| Developers: | InfoWatch, InfoWatch ARMA |
| Last Release Date: | 2022/12/27 |
| Technology: | Information Security - Firewalls, Information Security Information and Event Management (SIEM) |
The main articles are:
InfoWatch ARMA is a domestic system for information protection in, APCS which includes industrial firewall to identify and block attacks at the network, transport and application levels.
2022
Compatibility of InfoWatch ARMA Industrial Firewall and ARIES controller PLK210
Companies InfoWatch ARMA and LLC "" ARIES conducted compatibility tests for firewall InfoWatch ARMA Industrial and, Firewall ARIES CONTROLLER PLK210 which is widely used at various industrial facilities to control automation systems. This was announced by InfoWatch on December 27, 2022.
As a result, it was found that InfoWatch ARMA Industrial Firewall can be used in conjunction with ARIES devices for efficient protection industrial infrastructures from unauthorized access attacks malefactors and as an industrial firewall, which is especially important in 2022, with the current increase in threats. cyber security
 | It is important to replace foreign equipment for, and industrial automation the company is glad to see that market there are confident players on this. It was important to adapt the InfoWatch ARMA Industrial Firewall for PLK210 and ensure compatibility of complexes. In time compatibility tests, the products showed steady performance. This enables customers to use this end-to-end solution to provide, safety told Igor Soul, Director of Product Development InfoWatch ARMA.
|  |
| | The instruments support basic industrial and application protocols. The main communication interface of ARIES is PLK210 Ethernet. The controller has 4 Ethernet ports, 3 of which are combined into a controlled switch, allowing you to work as a gateway between an industrial network and an enterprise network. All devices of the company undergo comprehensive testing and have supporting certificates, including an industrial safety certificate. The company is pleased to discover other opportunities to protect automation objects from unauthorized intrusion in conjunction with InfoWatch ARMA, noted Stepan Bondarev, product manager of PO ARIES LLC.
| |
The emergence of InfoWatch ARMA Industrial Firewall collaboration capabilities with the PLK210 controller will expand the usability of a firewall that can effectively repel hacker attacks and ensure the safe operation of information systems using Industry 4.0 elements.
Installation with Trinities Servers
InfoWatch ARMA has begun cooperation with Trinities in terms of expanding the line of used hardware platforms and providing the market with secure software and hardware complexes (PAC) of Russian production. The company Trinities announced this on December 2, 2022. Read more here.
Compatibility InfoWatch ARMA Industrial Firewall version 3.5 and DPA
InfoWatch ARMA, part of InfoWatch Group of Companies and Yaviar Engineering, a Russian engineering company, announced on October 25, 2022 the compatibility of the next generation of industrial network screen InfoWatch ARMA Industrial Firewall version 3.5 and IT solutions DPA (Digital Process Automation).
The study testings confirmed the compatibility and possibility of using InfoWatch ARMA Industrial Firewall as a firewall and intrusion detection system for production monitoring and management systems offered by Yaviar Engineering.
DPA industrial equipment monitoring and diagnostics systems enable large industrial enterprises to get an accurate and complete picture of production in real time, time necessary for effective management of important production processes; Prevent numerical control (CNC) machine malfunctions in advance determine the degree of workload of production equipment and correctly build the entire production process. Production line management with DPA is automated, saving employees time and effort.
| | The efficiency of any production is determined by the state of the equipment and control over the parameters of technical processes. This is only possible if each of the elements of the production line is continuously monitored for the most important characteristics, and the monitoring system quickly finds and transmits primary signals about upcoming failures. The safety of a large manufacturing plant is based on the same principles: the main thing here is to determine in advance and prevent the possibility of intrusion, shutdown of production and causing significant damage from large-scale downtime or failure. If such solutions work together and are domestic as in this case, then it can be considered that production processes are extremely reliably protected, noted the head of the DPA "Yaviar Engineering," Alexey Oreshkin.
| |
| | Protection industrial enterprises countries from constant cyber threats and external intrusions, the complexity and preparedness of which is constantly growing, has become one of the most important tasks. In fact, she got to the level state. At the same time, technologies in production are almost all foreign, technologies use different protocols, architecture ON and, depending on, and industries INFORMATION SECURITY local specialists do not always understand the nature and changed dynamics of cyber threats well. To overcome all these problems and solve the problem of protecting large industrial enterprises, comprehensive information security systems are required that work as efficiently as possible in conjunction with domestic production automation systems. Their joint work will allow large enterprises of the country to avoid downtime, expensive failures in production processes in the event computer attacks and damage from external intrusions, commented on CPO InfoWatch ARMA , Igor Soul.
| |
The InfoWatch ARMA complex, which includes InfoWatch ARMA Industrial Firewall, includes three software products that provide comprehensive protection APCS at the network and dispatch levels. In addition to the industrial firewall, industrial customers receive up-to-date means of protection workstations servers and APCS, as well as a single security management center that provides the ability to detect and prevent complex and well-prepared computer attacks in advance. The key difference between InfoWatch ARMA and foreign counterparts is that the product delves deeper into the demanded industrial protocols (IEC 60870-5-104, IEC 61850 (MMS, GOOSE), Modbus TCP, OPC DA), allowing much better and more reliable protection of critical parts of the network. In particular, this is due to a more accurate adaptation of filtration rules and complex security policies large industrial enterprises. InfoWatch ARMA Industrial Firewall meets certificate FSTEC of Russia 4 levels of trust.
Compatibility with Prostor software
InfoWatch ARMA and LLC Prostor Laboratory announced the compatibility of their products on July 15, 2022.
As a result of testing, it was found that the solutions are compatible, and InfoWatch ARMA Industrial Firewall can be used to protect information as a firewall and/or intrusion detection system for Prostor software. Read more here.
InfoWatch received a grant of 60 million rubles to bring its product closer to imported ones in terms of functionality
Infovotch Arma, part of InfoWatch, won a grant from the Russian IT Development Fund (RFRIT) for the InfoWatch ARMA Industrial Suite product development project. She became one of the winners of the competition for grants for the development of domestic software products. Funds within the framework of this initiative are allocated by the Ministry of Digital Development within the framework of the federal project "Digital Technologies," the head of which is Deputy Minister Maxim Parshin.
As TAdviser explained in InfoWatch in mid-July, within the framework of InfoWatch ARMA Industrial Suite, the company is finalizing the functions that users need based on the results of the introduction of its InfoWatch ARMA product, as well as as as a result of the massive refusal of foreign vendors to protect information from deliveries to Russia.
| | In other words, with the money of the grant, we are implementing functionality that was previously implemented by foreign manufacturers and was in great demand, and now it cannot be implemented by Russian products, since it is difficult and expensive to implement it, - said TAdviser in InfoWatch. | |
At the same time, "the amount of the grant for such an ambitious task will definitely not be enough," the company added. With the help of funds received from the state, the developer covers only a part of all the costs of creating a full-fledged analogue of foreign solutions used in Russia.
InfoWatch ARMA is a domestic system for providing. cyber security APCS According to the developers, it protects critical information infrastructure against threats that arise when mixing IT and OT (operating technologies) loops, and comes from both internal and external violators. This is the company's new product. Under its development in 2021, she has already received a grant of 68 million. rubles
The catalog on the ARPP "Domestic Software" website states that InfoWatch ARMA software complexes are designed to replace, among other things, information protection tools from such vendors as Fortinet, Cisco, Palo Alto Networks, FireEye, Check Point and others.
InfoWatch clarified that the following functions are implemented as part of the improvements:
1. Improve the system for detecting computer attacks and implement features that are absent compared to foreign firewalls.
2. Automate some of the tasks of a specialist to identify threats to information security and simplify the process of detecting computer attacks:
- checking correlation rules before applying them;
- Translation of query language for correlator rules into Query string
- Filtering on the correlator rules page
- direct transition between the incident card and the correlation rule that created it.
3. Prepare a deployment automation system to reduce deployment and deployment times.
4. Improving the traffic control system within the industrial segment of the network and improving the systems for detecting attacks using industrial protocols.
5. Introduction of new rules of expertise.
In June, Infovatch Arma said that its product is needed not only in Russia, but also in the markets of the Middle East, Southeast Asia and Latin America, because in a number of countries in these regions it is difficult to purchase Western solutions. The company plans to enter foreign markets, noting that this requires significant investments[1].
InfoWatch ARMA Industrial Firewall 3.7 Update
On June 28, 2022, InfoWatch ARMA, part of the Civil Code, InfoWatch announced the release of an updated version of the industrial firewall InfoWatch ARMA Industrial Firewall. In the functionality of InfoWatch ARMA Industrial Firewall version 3.7, support OpenVPN for -GOST was added, the list of supported industrial ones was expanded protocols and it became more convenient to work with log logs.
The updates included in this version of the product are dictated by the requirements of the regulator (Orders No. 17, No. 31, No. 239 of the FSTEC of Russia and industry standards on the organization of secure remote access). As well as attention to customer requests, such as increased usability and added protocol support. In particular, we are talking about organizing secure communication channels between geographically distributed branches and industrial sites of CII facilities, increasing the number of analyzed industrial protocols, as well as expanding the functionality of log collection and processing modules.
InfoWatch ARMA Industrial Firewall version 3.7 has these features built in:
- Support for OpenVPN-GOST has been added, which allows the user to enable enciphering communication channels based on certified. FSB of Russia CIPF The user can independently select and configure the preferred type of encryption of OpenVPN or OpenVPN-GOST communication channels, and in the log filter logs by VPN type. Also, the ability to export settings of the selected type is implemented. VPN
- In order to expand the inspected protocols, support has been added for the industrial KRUG protocol used in controllers and SCADA systems manufactured by NPF KRUG, which allows users to create rules and filter traffic by this type of protocol. In addition, the rule creation interface for the KRUG and GOOSE protocols has added tooltips to the fields to be filled, allowing the user to correctly set parameters when creating rules for these protocols. Additionally, for the GOOSE protocol, the ability to configure the filtering rule by time has been added.
- Syslog has added the ability to upload the entire log at once with one click of a button. In the log of the "Intrusion Detection" section, an extended ability to filter logs has been added, which allows the user to work with recorded events.
| | "ARMA Industrial Firewall 3.7 in accordance with the Company's product development plan continues its continuous development: functionality appears, types of industrial protocols are added for inspection, tests are carried out for compatibility with information security solutions of other vendors, etc. But the main goal of all additions remains the same - to help our customers ensure the uninterrupted operation of enterprises and to fulfill the technical measures of Order No. 239 of the FSTEC of Russia when automating routine information security processes, " comments Igor Soul, CTO of InfoWatch ARMA | |
Compatibility of InfoWatch ARMA Management Console 1.1.2 with OSnova
The companies InfoWatch ARMA (part of the GC) InfoWatch and JSC "" NPPCT signed an official statement on the compatibility of their products: the Unified Control Center InfoWatch ARMA Management Console 1.1.2 Operating system and the general purpose "," Basis respectively. InfoWatch announced this on June 22, 2022. More. here
QTECH QSRV Server Platform Compatibility
The QTECH QSRV server platform and the InfoWatch Industrial Firewall software package received a compatibility certificate. This was announced on April 29, 2022 by QTECH. Read more here.
InfoWatch ARMA Industrial Firewall 3.6.1, InfoWatch ARMA Industrial Endpoint 2.5 and InfoWatch ARMA Management Console with module for State system of detection, prevention and elimination of consequences of computer attacks
On April 21, 2022, InfoWatch introduced updated versions of software products: InfoWatch ARMA Industrial Firewall, InfoWatch ARMA Management Console, InfoWatch ARMA Industrial Endpoint.
The growth of cyber attacks on industrial enterprises, anti-Russian sanctions and, as a result, the departure of foreign vendors requires quick and verified solutions from the domestic IT industry. One of the priority tasks is to reduce information security risks. The Russian market for information security development is quite competitive and allows you to close the tasks of preventing attacks. One example is the comprehensive InfoWatch ARMA system, which consists of three components to create layered protection for the technological network of enterprises that have received important updates.
The latest generation certified industrial firewall (NGFW) InfoWatch ARMA Industrial Firewall has been updated to version 3.6.1, the main development of which was the streaming antivirus module. The installation of antivirus databases takes place automatically when the system is implemented, in further operation, the databases are updated manually by downloading the file. The updated version simplifies the procedure for creating a failover cluster. The InfoWatch ARMA Industrial Firewall web interface has the ability to activate the license after installing the system and then updating it. In addition, the NAT (Network Address Translation) event logging and user actions feature has been added to this version.
InfoWatch ARMA Management Console - a single control center for the InfoWatch ARMA protection system version 1.3 is enriched with an interaction module with State system of detection, prevention and elimination of consequences of computer attacks. The function is implemented through integration with the personal account of the NCCCI portal (National Coordination Center for Computer Incidents). A single interface allows you to send notifications to the NCCC about information security incidents, vulnerabilities and computer attacks, receive notification processing statuses from the Center, and conduct correspondence with its employees, including to maintain a history of each information security incident. The bilateral exchange of information with the State system of detection, prevention and elimination of consequences of computer attacks center helps to quickly learn about current information security threats and receive bulletins to protect the infrastructure from them. In the updated version, the role model of users has changed, predefined groups of users with fixed rights have appeared.
New features have appeared in the software protecting APCS from threats at the level of InfoWatch ARMA Industrial EndPoint v2.5 dispatch control, of which the antivirus file scanning function is key. Anti-virus protection can be controlled both from the software product itself and from the InfoWatch ARMA Management Console interface - delete infected files or inform about them, update anti-virus databases, etc.
| | The use of our products in enterprises with critical infrastructure creates serious barriers for attackers to penetrate the technological network of the enterprise and the conditions under which the implementation of a cyber attack becomes almost impossible. In addition to complex safety, industrial enterprises have the opportunity to fulfill 90%, mandatory for enterprises with CII facilities, technical measures of Order No. 239 of the FSTEC of Russia, | |
2021
Finalize RFRIT Grant
On November 23, 2021, InfoWatch ARMA completed the second, final stage of the development of its InfoWatch ARMA solution under the RFRIT grant.
In early 2021, the company received a grant from the Russian Information Technology Development Fund (RFRIT), created to support the development and promotion of Russian software in ICT, in the amount of more than 68 million rubles. The grant was allocated for the development and testing of additional functions of the domestic system to protect critical information infrastructure (CII) objects from cyber threats.
| | With the support of RFRIT during the second stage of the project, we implemented software improvements and piloting of the company's developments. Within the framework of this stage, the convenience of visual analysis of security events and incident investigation was increased, the function of receiving user events was added, the incident response system was expanded and improved, the modules for analyzing industrial protocols were improved, and support for operating systems for protecting workstations and servers was expanded, "said Igor Soul, CTO InfoWatch ARMA. | |
The main result of the first stage of development was the introduction of the InfoWatch ARMA Industrial Firewall, InfoWatch ARMA Industrial Endpoint and InfoWatch ARMA Management Console software products developed by InfoWatch ARMA into the Unified Register of Russian Programs for Electronic Computers and Databases (ERRPO).
In addition, the company "InfoWatch ARMA" received a certificate of compliance of the InfoWatch ARMA Industrial Firewall software complex with the requirements of the FSTEC of Russia in 4 levels of trust - the solution can be used at significant CII facilities: APCS, GIS up to 1 class of security inclusive and IE up to 1 level of security inclusive, according to the recommendations of the FSTEC of Russia. The certification confirmed that InfoWatch ARMA Industrial Firewall is a Class 4 "D" firewall and a Class 4 network layer intrusion detection system.
Шаблон:Quote 'author = said Dmitry Anosov, General Director of ARMA InfoWatch.
Compatibility with AMT APC InfoDiode
On November 10, 2021 InfoWatch ARMA (part of the GC) InfoWatch and the company "" AMT GROUP signed an official statement on the compatibility of the unidirectional transmission hardware and software complex "" data and InfoDiode AMT InfoWatch ARMA products - software InfoWatch ARMA Industrial Firewall (certified industrial firewall with the intrusion detection system) and InfoWatch ARMA Management Console (unified incident management center INFORMATION SECURITY and protection system InfoWatch ARMA).
InfoWatch ARMA Industrial Firewall and the AMT InfoDiode hardware and software complex ― Russian software products certified by the FSTEC of Russia that ensure that the subjects of the CII comply with the provisions of Federal Law No. -187 "On the Safety of CII" in conditions of import substitution.
Based on the results of the compatibility test, it was found that these products are compatible and can be used together to protect information in APCS in critical information systems of any level of security and data confidentiality.
| | CII subjects who perform segmentation of their technology networks using InfoWatch ARMA Industrial Firewall can be supplemented with "InfoDiode AMT" unidirectional data transmission devices in those segments where interfacing with open and corporate networks occurs. Thus, by obtaining layered protection of the technological network, CII subjects significantly increase their security, excluding the possibility of computer attacks and the spread of viral activity from open networks and the Internet. AMT InfoDiode complements the InfoWatch ARMA Industrial Firewall, ensuring reliable and secure integration of technological and corporate networks, said Vladimir Leonov, technical director of AMT GROUP.
| |
Ensuring compliance with the provisions of Federal Law No. -187 "On Safety of CII" is guaranteed by the certificate of compliance of the InfoWatch ARMA Industrial Firewall software complex with the requirements of the FSTEC of Russia for level 4 of trust, requirements for firewalls of type "D" of class 4 of protection (IT.ME.D4.PZ) and SOV of level 4 of protection network (IT.SOV.C.4.PZ)), as well as the compliance of the APC "AMT InfoDiode" with the requirements of trust of level 4 of the Federal of Russia.
| | In the context of the merger of IT and OT segments, which complicate cyber threats and the rapid digitalization of industrial enterprises, information security solutions, which are part of layered protection, implement the tasks of segmentation and microsegmentation of networks. The joint use of InfoWatch ARMA and AMT GROUP products allows CII entities to significantly strengthen the security of isolated industrial networks of APCS in critical industries. And adding a centralized management module - make it easier to manage incidents and the basic tasks of an information protection specialist, | |
InfoDiode is a certified FSTEC of Russia in level 4 of trust in a domestic unidirectional data transfer system that provides a high level of isolation of critical information systems, while maintaining the required level of their functionality for interaction with adjacent information systems.
InfoWatch ARMA Industrial Firewall is a certified FSTEC of Russia (No. 4429 with a validity period until July 27, 2026) on the 4th level of trust, the next generation domestic industrial firewall (NGFW). Allows you to timely detect and block attacks on APCS, attempts to exploit vulnerabilities, as well as protect against unauthorized actions in the industrial network. Included in the unified register Russian ON the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.
InfoWatch ARMA Management Console is a single control center for the InfoWatch ARMA security system. Allows you to centrally update and manage your InfoWatch ARMA security products and significantly increase the speed of cyber threat detection and incident investigation.
Compatibility with CAS "Kvant-CHEAZ"
On August 24, 2021, InfoWatch ARMA (part of InfoWatch Group of Companies) announced that, together with CHEAZ JSC, they signed an official statement on the compatibility of the APCS software and hardware complex of KVANT-CHEAZ digital substations (KVANT-CHEAZ CAS) and the software and hardware complex (certified industrial network screen with intrusion detection system) InfoWatch 3.5 ARMA INDUSTRIAL. Read more here.
Integration with Krug-2000 CAS
On August 10, 2021, InfoWatch ARMA, which is part of InfoWatch Group of Companies, completed compatibility tests for the next-generation industrial network screen InfoWatch ARMA Industrial Firewall with automated process control systems based on the KRUG-2000 software and hardware complex (CAS KRUG-2000) developed by NPF Krug. The test confirmed the use of InfoWatch ARMA Industrial Firewall as a means of protecting information - a firewall with an intrusion detection and prevention system for APCS based on KRUG-2000 CAS.
The KRUG-2000 software and hardware complex is a tool for fast and high-quality development of APCS, based on many years of experience in creating automation systems for various industries. It is a 100% import-substituting product.
| | "In our work, we are guided by the principle of designing protected APCS at the initial stage, including for compliance with the import substitution rate. Our solutions are necessary for CII subjects with high categories of significance in industries that are strategically important for the state. For industrial enterprises, one of the main factors is the continuity of technological processes, therefore, for the effective functioning of enterprises, the most optimal way is the initial operation of domestic APCS with reliable protection against cyber attacks. This is more logical than reorganizing the work, looking for the technological windows of the planned inspection of the APCS, reinstalling the means of information protection, which, in turn, by this time should have already been tested for compatibility and be completely domestic. In view of the above, we are pleased to find a partner in InfoWatch ARMA to solve cybersecurity problems, "- | |
InfoWatch ARMA Industrial Firewall allows you to detect and block computer attacks on APCS in a timely manner, ensure a safe remote connection, while maintaining continuity of operation.
| | "By joining forces with our partners, we expect to provide the market with ready-made domestic solutions that have built-in mechanisms for protecting against computer attacks. On the one hand, industrial enterprises have the opportunity to use Russian automation tools for APCS, on the other hand, superimposed means of protecting information from a domestic vendor. Together, this approach meets the current import substitution policy and makes it possible to provide strategic industries with information protection tools to comply with Order of the FSTEC of Russia No. 239 and protect against current threats to information security, "- says Igor Soul, CTO of InfoWatch ARMA. | |
Compliance with the requirements of FSTEC of Russia according to level 4 of trust
On August 3, 2021, the company InfoWatch announced that InfoWatch ARMA, which is part of it, received a certificate of compliance of the InfoWatch ARMA Industrial Firewall software complex with the requirements FSTEC of Russia for level 4 trust - the solution can be used at significant facilities:, CUES APCS GIS up to 1 security class inclusive and IE up to 1 security level inclusive.
The completion of the certification work confirmed that InfoWatch ARMA Industrial Firewall is a type "D" firewall of the fourth protection class and an intrusion detection system of the fourth protection class network layer. Complies with the documents "Requirements for firewalls," "Protection profile of firewalls of type D of the fourth class of protection IT.ME.D4.PZ," "Requirements for intrusion detection systems" (FSTEC of Russia 2011), "Security profile of intrusion detection systems of the fourth protection class network level IT.SOV.S4.PZ" (FSTEC of Russia 2012), "Information Security Requirements Establishing Levels of Trust in Information Security Tools and Information Technology Security Tools" (FSTEC of Russia 2018) according to level 4 of trust and Security Tasks submitted by the FSTEC of Russia to information protection means. The certificate is issued until July 27, 2026.
The domestic industrial firewall (NGFW) InfoWatch ARMA Industrial Firewall is a software and hardware tool for protecting information in APCS from computer attacks and unauthorized access to information and implements the functions of an industrial intrusion detection and prevention system. Included in the unified register of the Russian POMinkomsvyaz of the Russian Federation.
| | The certificate confirms that our product provides control and filtering of industrial data transfer protocols for enhanced protection of APCS against computer attacks. InfoWatch ARMA Industrial Firewall detects intrusions and allows you to filter network traffic to the level of commands and values of industrial protocols, which are common in strategically important sectors of the economy for the state. The inclusion of InfoWatch ARMA Industrial Firewall in the state register of certified information protection tools of the FSTEC of Russia is an important stage for us, testifying to the high level of information security provided by our solution. For many of our customers, the availability of the FSTEC certificate in Russia is a mandatory requirement and will allow, together with integrators, to build a turnkey system of protection against computer attacks, said InfoWatch ARMA CEO Dmitry Anosov.
| |
Compatibility with Kvint CAS
On July 13, 2021, InfoWatch announced the completion of compatibility tests of the InfoWatch ARMA Industrial Firewall with APCS based on the Kvint software and hardware complex developed by NII Teplopribor JSC. Read more here.
Compatibility with AdvantiX Industrial Software
On June 24, 2021, InfoWatch announced that InfoWatch ARMA and AdvantiX had tested the compatibility of their own products - the latest generation of industrial mesh screen InfoWatch ARMA Industrial Firewall and the AdvantiX industrial software complex. As a result of testing, full product compatibility was established: the AdvantiX PC can be used as a hardware platform for InfoWatch ARMA Industrial Firewall, which, in turn, acts as a means of protecting information for control systems in industry.
Aggressive industrial environments in oil-extracting refiners power and companies have high requirements for the reliability of industrial equipment and protective equipment. APCS The digitalization of industry affects growth, cyber threats including from, targeted attacks which continue to grow, this is confirmed by public news about cyber attacks, which are coming out more and more often. InfoWatch ARMA Industrial Firewall allows you to protect TP from ASU attacks computer and unauthorized actions in the industrial network, as well as the exploitation of vulnerabilities ON and equipment that remain leading cyber threats in the context of digitalization of the industry.
| | Together with AdvantiX, we have joined forces to create reliable and fault-tolerant APCS. Enterprises are seriously concerned about the search, on the one hand, for equipment to ensure reliable and uninterrupted operation of the APCS, and on the other, the choice of means of protection against cyber attacks, which can continuously operate in an aggressive industrial environment. It is critically important for industrial companies that cybersecurity equipment and solutions are compatible with each other, this guarantees conflict-free work as part of a single APCS, and in the complex - maintain the continuity of the technological process, - says Igor Dushova, technical director of InfoWatch ARMA . | |
According to the Federal Law "On the Security of the Critical Information Infrastructure of the Russian Federation" dated 26.07.2017 N 187-FZ, CIIs must be built and protected by domestic solutions. Therefore, companies that have begun building APCS and choose protective equipment need to pay attention to software and hardware complexes that provide protection against cyber attacks even in the event of a deliberate failure of equipment and a power outage.
| | Many AdvantiX customers are already preparing for the fact that they will have to switch to platforms that are secure in terms of information security and build solutions on a new architecture. We are ready to offer the industry domestic secure hardware platforms with compatible information protection tools . InfoWatch ARMA is an excellent example of when industrial systems have effective cyber protection, "said Dmitry Kabachnik, head of the AdvantiX industrial computer department . | |
Compatibility of InfoWatch ARMA Industrial Firewall with APCS from "Modular Tornado Systems"
InfoWatch ARMA, part of InfoWatch Group of Companies, on May 27, 2021 announced the confirmation of the compatibility of the InfoWatch ARMA Industrial Firewall software and hardware complex (PAC) for network protection of APCS against cyber attacks with APCS (automated production process control system) from the Russian manufacturer Modular Tornado Systems. As a result of compatibility tests, it was established that the use of the PAC of the domestic industrial firewall InfoWatch ARMA Industrial Firewall complies with all requirements for ensuring information security in the APCS and can be used in the APCS "Modular Tornado Systems" at critical facilities of industrial enterprises.
"Modular Tornado Systems" is a domestic developer of both software and hardware systems for APCS and turnkey APCS. APCS, with which compatibility tests were carried out, consist of, servers DB application server, AWS (automated workstation) operator and (PLC programmable logic controller).
| | According to Igor Dushov, Technical Director of InfoWatch ARMA, "ensuring the security of APCS at large industrial enterprises of the country is one of the priority tasks in the framework of the implementation of the 187-FZ" On the Security of the Critical Information Infrastructure of the Russian Federation " and the import substitution program . The compatibility of the products of two Russian vendors gives industrial enterprises two strong advantages at once: an effective and reliable solution to protect their industrial enterprises, as well as the ability to be one step ahead and implement protected domestic APCS, fulfilling the requirements and recommendations of Russian legislation. " | |
The InfoWatch ARMA Industrial Firewall allows you to timely detect and block attacks on APCS, attempts to exploit vulnerabilities, as well as protect against unauthorized actions in the industrial network. The product is included in the unified register of Russian software. As of May 28, it is being certified by the FSTEC of Russia (IT.SOV.S4.P3 and IT.ME.D4.P3 in the fourth level of trust).
ARMA Industrial Firewall 3.0 Compatibility with Phoenix Contact BL Rackmount 2U
On February 9, 2021, InfoWatch announced compatibility testing of the InfoWatch ARMA Industrial Firewall 3.0 industrial network cybersecurity software and industrial computer PHOENIX CONTACT BL RACKMOUNT 2U, which is used as part of APCS and is designed to solve a large range of tasks that require high reliability and performance of computing tools. Product integration allows you to create a single solution for building a reliable security system for CII objects.
As a result of compatibility testing of two products, it was established that they can be used within one hardware and software complex as part of the customer's APCS to protect industrial networks from unauthorized access by people or malware. A high level of cybersecurity is achieved thanks to the latest generation industrial firewall with built-in intrusion detection and deep inspection of industrial traffic packets. Simple and secure remote maintenance is possible thanks to the ability to create a VPN connection. The license is growing in accordance with the customer's needs: it is possible to choose the package of functions that is most suitable for specific information protection tasks.
| | InfoWatch ARMA's technological partnership with Phoenix Contact RUS will allow InfoWatch ARMA customers to significantly reduce the time to implement information protection tools for those APCS that already operate PHOENIX CONTACT equipment and fulfill the technical requirements of FSTEC of Russia in accordance with Order No. 239. approves InfoWatch ARMA CTO Igor Soul
| |
| | PHOENIX CONTACT BL RACKMOUNT 2U industrial computers are designed for use as AWS or servers in APCS networks, are manufactured Russia in and verified by many years of experience in oil and gas power application in and domestic. industries Cooperation with InfoWatch ARMA, which developed the latest generation InfoWatch ARMA Industrial Firewall, will allow our customers to provide cyber security FSTEC-certified protection and Russia build high-tech layered APCS protection and a closed software environment through which an attacker will not penetrate, much less execute malicious. This ON comprehensive approach will ensure localization attacks and minimize risks from its implementation. This opens up additional prospects and opportunities for our customers in the fight against cyber threats. said Denis Toivonen, head of Industrial Automation at Phoenix Contact RUS
| |
Infowatch received two state grants worth 186 million rubles
In January 2021, the Russian Foundation for the Development of Information Technologies (RFRIT) reported that InfoWatch became one of the winners of the competition for grants for the development of domestic software products. Grants for the development of IT companies are allocated by the Ministry of Digital Development within the framework of the federal project "Digital Technologies," the head of which is Deputy Minister Maxim Parshin.
In a press release, RFRIT indicated two grants to Infowatch - in the amount of 122.9 million and 69.5 million rubles. But later that month, RFRIT told TAdviser that the amounts of agreements concluded as a result with some winners of this competition differ from those previously indicated in the release - there were amounts for which the companies claimed. This also happened in the case of Infowatch. In fact, the company received grants of a slightly smaller volume than the one for which it claimed: about 118 million and 68 million rubles.
A grant of about 68 million rubles is intended to develop a new product of the company - a system for protecting critical information infrastructure (CII) objects from cyber threats InfoWatch ARMA.
The product consists of three software products for protection APCS at the network and dispatch levels: industrial, firewall means of protecting workstations and APCS servers, a single control center for the protection system.
Some of the modules by the beginning of 2021 have already been released and are being piloted at customer facilities, told TAdviser in Infowatch. By the end of 2021, the company will develop new functions for the current system modules and release new ones.
Infowatch also told TAdviser that the development of the new product took 5 years. As of the beginning of 2021, the system is fully ready for operation and is at the stage of piloting at the facilities of large corporate customers from the fields of power, transport, fuel and energy complex, industry.
| | The grant money will be used to develop and test new system functions in order to strengthen CII protection at Russian industrial enterprises, implement the requirements of key customers and increase compliance with the technical requirements of the FSTEC of Russia, TAdviser was specified in Infowatch. | |
The company notes that the system is a set of information protection tools linked into a single complex, adapted for work in industrial automation systems. Speaking about the key differences between InfoWatch ARMA and competing products, Infowatch notes that the components of its solution allow building a full-fledged layered (multi-stage) APCS protection, taking into account the technical requirements of FSTEC.
Protection at the industrial network level is provided by the InfoWatch ARMA Industrial Firewall with an integrated intrusion detection system and an industrial signature base, which is updated daily. Computer attacks on APCS equipment prevent InfoWatch ARMA Industrial Endpoint by organizing a closed program environment. And the InfoWatch ARMA Management Console allows you to manage system-wide information protection updates, manage incidents, and configure automatic incident response.
The automated response to incidents and the ability to prevent computer attacks distinguishes InfoWatch ARMA from other domestic solutions for protecting APCS, TAdviser said in Infowatch. And compared to analogues, the system supports a deeper analysis of the industrial protocols IEC 60870-5-104, IEC 61850 (MMS, GOOSE), Modbus TCP, OPC DA.
The system development plans include the development and testing of new functions that allow customers to automate incident management as much as possible in order to ease the burden on the information security department staff.
| | In 2021, we are going to increase the level of automation of user actions and improve the capabilities of visual analytics, which will allow faster detection of incidents, increase the speed and quality of response, including by minimizing the impact of the human detection factor, - told TAdviser in Infowatch. | |
The second grant, which the company received, in the amount of about 118 million rubles, is intended for the development of InfoWatch Auto DLP - the new functionality of the InfoWatch Traffic Monitor DLP system. Infowatch told TAdviser that this is a next-generation DLP system that will help an information security officer identify gray areas uncovered by information security politicians and make decisions on whether they need to be monitored and how to do it.
The company says that the uniqueness of the development integrated into InfoWatch Traffic Monitor is that it will not only provide an opportunity to identify and study the "gray" areas of information circulation in the company, but also how information flows change over time. Based on a deep analysis of this data, the self-learning system will automatically collect all the necessary information, offer its categorization and form holistic information security policies that at any given time very accurately close all potentially dangerous areas through which confidential information can "leak."
The declared date for the emergence of new functionality is 1 year.
| | We laid the prerequisites for the development of the system for a long time, in the form of such modules as, for example, an autolinguist, which we released on the market relatively recently. Initially, the general development was assessed by us at about three years and affected not only the study of "gray" areas, but also involved the study of the movement of these areas within the company and the automatic proposal of the formation of information security policies. If now we are making an "assistant" that will increase the efficiency and accuracy of the implementation, then in the future it will be a system that can implement itself, - told TAdviser in Infowatch. | |
2020
Integration of InfoWatch ARMA Industrial Firewall 3.0 with APCS of the "smart" building from Gradient Kilby
On December 25, 2020, the company, InfoWatch ARMA which is part of the GC, InfoWatch completed work on the integration latest firewall industrial generation InfoWatch ARMA Industrial 3.0 Firewall (part of the InfoWatch ARMA protection system automated control system) with the technological processes (APCS) of "smart" building of the Hybrid Institute power engineering specialists. Gradient Kilby More. here
Release of APCS cybersecurity solution
On November 5, 2020, the Civil Code InfoWatch announced the release of the comprehensive InfoWatch ARMA solution, which includes three products for providing (information security APCS automated process control systems), which can be both independent means and information protection be integrated among themselves. Thanks to the products - InfoWatch ARMA Industrial Endpoint and InfoWatch ARMA Management Console, as well as version 3.5 InfoWatch ARMA Industrial, Firewall a comprehensive solution allows you to build multi-stage protection of objects against. critical information infrastructure (CII) cyber threats The integration of all products ensures timely detection of threats and their prevention, as well as makes it possible to control the level of information security of the ASU TP of the facility CUES in the "one window" mode.
Industrial firewall InfoWatch ARMA Industrial Firewall with intrusion prevention function installed on all external I&C channels communications allows you to prevent network attacks from outside.
InfoWatch ARMA Industrial Endpoint is designed to prevent attacks using USB other removable media, and also limits the ability to launch without harmful ON loading the system with complex algorithms analysis. InfoWatch ARMA Management Console combines everything received from security tools information and provides industrial enterprises with the opportunity to automate response to incidents. Customizable response rules help you create information security incident response instructions that are understandable to dispatchers.
| | The main cyber attacks for industrial enterprises remain attacks through the corporate segment and malware delivery via USB. Due to the fragmented means of protection, many attacks go unnoticed, and the lack of qualified IB-personnel personnel deprives industrial enterprises of the opportunity to understand the huge amount of information coming from monitoring tools, "says Igor Soul, Director of Product Development for Information Protection at InfoWatch ARMA. - The release of the comprehensive InfoWatch ARMA solution allows industrial enterprises to build layered protection based on the completeness of data from all security tools. Integration of products makes it possible to combine information security events with information protection tools, build an incident management process and automate the response to them. The basic functions of the system, such as filtering at the application level of industrial protocols, limiting the running software and plug-in removable media, make it possible to create a closed environment for APCS operation and implement several levels of information protection. This seriously reduces the likelihood of attacks on industrial systems, ensuring their prompt detection at the incident level. | |
As digitalization accelerates at industrial enterprises, experts record an increase in the number of APCS vulnerabilities, and with it information security incidents. This indicates an increase in the risks of emergency situations, which could lead to a shutdown of key enterprises in the country and have catastrophic consequences for national security. Therefore, at the state level, the necessary security measures are taken, which are reflected in regulatory and legislative acts (No. 187-FZ, orders of the FSTEC of Russia No. 31, 235, 239). InfoWatch ARMA provides CII owners with tools that will allow them to fulfill up to 90% of the technical requirements of the FSTEC of Russia.
Compatibility InfoWatch ARMA Industrial Firewall 3.0 with AVSoft Athena
On October 8, 2020, the Civil Code InfoWatch announced testing for compatibility of the software and hardware complex for providing cyber security industrial networks InfoWatch ARMA Industrial 3.0 Firewall and - AVSoft Athena protection systems against targeted ones for attacks detection and analysis. harmful software Integration products allow you to create a single solution for building a reliable security system for objects, CUES taking into account the model of threats from two APCS types of attacks: mass and targeted. The solution includes all the necessary tools for this class of IPS: with deep firewall inspection of industrial traffic and a proxies function, an servers intrusion detection and prevention system (IPS) with a base of decisive rules for TP, streaming ASU and sandboxes. antiviruses
| | InfoWatch ARMA's technological partnership with AB Software will allow InfoWatch ARMA customers to protect themselves from "zero-day threats" by adding non-signature sandbox malware detection technologies to the functions of our product. This comprehensive approach significantly saves implementation time and costs. Both solutions are domestic and correspond to the vector for import substitution of SSI in CII. And we believe that this is a very important step for the entire industry. | |
Inclusion in the National Technology Initiative
InfoWatch ARMA has become part of a national technology initiative - a program to create conditions for ensuring the leadership of Russian technology companies in various markets. InfoWatch announced this on July 14, 2020.
For development within the framework of NTI InfoWatch ARMA chose the Technet industry technology market, where its specialists can ensure the competitiveness of domestic companies in high-tech industries. industries The main goals of the company are the acquisition of promising partnerships and technological development of solutions.
| | The Technet roadmap, adopted in 2018 as part of the NTI, is aimed at using end-to-end technologies in production. It covers digital design and modeling, new materials, additive and hybrid technologies, robotics, industrial sensor technology, industrial Internet, big data, artificial intelligence, production management information systems, etc. Our company and its solutions can be useful for large and medium-sized Russian production enterprises in terms of ensuring the operation of automated systems and protecting information in them. Therefore, all the funds received under the program will be used to refine our solutions, according to the requests and needs of potential customers from the industrial sector, "says Dmitry Anosov, CEO of InfoWatch ARMA. | |
Obtaining the status of a resident of the Moscow Innovation Cluster
On June 26, 2020, InfoWatch announced that its ARMA product received the status of an innovative project and became part of the ecosystem of the Moscow Innovation Cluster. Now the means of protecting industrial information security using InfoWatch ARMA are available to residents of the ecosystem and their partners.
InfoWatch ARMA is a domestic system for information security of industrial facilities of CII. The system includes an industrial firewall that not only detects unauthorized access to information in the industrial system, but also blocks malware, attacks and unwanted actions of users.
| | "We are grateful to independent experts for evaluating the innovation of our system and are pleased to join the domestic ecosystem of the Moscow Innovation Cluster. Given the specifics of our industry, we must constantly develop solutions that work to prevent threats of different complexity and to stay ahead of the actions of attackers. Every day our company works on the development of the InfoWatch ARMA system, complementing it with solutions and developing functionality. The MIC resident status confirms our commitment to creating innovative protection products against modern, complex and constantly evolving threats to information security. | |
| | We and our partners have repeatedly encountered the fact that Russian enterprises do not receive sufficient information about the protection systems of industrial networks, especially in terms of domestic solutions. Therefore, we expect from partnerships with the MIC the opportunity to convey to more information security professionals our protection practice using InfoWatch ARMA, and the support measures offered by the Moscow Government to residents will speed up this process, - comments Dmitry Anosov. | |
2019
Inclusion of InfoWatch ARMA Industrial Firewall in the Register of Domestic Software
On December 5, 2019, InfoWatch announced that the Russian InfoWatch ARMA Industrial Firewall solution, designed to protect information in automated process control systems, included the register of domestic software.
The company's product for information security industrial objects is recognized by the expert council Ministry of Telecom and Mass Communications of russia as fully complying with the rules for the formation and maintenance of a single register Russian programs for electronic computers and. databases
InfoWatch ARMA Industrial Firewall is designed to work in an aggressive environment and, according to the developers, provides reliable operation combined with high functionality and performance. This is the first product in the InfoWatch information protection line in APCS, which is an industrial firewall with an intrusion detection and prevention function.
| | According to Igor Soulov, Head of Product Development at the InfoWatch APCS Protection Systems Development Department, "the inclusion of the InfoWatch ARMA Industrial Firewall system in the register of Russian software is a necessary step indicating the correctness and legal legitimacy of our decisions." | |
InfoWatch ARMA Ecosystem Composition
As of December 2019, the InfoWatch ARMA ecosystem includes:
- InfoWatch ARMA Console: Unified Incident Management and Response Center
- InfoWatch ARMA EndPoint: Monitors the integrity of workstation and server software, running applications, and using removable media
- InfoWatch ARMA HoneyPot: A solution that emulates APCS to detect attempts to penetrate the network
- InfoWatch ARMA Sandbox: Virtual secure environment for running external files from unknown sources or removable media
- InfoWatch ARMA Industrial Firewall: Industrial firewall with intrusion detection (IDS/IPS) and routing.
- InfoWatch ARMA Expertise: APCS protection technology.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |