Firewalls which can all be managed by Blaze through our network management and cyber-security systems.
Secure Networks and WiFi are not Mutually Exclusive
Techniques such as WiFi segmentation (combined with security software) minimise the opportunity for hacking into corporate systems through WiFi “guest” networks and the like, as well as isolating networks used for different purposes and varying risk profiles. WiFi segmentation is a particularly valuable technique where broadband connections have been provided for Home Offices, as family use and contention for resources can be managed and limited.
Scarce resources, limited time, a constantly changing attack surface – it’s difficult for IT and security professionals to keep pace with attackers. Our Cyber Vulnerability Scan service is a fast, easy way to proactively find and fix vulnerabilities right across your business.
Blaze has selected industry leading Nessus® Vulnerability Scanning as our chosen tool to perform this service. Nessus automates point-in-time assessments to help quickly identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations, across a variety of operating systems, devices and applications. It has the deepest and broadest coverage with more than 130,000 plugins, coverage for more than 50,000 CVE and over 100 new plugins released weekly within 24 hours of vulnerability disclosure. Nessus also has the industry’s lowest false positive rate with six-sigma accuracy (measured at .32 defects per 1 million scans).
For businesses wishing to gain a full assessment of their how well potential vulnerabilities have been mitigated and of their businesses ability to defended against external cyberattack, Blaze offers an External Vulnerability Scan service, again leveraging Nessus technology.
Firewalls and Unified Threat Management (UTM)
UTM is a broad-based network security platform that represents the next stage of evolution for traditional firewalls. A variety of hardware and software elements protect networks, including firewalls, IPS, application control, content filtering, anti-virus and anti-spam software, and more. UTM delivers all these forms of protection on a single, integrated platform.
Blaze has partnered with industry leader Fortinet to deploy the latest Next-Gen Firewalls and UTM. With the Fortinet-based solutions, UTM management is fully integrated and delivered through a single pane of glass.
Blaze Screen™ Email
Blaze Screen™ is an email filtering solution, delivered by Blaze as a managed service. It protects against malware and phishing attempts and reduces the size of a customer’s surface for cyberattacks. Blaze Screen™ also helps reduce and manage the volume of spam emails coming into a company’s inboxes. Email is the largest single vector for cyberattack, and preventing all but valid, clean messages reaching end users’ inboxes is a wise defence tactic. Blaze deliver Blaze Screen™ as a managed service using sophisticated Secure Email Gateway technology from one of our industry-leading partners, Fortinet.
Advanced Sandbox Analysis
To deal with highly targeted and frequently changing attacks, Blaze Screen™ uses sandbox analysis techniques in which advanced behaviour-based technologies detonate all attachments in an isolated environment on a virtual machine, where it is checked to see whether any malicious activity occurs.
Often a malware email campaign will include a link which contains no malicious content initially and as a result passes through mail filtering to the user’s mailbox. Attackers then activate malicious content on the website a short period after sending the email so that when the user opens the link in the email it contains the malicious content. Blaze Screen™ redirects all links a user clicks in an email to go through BlazeScreen™ where it is categorised and checked for malicious content at the time the user clicks on it offering continuous protection.
Blaze Endpoint Protection
Offered as a fully managed or co-managed cloud-based service, Blaze Endpoint Protection is based on Bitdefender technology. Going well beyond the capabilities of legacy anti-virus products, it hardens endpoints to prevent malware and malicious attacks, and provides the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls.
An optional advanced security layer provides protection against fileless attacks, script-based attacks, custom malware, targeted attacks, potentially unwanted applications, and advanced ransomware while delivering threat context and visibility. Sandbox analyser capabilities are available which analyses suspicious files in depth, detonates payloads in a contained virtual environment, analyses their behaviour and reports malicious intent.
While seemingly mundane, the timely application of security and general patches released by all software vendors is one of the best cyber-defence practices a business can adopt. To relieve IT staff of the hassle of installing patches across the many devices which a business and its employees will use, Blaze offers our Patch Management service which can manage these and maintain the software on each one so they software is kept up-to-date and at a known state. For customer who use Blaze IT support server our patch management solution is included and customers can request use of our vulnerability assessment tools for free.
To help mitigate against the unfortunate circumstance of a major breach in a customer’s cyber defences, Blaze is able to offer our Response Centre service. We work with you ahead of time to develop appropriate procedures, resources, and restoration services which will be made available to you, so as to minimise the impact of cyber attack on your operations. Should a major incident occur, Blaze will work closely with your business to re-establish IT services as quickly as possible.
Blaze Vault™ is a cloud-based, secure backup and restore solution for all your enterprise and endpoint data. It can restore or migrate Microsoft, Linux, NAS, and Microsoft 365 workloads. Blaze provide Blaze Vault™ as a fully managed service which is powered by Veeam technology combined with Blaze’s highly secure and resilient cloud network infrastructure. Comprehensive, reliable, and fast backup and restore practices have become an increasingly important part of cybersecurity strategy, particularly with the dramatic rise in ransomware attacks in recent times.
Could your business operations improve with Blaze Networks?
In doing so, Blaze have access to a vast array of products that allow us to overcome our customers’ business challenges and requirements.
Blaze is a Microsoft Gold Partner and Tier 1 Microsoft CSP Partner. We specialise in Microsoft 365 (including Teams and Teams Phone System), in Microsoft On-Premise and Hosted / Cloud Infrastructure, and enable businesses to continue their digital evolution by fully exploiting the latest capabilities of Microsoft products as they evolve.
Blaze is a Managed Secure Solutions Provider (MSSP) Partner of Fortinet, a global industry leader in the supply of secure networking infrastructure systems. Fortinet are our technology partner of choice when building customer-specific Private SD-WANs. A Leader in several of Gartner’s Magic Quadrants, Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.
Veeam is a highly respected leader in cloud-based backup and recovery software, data protection and advanced monitoring in the data centre. We have combined Veeam technology with our highly secure Blaze Cloud™ infrastructure to produce BlazeVault™, a highly dependable, secure, and resource-efficient solution which will keep downtime to an absolute minimum in the event of data loss in operational systems or ransomware attack.
Bitdefender is a global cybersecurity leader protecting over 500 million systems through OEM technology partnerships, including with many global IT companies. Tests show it is unmatched in Attack Prevention. Based on Bitdefender technology, Blaze Endpoint Protection hardens endpoints to prevent malware and malicious attacks, and it provides the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls.
Cisco has long been the world’s pre-eminent network systems vendor, particularly for technology used at the core of major corporate networks and the internet. In addition to using Cisco equipment within our customers’ private networks, Blaze incorporates Cisco technology into the heart of our own network operations; the Blaze Private Core Network is built utilising Enterprise-class CISCO core routing equipment.