InfoWatch: Attack Killer

2020: Obtaining the FSTEC certificate on compliance to the fourth class of protection

On June 9, 2020 InfoWatch Group announced completion of works on certification of the software package InfoWatch Attack Killer on compliance to requirements of FSTEC of Russia. The software package is intended for ensuring continuous active protection of web applications of any architecture and complexity from the external attacks.

Certification tests showed that the software package InfoWatch Attack Killer is the firewall of the fourth class of protection and there corresponds to the documents "Requirements to Firewalls" and "The profile of protection of firewalls of the fourth class of protection. IT.ME.G4.PZ". Certificate validity period – till May 26, 2025.

Thus, the solution InfoWatch Attack Killer is the program firewall of level of the Web server and is intended for the data protection of limited access which is not containing the state secret in information systems, including automated control systems for production and technology processes on crucial and/or potentially dangerous objects, the state information systems to the first class of security inclusive and also in personal data information systems to the first level of security inclusive.

compliance of InfoWatch Attack Killer to requirements of federal regulating authority in the field of data protection will allow to provide the state and financial institutions with the effective instrument of control and filtering of information flows for continuous protection of the data available from public communication networks and belonging to information of limited access.

InfoWatch Attack Killer is a single system of automatic protection of web resources and applications. The solution maintains the continuity of business processes of customer company thanks to complex approach to security of web resources which ensuring begins at a development stage. InfoWatch Attack Killer is already used for protection of web applications in financial institutions, public institutions, the industrial companies.

2019: Integration with R-Vision IRP

On February 4, 2019 the Attack Killer company (InfoWatch Group) reported that it signed the partnership agreement about cooperation with R-Vision. Within cooperation of the company agreed about integration of a system of automatic protection of web resources and the Attack Killer applications into the platform of response to R-Vision IRP incidents that will allow subjects of KII to fulfill the requirements of federal law 187-FZ "About security of critical information infrastructure of the Russian Federation".

According to the company, the solution Attack Killer integrates in itself the instrument of reflection of DDoS attacks, the screen of the WAF applications, the scanner of the source code, the system of informing on existence of vulnerable ICs in infrastructure and also the central module of management providing their interaction. Thanks to algorithms of artificial intelligence and machine learning, the product reveals the multistage attacks from a set of events of security, adapts to changes of a resource, does not require change of configurations at updates.

Owners of objects of critical information infrastructure are obliged to transfer data on computer incidents to the state system of detection of warning and mitigation of consequences of the computer attacks on information resources of the Russian Federation. It means that information security systems of the state bodies and legal entities which are subjects of KII will have to provide continuous interaction with State system of detection, prevention and elimination of consequences of computer attacks. Cooperation with R-Vision — an important step on the way of creation of such system. Thanks to partnership we will put on the market the joint solution which will allow to transfer information on the attacks made on web resources of the companies to the state IC. Rustem Hayretdinov, CEO of Attacks of Killers

The R-Vision IRP platform represents the automated center of monitoring, processing and response to incidents of information security. The solution provides status monitoring of IT infrastructure, consolidation of information on incidents from different sources, coordination of activity of Information security department and allows to apply ready algorithms of reaction, increasing the speed of reaction and minimizing possible losses from cyber attacks. For reporting on incidents in a product ready templates, including for providing are provided in the State system of detection, prevention and elimination of consequences of computer attacks system, and the built-in connectors provide data exchange in the automated mode.

We highly appreciate technology cooperation with Attack Killer. One of our priority purposes — to integrate products in the field of security and to provide to customers the convenient and universal solution which will provide fast information exchange with regulators. Igor Smetanev, commercial director of R-Vision

2017: Joint solution "MyOffice" + Attack Killer

The companies Attack Killer and "New cloud technologies" announced on September 21, 2017 conclusion of an agreement about the technology partnership directed to development of joint products and presented the joint solution allowing to offer users office products "MyOffice" with additional functions of protection during the work with web applications without costs for performance. Now customers have an opportunity to select option of licensing "MyOffice" with protection Attack Killer. The joint solution is designed to minimize costs for implementation due to use of previously prepared and approved configurations, partners claim. In more detail here.

2015: Beginning of sales of Attack Killer

The InfoWatch company announced in September, 2015 creation and the beginning of sales of the product Attack Killer positioned as ^[1] the first-ever complete solution for active protection of business against the purposeful (targeted) computer attacks^[2].

The shrink-wrapped software product integrated in itself four earlier existing technologies which underwent upgrade. The companies Cezurity and Appercut Security, entering into the InfoWatch group, provided sensors of the attacks and detection of vulnerabilities and not declared opportunities in the code. Developers of the company are responsible for protection of web infrastructure Wallarm, and protection from DDoS- the attacks is provided by the company Qrator Labs.

The user can involve as all solutions in a complex, and to activate them separately. Control of all components is exercised via the uniform web interface.

The product is also designed to help clients to fulfill the requirements of regulators and the specialized legislation — orders of FSTEC (No. 21 and No. 17), provisions of the law ФЗ-№152 and also the provisions PCI DSS, service station of BR IBBS, NDV4, SDL.

About partnership and investments

InfoWatch notes that the relations of partners in the project have especially technology character now — at the level of licensing. "Nobody purchased anybody. All lead the happy life and joyfully are on friendly terms on money of clients" — say in the company. At the same time the management does not exclude creation probability in the long-term future of any joint venture. But so far partners work under agreements — with five-year validity period.

Investments into the project into InfoWatch found it difficult to call, having assured that they are not counted owing to complexity of this process yet — the most part of formal investments are the share of earlier costs for development of independent products which were integrated now.

About sales and clients

She intends to sell the new product InfoWatch independently, though hopes for the help of the partners.

At a stage of pilot implementations the solution was already implemented at five customers, first of which (regarding use of all four components) still weather there was a Yugra joint stock bank back.

According to Hayretdinov, about 20 more contracts which are at different stages of preparation now should be until the end of the year signed. "In 'funnel' of an order at us 100 companies. But in general practically all clients of InfoWatch consider the possibility of acquisition, and these are more than 500 companies" — he assures.

Active is sewn up instead of passive

InfoWatch notes that growth of the complex cyber attacks consisting of several stages on each of which is lately observed the type of influence is applied: DDoS, use of vulnerabilities of web infrastructure or errors in an application code, infection of the company victim with the specialized malware. Most often the purpose of hackers is theft of payment data and commercial secrets, embezzlement and also inactivation of crucial infrastructure facilities.

According to Ivanov, seriously the company began to be engaged in a perspective of protection against the targeted attacks about two years ago, having realized that it is the separate large-scale market.

In Hayretdinov Rustem's understanding, for business time of the classical antiviruses in fact fixing problems, but not fighting with them passed long ago. Despite the myths which developed in the market warmed up by reasonings of experts on extreme complexity of this sphere, the information security cannot be passive any more. "People want to protect data, but not to learn that they were stolen — he says. — People want to have a minimum of the personnel servicing solutions (on it today just there is no money), but that the solution at the same time was effective".

Notes