Dr.Web Enterprise Security Suite

Main articles:

• Antiviruses
• Antispam Technology
• Firewall

SoundWeb Enterprise Suite is a complex with a built-in system for centralized management of antivirus protection of Windows workstations and file servers, as well as Unix mail servers in enterprises of all sizes. SoundWeb Enterprise Suite has a client-server architecture. Clients are installed on protected workstations and servers. The antivirus server provides centralized administration of protection of Windows workstations and file servers, as well as Unix mail servers, including deployment, updating of virus databases and component software modules, monitoring of network status, notification of virus events, and collection of statistics.

2021

Protect all enterprise network nodes and devices

The 13th version of the SoundWeb Enterprise Security Suite antivirus solution for centralized protection of all enterprise network nodes and devices embodied all the best features of previous generations, organically combining them with the best practices designed to increase the ease of deployment and administration of the system. SoundWeb announced this on September 24, 2021.

• 1 XLIFFService: Error in XliffFile2XliffString method.

perfect -- > for both small and medium-sized enterprises and large enterprises. A wide range of cross-platform tools designed to ensure the security of workstations, servers, network gateways and virtual environments allows you to build a comprehensively effective protection of the corporate network, taking into account all the features of the organization's information infrastructure and its business processes.

SoundWeb Enterprise Security Suite 13 automates incident detection and response virusozavisimy computer by leveling threats without administrator intervention. The system will not only prevent the infection of individual workstations and servers, but also prevent the spread attacks deep into the corporate network through a comprehensive analysis of malicious activity and network traffic. At the same time, information about all identified incidents is carefully recorded, which allows you to conduct a comprehensive investigation of each incident and eliminate its causes.

The SoundWeb Security Management Center allows you to effectively coordinate your antivirus network, monitor workstations regardless of the type of target devices, manage resource allocation, and configure security policies.

SoundWeb ESS can become the core of the organization's IB system, and can be integrated into the already built information security management structure due to the ability to export data to SIEM.

The key changes to the SoundWeb Enterprise Security Suite 13 are:

• Advanced remote installation and update capabilities of the DBP Agents, including the DBP Agent for Unix systems. The installation of agents is available directly from the DesignCenter and through special utilities. Agents under Android got the ability to automatically update.
• Flexible control of system resource consumption at the protected station, possibility of reducing the priority of tasks for collecting secondary information and limiting the bandwidth of the channel involved in data exchange. This option allows you to use agents both on machines with a limited number of system resources and on high-performance elements of the information infrastructure that operate under constant load.
• Supports lightweight agent mode to protect virtual environments, enabling you to optimize the protection of virtual machines that reside on a single physical server by moving part of the functions to a separate service virtual machine. Using centralized information processing reduces the overall load on the physical server and enables more efficient management of physical server resources.
• Create separate security policies and flexible third-party access control settings for different groups of users whose workstations are protected by Office Control.
• An updated antivirus tree display mechanism that allows you to effectively control even the largest and most extensive protected infrastructures.

Enterprise Security Suite 13.0 with Virtual Environment Protection

On June 16, 2021, SoundWeb introduced an updated beta version of the SoundWeb Enterprise Security Suite 13.0 software with the function of protecting virtual environments through Scanning Servers and Virtual Agent station mode.

Virtualization tools are used very widely: this allows you to significantly save on hardware by hosting on one powerful server many virtual machines that consume exactly as much system resources as necessary to solve their private tasks. Almost any company today uses this approach - from the smallest organizations to the largest corporations.

The use of SoundWeb Enterprise Security Suite, designed to work in virtual environments, allows you to more efficiently save system resources. This is achieved by transferring part of the antivirus functions to a separate virtual machine designed to service antivirus agents on all other virtual machines on the same physical server. Reduced performance can be avoided by using the internal network stack of the physical server.

To work in virtual environments is designed Scanning Server D.Web. It includes:

• a scanning kernel that checks data for threats;
• virus bases and built-in filter bases for Office control.

The load on client virtual machines is reduced by the following factors:

• The scan is performed outside the virtual machines;
• No need to keep virus databases and built-in filter databases on each of them up-to-date;
• use of a virtual network for data transfer between virtual machines located on the same server (hypervisor) provides high data exchange speed and quick verification.

A service virtual machine can be a member of any group. It is also possible to merge scanning servers into a separate group, including automatically based on specified rules.

Placing and configuring the Scanning Servers in groups is the same as for other stations. For more information about managing groups, see Placing Stations in Groups.

The stations communicate with the Scanning Server using the Agent operating in virtual mode. In turn, the Agent operates under the control of the Centralized Security Server.

2020

The compatibility of the SoundWeb Enterprise Security Suite, Baikal and Astra Linux Special Edition

On December 29, 2020, the company GK Astra Linux announced that, together with JSC "" and Baikal Electronics the company "," Dr.Web it had completed checks on the compatibility anti-virus of SoundWeb Enterprise Security Suite protection tools with hardware platforms based on processors Baikal OS and special-purpose Astra Linux Special Edition Novorossiysk release, developed specifically for. processors Baikal-M

Dr.Web Enterprise Security Suite

As explained, during a set of tests conducted by Doctor Web specialists, antivirus software was installed on devices based on Baikal processors, and on workplaces operating in a domestic protected OS environment.

Experts have tested the health of all key components of the SoundWeb Enterprise Security Suite software: the D.Web Management Center 11, the D.Web Desktop Security Suite for Linux 11.1, the D.Web Server Security Suite for UNIX 11.1, the D.Web Mail Security Suite for UNIX 11.1 and the Dr.Security Web Unix Gateway

The results of the testing demonstrated that the program product The SoundWeb Enterprise Security Suite performs all functions of antivirus protection for client and server components of IT-infrastructures and ensures security of operation with e-mail and Internet.

SoundWeb Enterprise Security Suite provides centralized protection for all enterprise network sites and devices, including home PCs and employee mobile devices. The solution is suitable for state organizations and enterprises, as well as for private business, is included in the "Unified Register of Russian Programs for Electronic Computing Machines and Databases" of the Ministry of Digital Arts of Russia. The product fully complies with regulatory requirements regarding the creation and certification of SIS. The use of SoundWeb Enterprise Security Suite allows you to comply with existing regulations in the field of ensuring the security of state information systems, including those that process personal data and state secrets, as well as IT infrastructures of research and development facilities. Baikal processors are registered in the "Unified Register of Russian Electronic Products" and are suitable for mass import substitution programs in the segment of light, medium-sized workstations and for other computer equipment.

Thus, all Russian users, including organizations that implement an import substitution strategy in IT, can use SoundWeb software to protect infrastructures built on the basis of domestic processors and operating systems.

The development of the ecosystem around Baikal processors is our first priority, which we solve last year. The confirmed compatibility of the antivirus software SoundWeb with hardware platforms based on Baikal processors and Astra Linux Special Edition OS is an important step for the development of the Russian IT market as a whole and the Baikal ecosystem as part of it. noted Andrey Evdokimov, CEO of Baikal Electronics

Integration with SIEM MaxPatrol

Companies that use the SoundWeb Enterprise Security Suite products and detect IB incidents using the SIEM MaxPatrol will be able to connect the up-to-date SoundWeb solutions as data sources for security monitoring. This was announced on August 5, 2020 by Positive Technologies.

Experts MaxPatrol SIEM wrote an integration module for the latest versions of the products of the SoundWeb Enterprise Security Suite complex. Now MaxPatrol SIEM users will be able to connect them directly "out of harmful ON the box" to collect data about suspicious events and activity on the network nodes on which SoundWeb products are installed. MaxPatrol SIEM analyzes such data and allows you to check them for links to other events in the corporate network. As a result, this provides a greater understanding of what is happening in the network and helps identify complex chains. attacks

In five years MaxPatrol SIEM has learned to support "out of the box" more than 300 systems as sources. We monitor the release of the latest versions of supported systems and, if necessary, write separate connectors for them, "comments Mikhail Pomzov, director of the Positive Technologies knowledge base and expertise department. - Now the SIEM MaxPatrol supports the products of the SoundWeb not only 6 and 10 versions, but also the most recent ones - 11 and 12.

The technologies developed by Doctor Web specialists and implemented in the SoundWeb Enterprise Security Suite allow the antivirus to control all paths of malware penetration into user systems. SoundWeb Enterprise Security Suite is able to detect not only already known malware, but also the latest used by intruders for the first time. The ability to detect a large range of threats allows users of MaxPatrol SIEM and SoundWeb Enterprise Security Suite to detect attacks by both low-skilled attackers and professional APT groups.

Antivirus and SIEM are important parts of a comprehensive enterprise security system. We strive to provide our customers with all the opportunities for maximizing the integration of our products into their information security contours and are constantly working to expand the range of our technological partners, "said Vasily Sevostyanov, head of the technical support department for sales of Doctor Web.

2014: Dr.Web Enterprise Security Suite 10.0

On July 22, 2014, Doctor Web announced the release of the tenth version of the SoundWeb Enterprise Security Suite.

The new version includes many changes aimed at increasing the performance of the complex, improving security and expanding the functionality available to the administrator of the antivirus network. The application of the latest solutions developed by Doctor Web allows to build a system of comprehensive protection of the corporate network.

Active commercial license holders can upgrade to 10 version 10 for free.

With the enhancements to the SoundWeb Enterprise Security Suite 10.0, it meets the current requirements for antivirus security.

Major Changes SoundWeb Server

Added features:

• Using the ODBC driver to connect external databases under the UNIX family OS
  • Export/Import of the SoundWeb Server database into an XML file
  • Backing up critical data during the installation of the SoundWeb Server;
  • rotation of the log files of the SoundWeb Server by time (hour, day, week);
  • Connection of the SoundWeb Agents to the SoundWeb Server without an encryption public key or with an incorrect encryption public key.

• Added built-in internal SOUNDite3 database. It is offered as the default option when installing the SoundWeb Server.
• Added the built-in external database driver PostgreSQL for the WaveWeb Server under Windows.
• The network subsystem has been redesigned to improve performance, which allows you to work with a large number of stations.
• Simplifies the installation procedure of the SoundWeb Server for the UNIX family OS.
• The SoundWeb Server distribution is now shipped in two packages: the main distribution for installing the SoundWeb Server and anti-virus packages for the station under the Windows OS; an additional distribution for installation on a computer with a primary distribution, which includes distributions of all the products supported by SoundWeb Enterprise Security Suite for installation on protected stations.
• Support for a Cluster of SoundWeb Servers and a Cluster Protocol, which coordinates the actions on the SoundWeb Agents from different SoundWeb Servers.

SoundWeb Control Center

• Added features:

  Updating the SoundWeb Server through the Control Center;

  • Distribution of licenses from one license key among several SoundWeb Servers;

  Group Updates of the SoundWeb Agents from the SoundWeb Server;

  Centralized replacement of the public encryption key on the SoundWeb Agents, both manually and on schedule

  • change of the primary group in case of automatic confirmation of access of the stations to the SoundWeb Server;
  • Downloading the SoundWeb Server log files from the Management Center;
  • sending statistical reports, including PDF format, by e-mail through the schedule of the SoundWeb Server;

• Database management through the Management Center (cleanup, database analysis);
  • View the location of the stations, the SoundWeb Server, as well as the neighboring SoundWeb Servers, on the map OpenStreetMap if the geographical coordinates of the object are specified;
  • Sending installation files from the Control Center by e-mail
  • Export statistics and other antivirus data to a PDF file
  • Download the configuration file with the settings for the connection of the SoundWeb Agents under the OS Android, Mac OS X and OS Linux family from the Control Center;
  • Setting up delayed updates of components on workstations from the SoundWeb Server;
  • Setting up rules for automatic distribution of stations to user groups

  Revisions to the product updates that you can manage from the DesignCenter.

  • SQL Console to execute arbitrary SQL queries. Access to the console is governed by administrator rights;
  • Lua console for performing arbitrary Lua scripts. Access to the console is governed by administrator rights;
  • A new administrator alert system that can be configured through the Management Center
  • Support of multiple public encryption keys for the connection of the SoundWeb Agents and the neighboring SoundWeb Servers;
  • The D.Web Server FrontDoor Plug-in module for connecting the D.Web Server remote diagnostics utility.

• Modified:
  • Administrators section and administrator rights system;
  • structure of repository management tools from the Management Center.

SoundWeb Agent

SoundWeb Agent for Windows has been redesigned to meet today's requirements for protecting workstations from computer threats.

• Implemented:
  • subsystem for continuous background scanning and neutralization of active threats. One of the key criteria for the operation of this subsystem is the low consumption of system resources;
  • proactive protection to prevent infection of the operating system from common threats of the Trojan.Encoder, Trojan.Inject and Trojan.Winlock family;
  • A new algorithm for detecting threats that have been collected by packers who are currently unknown to the SoundWeb Virus-Finding Engine component;
  • 64-bit version of the anti-tap module, which provides the ability to better neutralize threats directed at 64-bit operating systems.

• The file monitor has been refined to improve performance on file-intensive stations.
• The new version of Office Control allows the administrator to block certain types of devices at a remote station, as well as limit access to the Internet or to a computer over time.
• The settings of the Agent's SoundWeb modules are implemented in a single window, providing easier management of the product users.

New Utilities

• The WaveWeb Mobile Control Center, which allows you to administer an anti-virus network built on the basis of the SoundWeb Enterprise Security Suite, using iPhone mobile devices.
• The SoundWeb Repository Loader, which allows you to download the SoundWeb Enterprise Security Suite products from the World Update System.

2012: SoundWeb Enterprise Security Suite version 7.0

Doctor Web, a Russian developer of tools information security , announced in the summer of 2012 the release of a new version of Antivirus Dr.Web 7.0 for file servers. Windows The SoundWeb Server Security Suite, a part of the enterprise-wide SoundWeb Enterprise Security Suite, protects file servers running Microsoft Windows Server from a variety of information security threats, including virus, rootkit, Trojan, spyware, adware, ON hacker utilities, and malicious objects from any external source. There is no use of the Control Center with DB7.0 Anti-Virus for Windows file servers.

According to the developers, the version 7.0 "Antivirus D.Web" for Windows file servers includes many innovations. The updated GUI scanner allows you to search for malware in multi-threaded mode using all the capabilities of multi-core processors, which significantly improves the performance of the program. The speed of scanning by a scanner with a graphical interface of auto-start objects, removable media, network and logical disks, mail formats, files and directories, including archives, has also increased. In addition, in version 7.0 of the scanner, the functionality for detecting threats that infect the BIOS of a personal computer, the so-called "bioskits," was added.

In the composition of "Anti-Virus Dr.Web" 7.0 for Windows file servers was added a new module D.Web Anti-rootkit Service - a universal subsystem for detecting and treating active threats using rootkit technologies. Another new component - "Anti-Virus Network" - allows you to efficiently remotely manage the antivirus software SoundWeb for Windows version 7.0, installed on computers on the local network, according to "Dr.Web." Thanks to this innovation, it became possible to manage antivirus on any computer on the local network from another computer that supports working with the antivirus network, if there is an appropriate password. In addition, the administrator can set a master password with which you can manage all settings for the antivirus and its components.

At the same time, the updated version of the "SoundWeb Anti-Virus" for Windows file servers includes many improvements and innovations that optimize the operation of the entire software complex, as well as increase its stability and performance. So, in version 7.0, it became possible to automatically upgrade the application during the scan, if the scanner was started from a non-privileged account. The product has been added with the addition of a new function, the SoundWeb Control Service, which is responsible for unified management of anti-virus components and their interaction, as well as for collecting statistical information and scheduling updates.

The new version provides the ability to automatically restore anti-virus components from the local repository if they are corrupted or deleted, while the license manager and the automatic update module, which no longer depends on the Windows Scheduler, are significantly modified.

In addition, new localizations with support for Azerbaijani, Italian, Japanese and Portuguese languages ​ ​ have been added to the software complex. The interface language is changed as soon as the corresponding settings are changed.

If you migrate to version 7.0 of SoundWeb Anti-Virus for Windows File Servers, you can partially save your work settings from version 6.0 - some settings for the operation of the SoundWeb SpIDer Agent and SoundWeb SpIDer Guard components are transferred. Users can download a new version of the product from the site "Dr.Web."

2011: SoundWeb Enterprise Security Suite version 6.0

Doctor Web Company announced in July 2011 that it had received certificates of compliance of the federal security service for the software products of the enterprise complex SoundWeb Enterprise Security Suite version 6.0. Certificates were issued on the basis of tests conducted by the Certification Research Center laboratory. Documents certify that SoundWeb products meet the requirements of the FSB of Russia for anti-virus tools and can be used to protect information containing information that makes up state secrets, the Dr.Web said.

In general, the company received certificates for the following products: SoundWeb Desktop Security Suite (for Linux workstations), version 6.0; SoundWeb Desktop Security Suite (Unix Console Scanner), version 6.0; SoundWeb Mail Security Suite (for MS Exchange), version 6.0; SoundWeb Mail Security Suite (for mail servers and Unix gateways), version 6.0; SoundWeb Server Security Suite (for Unix file servers), version 6.0. You have also been successfully certified for the use of the SoundWeb Desktop Security Suite 5.0 (Console Scanner for Windows) and the SoundWeb Server Security Suite 5.0 (for Novell NetWare File Servers) products.

In September, Dr.Web announced the receipt of certificates of compliance of the Federal Service for Technical and Export Control for the software products of the enterprise complex SoundWeb Enterprise Security Suite version 6.0. In particular, "Doctor Web" received certificates for the following solutions: "The Control Center Dr.Web," version 6.0 "; SoundWeb Desktop Security Suite for Windows, version 6.0; SoundWeb Desktop Security Suite for Linux, version 6.0; SoundWeb Server Security Suite for Windows File Servers, version 6.0; SoundWeb Server Security Suite for Unix File Servers, version 6.0; SoundWeb Mail Security Suite for MS Exchange, version 6.0; SoundWeb Mail Security Suite for Unix Mail Servers and Gateways, version 6.0; SoundWeb Gateway Security Suite for Unix Internet Gateways, version 6.0.

The certificates were issued on the basis of tests conducted by the laboratory of NPO Echelon, as well as the expert opinion of the company "Security of Information Technologies and Components." The documents certify that the SoundWeb products meet the requirements of the guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of control of the absence of undeclared capabilities "according to the 2nd level of control and technical specifications when fulfilling operating instructions, the report" Dr.Web "says.

Unlike most of the competing solutions, SoundWeb software products have certificates of compliance between the FSTEC of Russia and the FSB of Russia. In addition, Dr.Web has a license from the Russian Ministry of Defense for activities in the field of creating information protection tools. This allows you to use SoundWeb products in organizations with increased security requirements, the company emphasized.

2010

Doctor Web Company announced in August 2010 the update of the self-protection module SoundWeb SelfPROtect in the program complex SoundWeb Enterprise Suite 5.0 and the Internet service SoundWeb AV-Desk 5.0. The updated module, which is already available to users of the personal and server-based products SoundWeb version 6.0 for Windows, is now at the disposal of business users and subscribers of the service "D.Web Anti-Virus."

Answering various ways of neutralization of an antivirus which malefactors are not tired to think out, developers added new methods of counteraction to malicious applications to Dr.Web SelfPROtect, "Dr.Web" is said in the statement.

In addition, the module has fixed a number of errors that could lead to incorrect anti-virus operation. In particular, the reasons for the possible failures of the start of the SoundWeb modules on computers running Windows 7 have been eliminated.

According to the developers, these improvements reduced the risk of disrupting the SoundWeb components and increased the stability of their work. The update will take place automatically for the users of the D.Web Enterprise Suite 5.0 and subscribers of the D.Web Anti-Virus service, and the computer will need to be rebooted.