Group-IB and RNT: The platform for detecting, the analysis and prevention of cyber attacks

The platform for detecting, the analysis and prevention of cyber attacks is intended for the departmental and corporate centers of State system of detection, prevention and elimination of consequences of computer attacks, services cybersecurity of the companies and the enterprises with critical information infrastructure.

The solution provides collecting and fixing of a broad spectrum of data on the incidents necessary for rapid response, for the subsequent analysis and correlation in a segment and transfer to the main center State system of detection, prevention and elimination of consequences of computer attacks.

Structure of a complex

• The firewall preventing and blocking dangerous network interactions using indicators of a compromise, the addresses of command centers a bot networks, the suspicious IP addresses, domains and other tactical data on threats.
• The system of detecting of invasions revealing activity of a malicious code, remote connection and other network anomalies.
• The analysis system of behavior of suspicious objects in the safe environment allowing to prevent penetration into network of a malicious code as a result of phishing mailings, attacks on the browser, the attacks using vulnerabilities of "zero day" and earlier unknown malware.

Specific Features

The complete solution includes the tools for the staff of the center allowing to optimize their work:

• the low level of false operations and prevention of a part of incidents at the level of the firewall reduces time for event handling;
• evident ranging of events helps to do not miss a critical incident;
• the processing system of requests (ticket system) allows to organize the centralized information exchange about an incident and coordination between participants of process of reaction.

2017: Announcement

On September 20, 2017 the companies RHT (Russian High Technologies), solution provider for information security support of public sector, and Group-IB, the player of the Russian market of a research of cyberthreats, signed the agreement of intent to develop a technology platform for detecting, the analysis and prevention of the computer attacks.

Andrey Novikov, CEO of RNT, and Ilya Sachkov, CEO and founder of Group-IB

The solution is intended for the departmental and corporate centers of the State detection system, warning and mitigation of consequences of the computer attacks on information resources of the Russian Federation (State system of detection, prevention and elimination of consequences of computer attacks) and also Information Security Services of the companies and the enterprises of the industries with critical information infrastructure (Federal Law No. 47571-7).

Identification and prevention of incidents provide three hardware and software systems. Signatures, rules and settings are daily updated using relevant data on activity of pro-government and private cybercriminal groupings, cyberdivisions of the terrorist organizations and haktivist.

Transfer of indicators of a compromise and other data on earlier unknown threats will allow to inform quickly on new types of the attacks all industry segments and to enrich forces and State system of detection, prevention and elimination of consequences of computer attacks sensors. The research and correlation of these data will allow to monitor evolution of tactics and instruments of pro-government hacker groupings and technology developed cybercriminal groups. Thus, partnership of RNT and Group-IB will help to take an important step from security of separate departments, enterprises and corporations to security of the state" — Andrey Novikov, the CEO of RNT commented on an event.

For increase in competences of specialists in detection of the attacks, to establishment of the reasons of incidents and technical experts it is going to organize specialized educational rates and training programs.