Zayo implements network security controls on its internal environment. Customers must implement their own security controls to protect their own environments.
How are network devices configured?
- Network devices are deployed using standard approved configurations
- Changes to network devices or configurations are managed via a standard approval process with business justification
- Administrative access is limited on a need to know basis for network devices
Does Zayo have network perimeter defense tools including firewall, IPS, web filtering, malware detection?
Yes.
- Firewalls are deployed at all internet gateways and breakouts
- Intrusion detection and intrusion prevention capabilities are deployed at all internet gateways and internet breakouts
- Malware detection capabilities are deployed at all internet gateways and internet breakout
- Web filtering is deployed at all internet gateways and internet breakouts
How are network devices managed?
- Network Intrusion Prevention Systems deployed to detect and block network based attacks
- Strong egress firewall rules configured to limit everything but web traffic outside of the enterprise
- Web traffic proxied to allowed websites and unknown websites are blocked
- Communications limited to only trusted and known IP addresses
- Communication denied over unauthorized TCP/UDP ports
- System manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service attacks
Are network environments logically separated to ensure protection and isolation of critical systems and data?
Networks are physically or logically separated to ensure protection and isolation of all critical systems and data.
Does Zayo have the capability to detect anomalous or malicious activity within its networks?
Yes. The Security Information and Event Management (SIEM) system detects anomalous and malicious activity in the Zayo environment by correlating logs and events across the Zayo network. This tool help provide real-time analysis to the Security Operations Center (SOC) to identify patterns that indicate potential security breaches such as unusual access patterns, failed login attempts or data exfiltration. Zayo collects logs focused on security related activities and source owner audit purposes. Logs are retained for 365 days and are under continuous review. Alerts are automated as logs are tested against system rules, and actionable events are addressed by the SOC.
Does Zayo have the capability to supply details of normal/baseline system and traffic behaviour to enable customers to update asset management and network monitoring systems relating to services supplied?
Zayo utilizes a suite of monitoring and analytical tools to monitor and assess baseline traffic for security purposes. Network traffic monitoring tools, such as intrusion detection and prevention systems, machine learning algorithms, SIEM logs and events, audits and threat hunting, and anomaly detection tools ensure the integrity and security of systems that host and support customer equipment.
How are wireless networks protected?
- Any unauthorized wireless network devices/access points are detected and removed
- Default passwords and SSID are changed on all wireless devices
- Access is restricted on all wireless devices
- Minimum standard of WPA encryption is utilized
- Host-based intrusion detection firewall is installed on all devices
- Wireless access is disabled on devices that do not have a business purpose for wireless access
- A separate wireless network is created for personal and untrusted devices
Does the system manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service attacks?
It is the responsibility of all Zayo asset owners globally to ensure that resources are monitored and tuned. Projections must be made for future capacity requirements to ensure the required system performance.
Depending on the criticality of the system, capacity requirements must be identified, tuned, and monitored to ensure availability and efficiency of systems. Projections must take into account new business, system, trends, and requirements for Zayo’s information processing. Monitoring must include identifying trends and utilization to identify and avoid potential bottlenecks and dependence on specific individuals within the Organization.
Managing capacity includes:
- Deletion of obsolete data (disk space) following proper Media Sanitation procedures outlined
- Decommissioning of applications, systems, databases or environments
- Optimizing batch processes and schedules
- Optimizing application logic or database queries
- Denying or restricting bandwidth for resource-hungry services if these are not business critical
Does Zayo utilize full disk encryption (i.e. laptop/desktop/mobile)?
Full disk encryption is deployed for all endpoints and updated to align technology with emerging risks.
Does Zayo utilize endpoint protection (EPP) which includes anti-virus?
Endpoint software is installed on all devices and is updated regularly with latest signatures. Multiple endpoint detection and response tools are in place providing detection, enterprise logging and compromise indicators of vulnerability. Notifications of incidents creates response tasks tracked and managed in ServiceNow and responded to by the Security Operations Center (SOC).
Does Zayo utilize endpoint software which detects threats or vulnerabilities for unknown files?
Endpoint software is installed on all mobile devices, configured not to auto-run content from removable media, and sends malware detection events to enterprise central team.
Can the malware protection solution provide forensics capabilities for incident response and/or remediation?
Endpoint software is configured to provide forensics capabilities on all devices and is updated regularly with latest signatures.
Does Zayo utilize an endpoint protection, detection and prevention solution (EDR, MDR, XDR, etc)?
Endpoint software is installed on all devices and is updated regularly with latest signatures.
Does Zayo employ a host-based intrusion Prevention/Detection System?
Host IDS is configured on all devices and regularly reviewed for updates.
Which security systems are in place to monitor email?
- Our email solution is cloud-based
- Our email solution stops malware in email (URL, attachments, etc.)
- Our email solution measures number of threats blocked per day
- Our email solution alerts employees when an email originates from outside the organization
- Our email solution automatically disables macros