PT Platform 187

Main articles:

• Security Information and Event Management (SIEM)
• Antispam Technology
• Antiviruses
• Firewall
• DLP - Data Loss/Leak Prevention

PT Platform 187 is a software and hardware complex for interacting with GosSOPKA and implementing the main functions of the security system of significant KII facilities. The platform includes a set of technical tools that allows you to optimize information security in the organization and fulfill the main requirements of the legislation of the Russian Federation.

2021: Release of five PT Platform 187 configurations

On June 21, 2021, Positive Technologies announced the release of five PT Platform 187 configurations.

PT Platform 187 was created for companies of various profiles: cyber threat response centers, operators of personal data systems and state information systems, subjects of critical information infrastructure.

We see that organizations are at different stages of maturity, IB have different needs and different degrees of infrastructure readiness to build real protection. To respond to the most private business requests and allow companies to realize them with minimal effort at optimal time costs, we have created five PT Platform 187 configurations. The composition of the complex is selected depending on the type of business and the features of its infrastructure, "comments Sergey Kutz, head of solutions development for cyber security Positive Technologies.

For companies planning to create cyber threat response centers, the PT Platform 187 configuration is suitable, combining four Positive Technologies products: a security control system MaxPatrol 8, an IS event monitoring and incident detection system, MaxPatrol SIEM a Discovery comprehensive network traffic analysis system PT Network Attack and a PT harmful content MultiScanner detection system (configuration No. 1 (Fig. 1) is available at 250 nodes, 100 Mbps, and 500 Mbps. This configuration of PT Platform 187 will allow you to create at SOC minimum start-up costs, as well as provide for its subsequent scaling.

The PT Platform 187 configuration for industrial networks, in addition to MaxPatrol 8, PT MultiScanner and MaxPatrol SIEM, will include the PT ISIM process traffic analysis system (configuration No. 5, Figure 1). According to Positive Technologies, in 2020, the number of attacks on industrial companies increased by 91% compared to 2019. This composition of the complex will make it possible to continuously monitor the enterprise's industrial networks and detect cyber attacks on APCS components, as well as unauthorized personnel actions.

Companies that need to pay special attention to detecting network anomalies or have to analyze more than 1 Gb/s of traffic will fit the configuration with MaxPatrol 8, MaxPatrol SIEM, PT MultiScanner and PT Departmental Center, where you can separately connect the NTA class solution (configuration No. 2, Figure 1). The configuration is also suitable for companies that already use PT NAD.

For small commercial networks with a limited staff of specialists, the PT Platform 187 configuration with the PT Departmental Center incident management system, MaxPatrol 8, PT MultiScanner, MaxPatrol SIEM and PT NAD (configuration No. 3, Fig. 1) is offered. The solution will simplify the response and reduce the time spent by specialists by automatically creating incident cards and using response templates. Visual dashboards will help control the process and reduce the risk of errors. If the organization plans to gradually create the GoSOPKA center, then the PT Departmental Center as part of PT Platform 187 will meet the requirements and organize interaction with NCCI and (or) another industry center in a two-way format.

A configuration is also available to users where you can separately connect vulnerability management class solutions (configuration# 4, Figure 1). This option is suitable for those who already have a security analysis system MaxPatrol 8 or have a desire to connect a new generation system to manage vulnerabilities MaxPatrol VM.

2018

Are you a subject of critical information infrastructure? It's time to think about safety...

Trends in recent years generally show that even well-protected critical information infrastructures are CUES vulnerable to simple cyber attacks. For example, a sensational encryption virus WannaCry hit more than half a million computers in a short time, disrupting a number of major companies. Studies Positive Technologies have shown that on average up to 31% of companies are at risk of infection with this virus. At the same time, experts often call the attack itself the result of banal non-compliance with hygiene: IB violation of patch management rules. If you turn to the topic of APT attacks on organizations, then in this case the indicators are not comforting: on average, every second large organization discovers traces of the presence of intruders in its infrastructure. Sometimes this presence lasts for years. Therefore, organizations are keenly faced with the task of minimizing the capabilities of attackers, learning to quickly identify hidden incidents and find problem points in time. IT Infrastructure

Read here about the features of the PT Platform 187 platform in the face of a common phishing-based attack [1]

Composition. Features. Architecture

PT Platform 187 is suitable for organizations with infrastructure of up to 250 network nodes and territorial divisions of large organizations as part of the GoSOPKA segment.

Structure The software and hardware complex includes (as of 2018):

• Event Monitoring and Incident Detection System MaxPatrol SIEM,
• Security monitoring system MaxPatrol 8,
• Comprehensive Network Traffic Analysis System PT Network Attack Discovery,
• PT MultiScanner malicious content detection system,
• The incident management and interaction system with the NCCI ("National computer Incident Coordination Center") "PT Departmental Center."

Optional connection:

• PT ISIM is connected to the platform to ensure continuous monitoring of the enterprise's industrial network and detection of cyber attacks on APCS components.
• PT Application Firewall is used to protect web applications.
• The PT Application Inspector integrates with the PT Application Firewall to analyze code security if your organization uses self-described software or has web application source code.

Features

• Compliance
  • The platform allows to implement protection measures CUES in accordance with the requirements FSTEC Russia and build GosSOPKA centers in accordance with the requirements FSB of Russia. Platform products are regularly updated to meet new regulatory requirements.

• Rapid Deployment
  • A single installer allows you to quickly implement the platform with minimal labor costs and begin interaction with GosSOPKA as soon as possible.

• Unified Authentication System
  • Authorization in a single identification and access control system gives the user automatic access to all products.

• Automated interaction with NCCI
  • Incident information is transmitted to NCCI in the required format.

• Does not require highly qualified specialists
  • It is sufficient to have an analyst and a system administration and maintenance specialist to run the platform efficiently.

• Complies with import substitution policy and regulatory requirements
  • Platform products are certified by the FSTEC of Russia and are included in the register of Russian software.

• Positive Technologies Expertise
  • All products are based on Positive Technologies "multi-year expertise in vulnerability detection, attack detection, and incident investigation.

Architecture

The core of the platform is the SIEM MaxPatrol system. It builds a model of a protected IT infrastructure that allows you to better understand its vulnerabilities, assess the likelihood of successful attacks, and simplify incident investigation. The infrastructure model is enriched with information about the configuration, vulnerabilities, software and hardware of information resources from MaxPatrol 8 and PT Network Attack Discovery.

MaxPatrol SIEM collects security events from various sources, including PT Network Attack Discovery and PT MultiScanner, and detects incidents based on certain attributes (correlation rules). Information about incidents is automatically transmitted to the PT Departmental Center for registration, response and subsequent sending to the NCCI, Positive Technologies explained.

To detect malicious content, PT Network Attack Discovery sends files from network traffic to PT MultiScanner. If an infected file is detected, the incident message leaves the PT MultiScanner in the SIEM MaxPatrol, where the notification is triggered automatically. This allows the IB specialist to quickly detect and block the distribution of malware.

The uniform system of authentication (Single Sign-On/SSO) is provided that simplifies and accelerates work of the IB-specialist. The user is authorized in the identification and access control system and automatically accesses all products.

Release

Positive Technologies on April 24, 2018 announced the release of the PT Platform 187 solution, designed to create corporate and departmental centers of GosSOPKA in a minimum time frame. PT Platform 187 includes a set of technical tools necessary to interact with the National Computer Incident Coordination Center (NCCC) and build a security system for CII facilities within the framework of No. 187-FZ.

The solution has a fixed cost and is designed for organizations with an IT infrastructure that does not exceed 250 network nodes. PT Platform 187 can also be installed as part of the GosSOPKA segment in the territorial divisions of large organizations with distributed infrastructure.

According to the developers, the solution will allow:

• Obtain data on IB events from various sources, automatically analyze them and detect incidents;
• Detect and monitor vulnerabilities;
• retrospective analysis of incident investigations;
• Inventory information resources and keep infrastructure information up to date
• Monitor incident response and response processes and work with NCCI.

PT Platform 187 is a real tool for creating its own SOUND( Security Operation Center) on a small scale, building IS processes, developing its expertise and improving the effectiveness of information security in the organization as a whole, "said Maxim Filippov, Director of Business Development at Positive Technologies in Russia. - First of all, the decision will be interesting to regional authorities, state institutions providing information security of government agencies, subsidiaries of large enterprises with separate IT infrastructure, which are subjects of significant infrastructures.

PT Platform 187 combines 5 products of Positive Technologies' own development: MaxPatrol 8,, MaxPatrol SIEM PT Network Attack Discovery, PT MultiScanner and PT Departmental Center. Products can be used to implement methodological recommendations FSB for the construction of GosSOPKA centers, requirements FSTEC Russia for security systems of significant KII facilities and to ensure their safety, as well as the requirements of the draft order of the FSB of Russia to the technical means of GosSOPKA.

All platform products are integrated with each other, which ensures compatibility of components, and are deployed using a single installer. This allows you to quickly implement PT Platform 187 with minimal labor costs and quickly begin interaction with GoSOPKA. Positive Technologies estimates that implementation will take from a month to six months depending on the infrastructure and maturity of the BI processes in a particular organization.

According to developers, the solution is easy to use and understandable interfaces. In the company staff, it is enough to have an analyst and a specialist in the administration and maintenance of the system.

Products included in the platform are constantly developing and quickly receiving updates necessary to counter current threats and meet the requirements of regulatory regulations in the field of CII and GosSOPKA protection.