ViPNet IDS

Main articles:

• Cryptography
• VPN and privacy (anonymity)

ViPNet IDS is a software and hardware complex designed to detect intrusions into information systems based on dynamic analysis of network traffic of the TCP/IP protocol stack for protocols of all levels of the open systems interaction model, from network to application. ViPNet IDS allows you to quickly obtain information to determine the sources of computer incidents related to the operation of the organization's information systems. At identification of the computer attack of ViPNet IDS registers the fact of its detection, identifies an event and it is instant in the mode close to real time, notifies the administrator of network that allows to react in due time to an incident by network shielding. The regular event report generated by the IDS ViPNet also helps to analyze network security and develop a set of proactive measures to ensure the security of the organization's IT infrastructure.

History of development

2020

Obtaining the FSTEC certificate of Russia

On December 7, 2020, InfoTEKS announced that it had received a certificate from the FSTEC of Russia on compliance ViPNet IDS 3 with the requirements for network level IV intrusion detection systems and information security requirements for level 4 trust.

The availability of the certificate allows you to use IDS 3 ViPNet in government organizations, at CII facilities, as well as in companies in which the need to use certified products is legally determined.

The solution itself consists of the main component - computer attacks the IDS NS ViPNet detection system and can be supplemented by a centralized management console ViPNet IDS MC and an event mining and automatic incident detection system ViPNet TIAS. The IDS NS ViPNet module allows you to analyze network traffic and detect events information security using both signature and heuristic analysis methods. By studying the events detected by the system, the IB specialist can manually determine information security incidents related to computer attacks.

You can use TIAS ViPNet to significantly reduce incident detection time compared to a manual event analysis. This module allows to analyze all detected events ViPNet IDS NS in automatic mode. At the same time the final decision on an incident is made by the expert, leaning on the offered recommendation ViPNet TIAS. The IDS MC ViPNet module allows you to centrally and collectively manage solution components and automatically update the Decision Rule Bases (RBBs). The databases are created by specialists of the company "Promising Monitoring" (InfoTEX Group of Companies), specializing in monitoring and preventing computer attacks, BRP are regularly updated and delivered as part of a subscription.

The IDS 3 ViPNet system can be used as the core of the information security incident monitoring and response center SOC (), as well as for building a corporate or departmental center. GOSSOPKA

Extension of grants for 6 months against the background of the coronavirus epidemic

In connection with the increase in the number of applications with a request to provide licenses for software for the organization of remote protected access and the difficult situation with the development of coronavirus infection, InfoTEKS announced on October 6, 2020 its readiness to provide licenses for a number of its products free of charge. Including on the IDS ViPNet. More details here.

Compliance of IDS 3 ViPNet with the requirements of the FSB of Russia

On July 15, 2020, InfoTEKS announced that it had received a certificate from the FSB of Russia on the compliance of the computer attack detection system ViPNet IDS 3 with the requirements for class B computer attack detection tools.

The presence of the FSB certificate allows you to use IDS 3 ViPNet in government organizations, at research and development facilities, as well as in companies in which the need for the use of certified products is legally determined.

The solution itself consists of the main component - the computer attack detection system ViPNet IDS NS and can be supplemented by a centralized management console ViPNet IDS MC and an event mining and automatic incident detection system ViPNet TIAS.

ViPNet IDS NS analyzes network traffic and detects information security events using both signature and heuristic analysis methods. By studying the events detected by the system, the IB specialist can manually determine information security incidents related to computer attacks.

Connecting the ViPNet TIAS module allows you to analyze all detected events ViPNet IDS NS in automatic mode, significantly reducing the time of incident detection compared to the analysis of events conducted in the "manual" mode, while reducing the cost and load on personnel. At the same time the final decision on an incident is made by the expert, leaning on the offered recommendation ViPNet TIAS.

The IDS MC ViPNet module allows you to manage all components of the solution and automatically update the bases of decisive rules developed by Perspective Monitoring, which is part of InfoTEX General Ledger.

ViPNet IDS 3 can be used as the core of the Information Security Incident Monitoring and Response Center, as well as for building a corporate or departmental center of GosSOPKA.

Grant of a licence free of charge against the background of the coronavirus epidemic

On March 19, 2020, InfoTEX announced that it would provide licenses for its software for the organization of secure remote access on a free basis. The company announced its readiness to provide the required number of licenses for ViPNet Client, ViPNet Connect, ViPNet IDS HS and ViPNet SafeBoot software. More details here.

2018

Multi-lease use of ViPNet IDS HS and ViPNet IDS MC

On December 4, 2018, InfoTeKS announced the release of the next release of a solution designed to detect computer attacks.

According to the company, the main feature of the solution release is the ability to provide commercial services for monitoring the information security of tools and information systems to third-party organizations, which will allow InfoTeKS partners to provide services for detecting computer attacks to customers who are not ready to deploy their own monitoring center. This became possible after implementing the multi-lease mode of using ViPNet IDS HS, ViPNet IDS MC servers and implementing simple scenarios for connecting organizations to the monitoring service.

The list of services that can be provided using the solution as of December 2018:

• Detect computer attacks in client network traffic.

To connect the service in the infrastructure of the client connected to the service, the network sensor ViPNet IDS NS is deployed.

• Detect signs of computer attacks and abnormal activity on user workstations and servers.

To connect the service, the IDS HS ViPNet agent is installed on the client nodes connected to the monitoring.

• Identify incidents based on the analysis of sensor events.

Automatic registration of an incident card and notification of a suspected incident in 24/7 mode.

• Conduct incident investigations.

It can be performed by service provider analysts if the staff of specialists has the necessary qualifications, or with the involvement of specialists of the company Perspective Monitoring.

• Provide statistical reports on events and incidents.

Generate monthly, quarterly, yearly reports on processed events and identified incidents across organizations.

In addition, as of December 2018, the following functionality is available in the release:

• The analysis of the events received from ViPNet IDS HS sensors expands the number of the computer attacks which are revealed by ViPNet TIAS and registers in the form of cards of incidents of information security. Provides real-time summary statistics on all types of attacks and reports.
• Detection of the next types of network attacks on the IPv6 protocol, attacks of the ARP spoofing type. Ability to obtain a hash sum (md5) of a file in a controlled folder for later analysis.
• A number of scenarios have been developed that simplify the management of all components of the solution, which reduces the time to deploy, connect the next network segments, regularly update and maintain the solution infrastructure.

Composition of the solution:

• ViPNet IDS NS (version 3.4) is a network sensor designed to detect computer attacks (intrusions) harmful software and in network traffic.
• ViPNet IDS HS (version 1.3) - host-level intrusion detection system.
• ViPNet IDS MC (version 1.4) is a centralized solution component management console.
• ViPNet TIAS (version 3.3) - a system for mining events and automatic detection of incidents.

Inclusion in the Register of Russian Software

The Infotecs company declared on April 9, 2018 entering of ViPNet IDS 2 (version 2.4) into "The unified register of the Russian programs for electronic computers and databases".

The software product complies with the requirements of the rules for the formation and maintenance of the Unified Register of Russian Programs, approved by Decree of the Government of the Russian Federation No. 1236 "On Establishing a Ban on the Admission of Software Originating from Foreign Countries for Procurement Purposes to Meet State and Municipal Needs" dated November 16, 2015.

According to April 2018, the register of Russian software includes 42 InfoTEX products. The inclusion of company products in this register allows state customers to acquire InfoTEX decisions as part of purchases under the import substitution program.

2017: ViPNet IDS HS 1.2

On November 9, 2017, InfoTEX announced the release of the next version of the intrusion detection system (OWS) ViPNet IDS HS 1.2.

In general, the ViPNet IDS HS product is an intrusion detection system developed by InfoTEKS for monitoring and processing events inside the host. The IDS HS ViPNet system uses signature and heuristic methods for analyzing attacks based on rules and signatures developed in Russia.

A number of features have been added to release 1.2:

• Syslog support, so that the collected data can be transferred to various SIEM systems and to the software and hardware complex ViPNet TIAS, designed to analyze information security events from various sources.
• Integration with the ViPNet StateWatcher product, which allows you to monitor the state of information protection and network infrastructure elements.
• Integration with Active Directory - This allows you to simplify the commissioning of CMW: users can automatically import the organizational structure of computers, as well as their names and employees, to whom computers are assigned.
• Possibility to detail events and recommendations for further actions.
• Agent for Astra Linux operating systems (Smolensk release, version 1.5) and Debian 8.

ViPNet IDS HS allows you to observe everything that happens in the operating system: file or network activity, changes in the registry, processes or logs. Based on the results of monitoring, the system detects attacks and immediately notifies the administrator. Centralized management of agents, settings, and rule groups on hosts allows you to respond quickly to network security events.

According to the developers, thanks to heuristic analysis, the IDS HS ViPNet system is able to detect the latest attacks for which anti-virus signatures have not yet been written. In addition, the CMF on the host can capture network attacks that are not visible to the network IDS - for example, attacks in encrypted traffic.

Certification of ViPNet IDS HS of version 1.2 within inspection control is planned. Receipt of the certificate is expected in the first quarter of 2018.

2014: ViPNet IDS 2.0

On December 18, 2014, InfoTEKS, a Russian developer of software and hardware VPN solutions and cryptographic information protection tools, announced the receipt of a certificate from the FSTEK of Russia for the software and hardware complex ViPNet IDS 2.0 for compliance with the requirements of the regulator for class 4 intrusion detection systems. SZI ViPNet IDS 2.0 can be used in bodies of the state vlastirossiysky Federation in the automated information systems processing information which is not containing the data which are the state secret. The certificate of conformity was issued on the basis of certification tests of the product sample conducted by the testing laboratory of Information Security Center LLC.