Group-IB and Beeline: Cyber Threat Protection Service

Main articles:

• Antiviruses
• Technology antispam
• Firewall
• Security Information and Event Management (SIEM)
• SaaS - History. Philosophy. Drivers of development

2020: Service Launch

On December 16, 2020, Group-IB, an international company specializing in the prevention of cyber attacks, announced that together with Beeline Business (a structural unit of VimpelCom PJSC), it launched Cyber Threat Protection Service, a cloud-based cyber threat protection service for operator customers from the medium and large business segment. The service is implemented on the basis of a comprehensive Group-IB Threat Hunting Framework solution, capable of protecting the company's network and employee workplaces, including remote ones, through patented technologies for detecting cyber attacks and immediately responding to an incident.

Beeline Business launched Cyber Threat Protection Service. Photo: rostov.plus.rbc.ru.

According to the company, the Group-IB and Beeline Business service implements the following solution delivery format: the operator's client does not need to install any hardware or software modules on its side in order to ensure Enterprise level cybersecurity. The service is connected and implemented on Beeline Business cloud computing facilities.

The key tasks that Group-IB Threat Hunting Framework (THF) solves are detecting previously unknown threats and targeted attacks, blocking detected threats, and providing automated tools for detecting related threats both inside and outside the company's protected perimeter.

Cyber Threat Protection Service, "created by us together with Group-IB, allows us to detect various types of cyber threats: exploits, Trojans, backdoors, malicious scripts, hidden data channels, phishing links and attacks using legitimate tools. noted Evgeny Korobov, Director of Business Development, PJSC VimpelCom

The joint "cyber threat protection service" Group-IB and Beeline Business is a solution in the Russian market according to the service model for companies from the medium and large business segment, which effectively protects the IT infrastructure from targeted attacks, including encryption viruses, bank trojans, spyware, etc. Previously, protection of this class was available exclusively for corporations as part of expensive hardware and software systems.

The technological basis of the service is our development, Group-IB Threat Hunting Framework (THF), which relies on its own proprietary technologies. The system provides intelligent analysis of network traffic, e-mail, transmitted files and is able to block complex threats at the time of distribution. World-class detectability and attribution of attacks. stressed Nikita Kislitsin, Head of Network Security Department Group-IB

Group-IB THF provides analysis of all necessary data flows, performing global threat search both inside and outside technological and corporate networks.

In addition to analytics and algorithm-machine training, the effectiveness of the solution is based on threat data from the Group-IB Threat Intelligence & Attribution cyber threat monitoring, forecasting and analysis system

All anomalies identified by the solution are transmitted to CERT-GIB (Cybersecurity Incident Response Center), whose specialists analyze the flow of calls in 24/7 mode.

The Group-IB threat detection service includes 2 packages - "Standard" and "Advanced." The first provides customers with mail protection: monitoring letters to malware, blocking phishing links and the ability to use patented technology to "detonate" suspicious files in an isolated environment, causing it to run as fully as possible to extract attack indicators and further investigate the detected threat.

The Advanced package additionally includes network traffic protection: analysis of all files downloaded from the Internet, as well as detection of anomalies in network interactions of the client infrastructure with external servers.

The Group-IB Threat Hunting Framework is a solution for unified enterprise protection: from traditional IT segments to remote employee workstations and technology segments (OT networks) of production enterprises. An integrated security platform using "artificial intelligence" technologies sets common security standards for such different environments.