CyberART Customer service of cyber defense

2020

CyberART became the technology partner of Positive Technologies within the MSSP program

The operator of services of cyber defense CyberART (enters into InnoSTage Group) started commercial services for monitoring of events of cybersecurity based on MaxPatrol SIEM. Announced this InnoSTage on June 8, 2020.

Services are focused on many companies, including on financial and power, on public sector. They help with ensuring protection of objects of critical information infrastructure and also with increase in security of information in all other key computer systems.

One of core competencies of InnoSTage Group — project implementation and services for data protection. CyberART provides services of cyber defense within tasks of information security monitoring and prevention of cyberincidents. Cooperation with Positive Technologies will allow specialists of group to expand a range of services for clients. It is important that the companies clients will get several advantages at once:

• services based on the solution of the company of the Russian market;
• monthly filled up rules of detection of relevant threats in the form of examination packets in MaxPatrol SIEM;
• expanded analytics of CyberART – having profound knowledge about IT infrastructure of customers, specialists will help to adapt packets of rules taking into account all features of customer organization that will allow to reveal even the difficult non-standard computer attacks and is effective them to counteract;
• solving of tasks on implementation of requirements of regulators according to 187-FZ (The federal law "About Security of Critical Information Infrastructure of the Russian Federation";
• flexible model of licensing.

With assistance of the partner we expand services of our SOC in the field of monitoring - the base for creation of protection of customer company. MSSP cooperation with Positive Technologies provides us with flexibility in work with clients. Within projects on information security of the company will receive not only technology, but also based on long-term practice and experience of knowledge of our specialists in control and monitoring of events of security. Also in addition to our experience we will be able to provide licensing model from one of the leading vendors in the market of cyber security, comments Aydar Guzairov, the director of InnoSTage Group.

Positive Technologies implements the program of MSSP partnership since 2017. We very carefully approach determination of partners of the MSSP program. CyberART conforms to all requirements – the company has the existing certificates on technical support of MaxPatrol SIEM and, the most important, the certified specialists, perfectly aware as our product can solve problems of security of clients, comments Maxim Filippov, the director of business development of Positive Technologies in Russia.

The InnoSTage group within partnership with Positive Technologies company also has specializations in PT Application Firewall ― to the flexible and exact tool for a comprehensive protection from the web attacks and also on PT Industrial Security Incident Manager (a management system for cyberincidents of an APCS).

The check sheet on check of level of security of "home-office"

The operator of services of cyber defense CyberART prepared the check sheet on check of level of security of the company and also designated the main stages necessary for ensuring complex security of "home-office". On April 31, 2020 reported about it in InnoSTage company.

A number of the companies already are in process of the organization of partial or complete "udalenka" for the command. However to protect "udalenka", complex approach as the format of "home-office" in itself increases the number of potential threats for security of the company is necessary.

According to the recommendation of CyberART, those who already began transfer to the remote mode can answer the following questions to estimate the current security level:

• 1. For remote work secure channels of communication, for example, through VPN (Virtual Private Network) are used?
• 2. At connection to infrastructure the user undergoes two-factor authentication (tokens, one-time passwords)?
• 3. At remote connection personal devices of employees are not used?
• 4. In remote workplaces removable mediums are controlled, "direct" access to the Internet is prohibited?
• 5. At connection to network of the company there is a check of remote devices on existence of an antivirus and its relevance and on existence of necessary security updates?
• 6. Use of corporate services is authorized only from specially configured "jump nodes": terminal servers, virtual desktops (VDI)?
• 7. In IT infrastructure of the company segmentation is executed and are configured access isolation, users have the set, minimum for work, is right?
• 8. In IT infrastructure of the company are defined and are applied information security policy and audit of events?
• 9. Whether permanent monitoring and response to security events for detection and prevention of the computer attacks and incidents, until, how they can cause real negative effects for the company is provided?
• 10. Whether change control of structure of resources for which remote access, the analysis of security of network perimeter and infrastructures, detection and elimination of vulnerabilities and errors of setup is provided is executed?

Often such crises and need of emergency measures aggravate the existing cybersecurity problems in the organization. If the company has unprotected remote jobs and "home offices", then malefactors will have a big range for following features:

• theft of confidential information and personal data;
• money transfer from a checking account;
• "infection" crypto - a virus of IT infrastructure of the company. It in turn will be able to put out of action IT systems and the systems of industrial automation, to break business and production processes of the enterprises, etc.

In addition, threats already became growth of number of phishing campaigns on remote workers, emergence of the fake websites, applications - all that on a wave of the panic connected with a coronavirus can provoke the employee to open the e-mail, to click on an investment, to follow the link or to visit the harmful website.

Not all organizations have in the state specialists of cybersecurity department or corporate SOC (Security Operations Center) who can competently estimate need of first-priority measures for safe transition to "udalenka". Depending on existence of own resources, it is recommended to the companies independently or, having combined efforts with external experts, to follow these steps to implement the system of a comprehensive protection of remote access:

• Step 1. Protection of channels by VPN which have functionality of multifactor authentication and check of compliance of the connected devices to security requirements.
• Step 2. Increase in security of the final nodes used for remote access due to setup and distribution for them of corporate security policies.
• Step 3. Detection of invasions at the level of network and protection against the malicious software.
• Step 4. Identification and blocking of the unknown before the malicious software, the target attacks and zero day attacks.
• Step 5. Expanded monitoring and control of actions of privileged users.
• Step 6. Early detection of the attacks by means of resources baits (HoneyPot) which are the program traps allowing to detect quickly the violator at the initial stages of penetration.
• Step 7. Protection of channels of remote access against the attacks like "failure in service".
• Step 8. Security assessment by means of the automated means and manual checks for detection and elimination of vulnerabilities and errors of setup.
• Step 9. Tracking of events of security which are fixed both in means of ensuring of remote access, and in other components of the controlled systems, detection and elimination of the computer attacks and incidents of security until as they will cause real negative effects.
• Step 10. The organization of infrastructure of secure access, including technologies of protection of final nodes, secure terminal access and virtual desktops (VDI), the organization of resources for safe information exchange and joint work.

Because of urgency of transition to remote access, business can lose sight of usual internal processes on security, thereby having left a possibility of the attack for the malefactor. Process of the udalenki organization expands quantity of relevant attack vectors on infrastructure which is not limited to walls of office now. Therefore transfer process of personnel on "home-office" should be considered not only by need to expedite IT tasks, but accounting of requirements of information security, concluded in CyberART.

2019

As a part of InnoSTage Group

Since December, 2019 CyberART works within InnoSTage group.

CyberART start

On November 19, 2019 in Russia began CyberART work — professional customer service in the field of cyber defense. CyberART, the operator of services of cyber defense, is created based on the center of information security monitoring and response to computer incidents (SOC).

According to the company, the operator will render complex services in monitoring of events of information security and response to computer incidents, providing information security tools and management of them, to the behavioural analysis of content and control of network activity, management of vulnerabilities, testing for penetration and still a number of the directions in information security field.

Transformation of the center of monitoring and reaction in CyberART operator is caused by the reasons: growth of number of cyber attacks, their complexity, need a number of the organizations to conform to requirements of regulators for information security support. Independently to close such tasks, the company needs to keep expensive staff and also to regularly buy and update the relevant technical solutions. Work with the operator of services of cyber defense will allow the enterprise to use only those services which are necessary for it, to interact with a team of experts which regularly studies and has experience of prevention of various threats and also to lower capital costs of information security support.

CyberART renders services in the following directions: analysis of content, control of infrastructure, network activity, security audit, data protection, protection of Web applications, audit of infrastructure and others.

For many companies creation of own SOC — is labor-consuming and very costly. Understanding it and feeling market demands, we transformed work of SOC to render services in service model. In this format the CyberART operator will continue to develop. Vladimir Dmitriyev, the representative of operator of services of cyber defense CyberART told