ViPNet TIAS (Threat Intelligence Analytics System)

The main articles are:

• Security Information and Event Management (SIEM)
• Data mining Data mining
• How does a hacker act in a targeted attack and how to prevent him? Threat Intelligence Services Capabilities Overview

ViPNet TIAS (Threat Intelligence Analytics System) is a software and hardware complex designed to automatically detect incidents based on an analysis of information security events.

2023: Inclusion in the register of Russian software

On May 24, 2023, InfoTeCS (Infotecs) announced that the ViPNet TIAS event mining system was included in the register of Russian software and received a special sign indicating that the software (software) was classified as artificial intelligence ( AI).

ViPNet TIAS has the following features of AI: the system pre-processes and enriches data with additional features, the system implements self-learning and self-testing of the model on automatically generated samples, the system detects signs of computer attacks in chains of information security events.

ViPNet TIAS is used as part of the ViPNet TDR solution, which also includes the ViPNet IDS NS network level intrusion detection system, the ViPNet IDS HS node level intrusion detection system, and the centralized management console for ViPNet IDS MC solution components. The implementation of a comprehensive solution significantly increases the existing level of security of information systems, data centers, user workstations, as well as servers and telecommunications equipment with a general reduction in the financial and time costs of detecting and responding to information security incidents.

To stimulate the practical introduction of domestic technological solutions in the field of AI from 2023, the state offers special conditions for companies that purchase domestic IT solutions and products with artificial intelligence, in particular, tax incentives.

2019: Opportunities. Functions. Use Cases

As of July 2019, ViPNet TIAS automatically analyzes the entire stream of incoming events from sensors, finds relationships between them and identifies really significant threats that are information security incidents.

Automatic detection of information security incidents in ViPNet TIAS is based on a combination of two methods:

• A signature analysis method based on the use of incident detection metros.
• A mathematical decision model developed on the basis of statistical analysis of threats using machine learning methods.

The metered database and mathematical decision-making model are developed and updated by Future Monitoring experts based on the knowledge of threats obtained from the analysis of tools and attack techniques - Threat Intelligence.

ViPNet TIAS allows you to monitor and respond to information security threats when:

• There are not enough qualified personnel;
• There is not enough time to work out each information security event message;
• There are no tools to automate the process of analyzing events and investigating the causes of threats.

Additionally, ViPNet TIAS provides the following capabilities:

• Create reports on events and incidents;
• Upload incident information to external systems, including State system of detection, prevention and elimination of consequences of computer attacks system;
• Connect additional sources to enrich information about events during investigations.

ViPNet TIAS performs the following functions:

• Collects events from intrusion detection sources (ViPNet IDS);
• Analyzes incoming events and automatically detects information security incidents;
• Notifies of incidents via the web interface and by e-mail;
• Enrich information about incidents and events with information from additional sources;
• Provides a graphical interface for monitoring information security threats in real time;
• Provides a graphical interface for incident investigation analysis;
• Provides tools for self-analysis of events and detection of incidents;
• Reports events and identified incidents.

Use Cases:

• Network and host-level ViPNet IDS intrusion detection systems generate information security events.
• ViPNet TIAS automatically collects event information from the connected ViPNet IDS sensors and ViPNet IDS HS servers.
• ViPNet TIAS analyzes events using a trained mathematical model and metrag.
• As a result of the analysis, one or more undesirable or unexpected events that suggest a high probability of network disruption or pose a security threat are defined as an information security incident.
• When incidents are detected, ViPNet TIAS records this fact, identifies dependent events, enriches them with information from additional sources and generates recommendations for eliminating the consequences;
• ViPNet TIAS notifies you of an incident using the web interface and by e-mail.
• The information security specialist investigates incidents, eliminates the causes and consequences of their occurrence on the network.