Is Your Company Protected—Or Do You Just Think It Is?

This is the question that causes the most unease among business leaders when they ask themselves honestly. Most organizations have some form of IT security—an antivirus program, perhaps a basic firewall included in the ISP’s router, and the belief that “nothing has ever happened.” The problem is that IT security isn’t measured by what hasn’t happened yet. It’s measured by the ability to withstand what will inevitably happen.

Cyberattacks on companies in Portugal have increased significantly in recent years. Ransomware that encrypts all data and demands a ransom. Phishing that compromises access credentials to critical systems. Silent intrusions that go undetected for weeks or months—gathering information, mapping systems, and preparing a larger attack. Unauthorized access via misconfigured VPNs or stolen credentials.

And the vast majority of these attacks don’t start by exploiting sophisticated vulnerabilities. They start by exploiting the basics that haven’t been addressed: an outdated firewall, a VPN without multi-factor authentication, a user with remote access and no oversight, a network without monitoring where no one knows what’s coming in and what’s going out.

DataRoad is closing its doors. With enterprise-grade firewalls, secure VPNs with multi-factor authentication, strict remote access controls, and 24/7 monitoring of the entire infrastructure—so your business is truly protected, not just on paper.

Enterprise Firewall — The First and Most Critical Line of Defense

A firewall is not the router that your internet service provider installed as part of your internet service contract. It is a dedicated system that is constantly updated and inspects all traffic entering and leaving your company’s network—blocking threats, controlling access, and logging everything that happens.

The difference between a home firewall and a business firewall is like the difference between a plastic door lock and a reinforced safe. One keeps out anyone without a key. The other keeps out anyone without a key, logs every attempt to gain entry, alerts you when someone tries to force the lock, and prevents anyone who has entered one room from accessing the others.

What a DataRoad enterprise firewall does for your company:

Deep Packet Inspection (DPI) Analysis of the actual content of network traffic—not just ports and IP addresses—to detect and block threats hidden within seemingly legitimate traffic. Ransomware, spyware, and advanced malware often hide within encrypted HTTPS traffic. The enterprise firewall’s SSL/TLS inspection decrypts, analyzes, and re-encrypts traffic—in milliseconds, transparently to users.

Application Control Identify and control specific applications on the network—regardless of the port or protocol used. You can allow the use of Microsoft Teams while blocking WhatsApp Web. Allow access to LinkedIn while blocking Facebook. Ensure priority bandwidth for business-critical applications and limit streaming applications that consume resources unnecessarily.

Web Content Filtering Access control for website categories—automatic blocking of websites containing malware, phishing, adult content, online games, or any other category defined by the company’s security policy. Filtering is applied to all devices on the network, including mobile devices when connected via VPN.

Intrusion Prevention (IPS) An intrusion detection and prevention system that analyzes traffic patterns and anomalous behavior—automatically blocking attempts to exploit vulnerabilities, brute-force attacks, port scanning, and other known attack techniques.

Network Segmentation by VLAN Dividing the network into isolated zones—employees, visitors, IoT devices, critical systems, servers—with defined access policies between each zone. A compromised device on the visitor network cannot access the servers. An IoT device cannot communicate with workstations. Segmentation drastically limits the impact of any security incident.

VPN — Secure Remote Access for Teams Working from Anywhere

Remote and hybrid work is no longer the exception; it has become the new normal for most companies. Employees who access internal systems from home, while traveling, or at coworking spaces—each of these access points is a potential entry point for threats if not properly controlled and protected.

A business VPN is not a consumer VPN designed to bypass geographic restrictions. It is an encrypted tunnel that ensures remote employees can access the company’s internal systems with the same level of security as those physically in the office—and with controls that allow the company to track who accessed the systems, at what time, from where, and which systems were accessed.

Site-to-Site VPN for Office Interconnection Securely connect multiple offices, branches, or data centers—creating a virtual private network that links all locations as if they were a single local network. Employees in Porto access servers in Lisbon with the same latency and security as those in the central office. Implementation with Fortinet FortiGate, Sophos, or Cisco, featuring connection redundancy and automatic failover.

Zero Trust Network Access (ZTNA) For companies with more advanced security requirements, DataRoad implements Zero Trust architectures—where no user or device is automatically trusted, even within the corporate network. Access to each resource is verified individually, based on the user’s identity, the device’s security status, and the access context. The Zero Trust model is the natural evolution of traditional VPNs for environments where security cannot be compromised.

Controlled Remote Access — Who Accesses What and When

Uncontrolled remote access is one of the biggest security risks facing Portuguese companies. Employees have access to critical systems without any restrictions on time, device, or location. Vendors and partners have permanent access to systems they only need to access occasionally. Former employees whose credentials have never been deactivated.

DataRoad enforces strict remote access policies—because security starts with controlling who has access to what.

Identity and Access Management Integration with Active Directory and Azure AD for centralized management of all users and access. When an employee joins the company, they have immediate access to the systems they need. When they leave, all access is revoked immediately—no exceptions, no oversights.

Privileged Access for Administrators Administrator access to critical systems is the most valuable—and the most targeted. DataRoad implements Privileged Access Management (PAM) solutions that log all administrative sessions, require approval for sensitive access, and limit the duration of each privileged session.

Device-Based Access Control Only registered devices that comply with the company’s security policies—up-to-date antivirus software, a patched operating system, and an encrypted hard drive—can access the network and internal systems via VPN. Unmanaged personal devices are automatically blocked.

Temporary Access for Suppliers and Partners Management of temporary access for suppliers, partners, and external service providers—with limited duration, restricted access to only the systems strictly necessary, and a complete log of all activities during the session.

24/7 Monitoring and Alerts — Because Problems Don’t Wait for Business Hours

Most security incidents and infrastructure issues occur outside of business hours. Cyberattacks are often launched in the early hours of the morning, on weekends, or during holidays—precisely because IT teams aren’t monitoring the systems. Hardware failures happen at 3 a.m. Servers run out of disk space on Sundays.

Without continuous monitoring, these issues are only discovered when employees arrive at work and realize that nothing is working. With DataRoad monitoring, they are detected and resolved while everyone is still asleep.

What DataRoad Monitors in Real Time:

Network Infrastructure Status of all switches, routers, firewalls, and wireless access points—with immediate alerts for any offline equipment, performance degradation, or abnormal behavior. Network latency, packet loss, and interface congestion are continuously monitored.

Servers and critical systems: CPU, memory, disk, temperature, RAID status, and critical services—with alerts configured to trigger before critical thresholds are reached. A server with 90% disk usage is detected and resolved before it reaches 100% and crashes.

Firewall and Security: Firewall logs are analyzed in real time to detect attack patterns, intrusion attempts, anomalous user behavior, and suspicious communications with known malicious IP addresses.

Backups Daily verification that backups have been successfully completed and that the data is actually recoverable. A backup that has been silently failing for weeks is not a backup—it’s a false sense of security.

SSL Certificates and Domains SSL certificate and domain expiration monitoring—with automatic alerts sent weeks before expiration to prevent service interruptions caused by expired certificates.

Availability of external services Monitoring of websites, customer portals, APIs, and business-critical external services—with immediate alerts when a service goes down and monthly uptime reports.

VPN Connections Status of all site-to-site VPN connections—with immediate alerts for any connection drops between offices and automatic reconnection attempts when configured.

Alarm Management — From Detection to Resolution in Minutes

Monitoring without taking action is pointless. DataRoad doesn’t just send alerts—it has defined escalation and resolution processes for each type of alert, with response times guaranteed by contract.

Level 1 — Automatic alert with automatic remediation For known issues with automated solutions—such as service restart, disk space cleanup, or VPN reconnection—the monitoring system performs the remediation automatically, without human intervention, and logs the event for later analysis.

Level 2 — Alert with Remote Technical Support For issues that require technical analysis and intervention but can be resolved remotely—a DataRoad technician is alerted immediately, regardless of the time of day, and remotely accesses the system for diagnosis and resolution.

Level 3 — Critical Alert with Immediate Escalation For critical incidents—such as a primary server going offline, an ongoing attack, a firewall failure, or unauthorized access detected—the immediate escalation protocol is activated, with simultaneous notification of the technical team and the client’s IT manager, and on-site intervention when necessary.

Logging and Auditing Comprehensive logging of all access to critical systems, configuration changes, remote access, and security events—with retention periods set in accordance with legal requirements and the ability to generate audit reports as needed.

Encryption of Data in Transit and at Rest Implementation of disk encryption on all workstations and servers that process personal data, and ensuring that all communications between systems use encrypted protocols.

Real-World Security and Monitoring Projects by DataRoad

European Embassy in Lisbon — Diplomatic-Level Security Implementation of a fully segregated network architecture using Fortinet FortiGate, three VLAN-isolated networks for administrative, consular, and visitor use, an encrypted site-to-site VPN to the overseas headquarters, centralized logging with 12-month retention, and a 2-hour response SLA for critical incidents. The entire technical team involved signed confidentiality agreements.

Clínica Mulher and Clínica do Lambert — Security and GDPR Compliance Implementation of VLAN-based network segmentation to isolate medical equipment, a firewall with traffic inspection, encrypted hybrid backup with daily verification, and a GDPR compliance audit with a report and remediation plan. 24/7 monitoring of all critical systems with immediate alerts for any anomalies.

Infocapital SA — Continuous Monitoring and Security Since 2015 DataRoad has been a partner of Infocapital SA—one of Portugal’s largest independent video game distributors—since 2015, in a partnership spanning more than a decade. Comprehensive IT security management, 24/7 monitoring, Fortinet firewall, VPN for remote employees, and incident response included in the IT Unlimited contract.

Multinational Group — Portuguese Subsidiary with ISO 27001 Certification Implementation of security policies aligned with the headquarters’ ISO 27001 requirements, identity management using Microsoft Intune and Azure AD, mandatory MFA for all remote access, and centralized monitoring. The Portuguese subsidiary went from being the weakest link in the group’s security to being internally praised for its operational maturity.

Why Choose DataRoad for Your Company's Security

Certified partner — with certified technicians, not generalists who configure firewalls “the best way they can.”

A proactive, not reactive, approach —we don’t wait for something to go wrong before taking action. With 24/7 monitoring and alerts, we can resolve most issues before they have an impact.

No conflict of interest —our fixed-monthly-fee model means our interests are aligned with those of our clients: the better the security, the fewer incidents there are, and the better off we both are.

Complete documentation and transparency —all configurations, firewall rules, access policies, and monitoring logs are documented and shared with the customer. You’ll never be held hostage by DataRoad because “only we know how it’s configured.”

Incident response included — we don’t charge by the hour when there’s a security issue. Incident response is included in the IT Unlimited contract — because it’s precisely during times of crisis that your IT partner needs to be available.

Your Network Is Secure. Are You Sure?

DataRoad conducts free security audits for businesses—analyzing existing firewalls, reviewing remote access policies, checking monitoring status, and identifying critical vulnerabilities.

The report is provided to the client regardless of whether they decide to hire our services. Because we believe that safer businesses are better for everyone—and because we know that once you see the report, you’ll want us to handle it.

Request a security audit → ☎ 211 459 950 (call to a landline within Brazil)