Network Security

In a hyperconnected world, every network connection presents both opportunity and risk. At Checkdone IT, we understand that securing the network is fundamental to protecting our organisation, employees, partners and customers. Whether traffic originates from cloud workloads, remote users or third-party integrations, our Network Security framework ensures that only authorised users and safe communications are permitted. Our layered, adaptive approach combines advanced technologies, continuous monitoring and clear processes to deliver robust, resilient protection.

API Security

APIs are critical for modern applications and integrations ā€” but they also introduce risks. At Checkdone IT, we enforce strict API Security to protect data and services from unauthorised access and abuse.

Our API security controls include:

  • Authentication and authorisation enforcement using API gateways

  • Rate limiting and anomaly detection

  • Encryption of API traffic

  • Validation of input and blocking of malicious payloads

API access is regulated through API Access Request Forms, which define usage, monitor activity and allow periodic reviews.

Network Detection and Response (NDR)

Traditional network defences are no longer sufficient. Sophisticated threats can bypass perimeter controls and move laterally inside networks. Our Network Detection and Response (NDR) solutions provide deep visibility and rapid detection capabilities.

With NDR, we:

  • Continuously monitor network traffic for anomalies

  • Detect threats like ransomware, lateral movement and unauthorised access

  • Enable rapid incident response and forensic analysis

Incidents are tracked in our Network Threat Register, with each alert investigated and documented.

Network Access Control (NAC)

Not all devices are equal. Whether corporate laptops or personal mobile phones, unmanaged devices can introduce vulnerabilities. Our Network Access Control (NAC) solution ensures only compliant devices can connect to our networks.

NAC enforces:

  • Pre-admission checks (patch levels, antivirus, encryption status)

  • Dynamic VLAN assignment based on user role and device status

  • Isolation of non-compliant or unknown devices

All network access events are recorded in our Network Access Log, with regular reviews to ensure policy adherence.

Firewall

Firewalls remain critical in enforcing network boundaries. Our Next-Generation Firewalls (NGFW) inspect and control traffic based on application, user and content.

Firewall capabilities include:

  • Deep packet inspection (DPI)

  • Intrusion prevention (IPS)

  • Application awareness and control

  • Threat intelligence integration

Changes to firewall rules require submission and approval via Firewall Change Request Forms.

Web Application Firewall (WAF)

Web applications are frequent targets for cyberattacks. Our Web Application Firewall (WAF) protects web services from threats such as SQL injection, cross-site scripting (XSS) and bot abuse.

WAF benefits:

  • Real-time traffic inspection and blocking

  • Automated rule updates against known exploits

  • Protection against OWASP Top 10 vulnerabilities

All WAF events are logged in our Web Application Protection Register, reviewed regularly for emerging threats.

Secure Access Service Edge (SASE)

Modern enterprises need secure connectivity everywhere. Our SASE solution converges network and security services into a single, cloud-delivered platform.

SASE integrates:

  • SD-WAN for optimised connectivity

  • Cloud security functions (SWG, CASB, ZTNA)

  • Continuous identity-aware access controls

SASE onboarding is managed through User and Device Registration Forms, ensuring seamless yet secure access.

Secure Service Edge (SSE)

For cloud-first access, our Secure Service Edge (SSE) provides policy-based security without routing traffic through corporate networks.

SSE includes:

  • Secure Web Gateway (SWG)

  • Cloud Access Security Broker (CASB)

  • Zero Trust Network Access (ZTNA)

User activity and security policy violations are recorded in the Cloud Access Audit Log, with automated alerts and policy enforcement.

Secure Remote Access (Zero Trust Network Access – ZTNA)

VPNs are no longer enough. Our Zero Trust Network Access (ZTNA) model ensures only verified users and devices can access internal applications, and only to the extent necessary.

ZTNA principles:

  • User and device authentication before granting access

  • Microsegmented access, limiting exposure

  • Continuous trust verification during sessions

Access is managed using Remote Access Request Forms, reviewed and approved by security and IT teams.

Segmentation and Microsegmentation

Flat networks allow attackers to move freely. Our Segmentation and Microsegmentation strategies reduce the attack surface and limit potential breaches.

Our network segmentation:

  • Divides the network into zones based on risk and function

  • Enforces strict ACLs between segments

  • Applies microsegmentation at the workload and application level

All network segments and changes are maintained in our Network Segmentation Map and updated quarterly.

Network Security as a Business Enabler

At Checkdone IT, network security is not just a defensive necessity ā€” it is a business enabler. By implementing a comprehensive framework that covers API security, advanced detection, access controls, cloud security and microsegmentation, we provide secure and seamless connectivity for all users, wherever they are.

Through robust policies, continuous monitoring and intelligent segmentation, we protect our people and data ā€” and empower our organisation to innovate and grow securely.

Armis

BlackBerry

CatoNetworks

Checkpoint

Clavister

Cloudflare

Cybereason

Cyolo

Darktrace

ExtraHop

ForeNova

Fortinet

Gatewatcher

IntSights

Munitio

Netwrix

Rapid7

Redborder

Security Hive

SolarWinds

Soliton

SonicWall

Swimlane

ThreatX

Trend Micro

Vectra

WatchGuard

WithSecure