RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

NGFW Continent formerly APCS Continent

Product
Developers: Security Code
Last Release Date: 2023/04/26
Technology: VPN - Virtual private networks,  information security - Firewalls,  information security - Encryption tools

Content

2024

Obtaining the Russian FSTEC certificate for compliance with the requirements for class 4 protection

Tests of the FSTEC of Russia confirmed that NGFW "Continent 4" meets the requirements for firewalls for the type D protection profile of the fourth protection class (IT.ME.D4.P3). This was announced by the Security Code on October 28, 2024.

The final list of the fulfilled requirements of the FSTEC of Russia for NGFW "Continent 4" is reflected in the Certificate of Conformity No. 4496 dated 14.12.2021 (re-issued 11.10.2024): 4 level of trust;

  • Type A firewall of the fourth protection class
  • Type B firewall of the fourth protection class;
  • Type D firewall of the fourth protection class;
  • СОВ 4 classes of protection.

NGFW "Continent 4" can be used to protect significant objects of CII up to 1 category, ISDS up to 1 level, GIS up to 1 class and NPP up to 1G class inclusive.

To protect industrial networks, Continent 4 allows you to:

  1. In the filtering rules, specify signatures of industrial protocols (IEC-60870, IEC-62056, OPC-UA and others).
  2. Detect and block attacks on APCS networks, if necessary .

Netopia Firewall Compliance Compatibility

Netopia Firewall Compliance and Continent 4 NGFW Network Security Monitoring and Attack Vector Calculation Platform from Security Code have passed technological compatibility tests and interact effectively, ensuring that information security incidents associated with incorrect configuration are reduced. Netopia announced this on July 25, 2024.

As part of the integration, the Security Code provides an API for exporting configuration data for Continent 4 security nodes, and Netopia provides a network security control and attack vector calculation platform - Netopia Firewall Compliance, which visualizes the network infrastructure, calculates possible attack vectors and prioritizes vulnerabilities.

File:Aquote1.png
For our customers, the issue of supporting domestic firewalls is one of the key ones. Colleagues from the "Security Code" are open to cooperation, provided APIs and documentation, including on syslog. They are actively developing cooperation, which cannot but rejoice. We will continue to grow our technological partnership by solving the most difficult customer tasks, including migration, rule optimization, search and prioritization of attack vectors, "said Pavel Kirillov, technical director of Netopia.
File:Aquote2.png

File:Aquote1.png
The issue of ensuring security policy management is quite acute. Especially taking into account the need to migrate from foreign NGFWs to Russian ones, since the complexity of migration, among other things, depends on the number of portable firewall rules (ITU). The number of ITU and NAT rules is constantly increasing, and we often see installations with several thousand rules. Analyzing this manually is not an easy task. Therefore, our integration with Netopia Firewall Compliance allows us to make this task feasible, "said Dmitry Lebedev, leading expert of the product promotion department," Security Code. "
File:Aquote2.png

Integration testing was carried out on versions:

  • Continent 4.1.7.1395 and 4.1.9.2585,
  • Netopia FC 2.0.4

Added support for IPsec and IKEv2

The Russian information security vendor "Security Code" will add support for IPsec protocols and IKEv2 to the new version of the flagship product - NGFW "Continent 4.2." Thanks to this, the solution will be able to build protected networks with the products of domestic and foreign vendors for subsequent migration to Continent 4. Read more here.

High-performance platforms for NGFW "Continent 4"

Russian INFORMATION SECURITY-vendor Security Code"" is testing three new high-bandwidth platforms for NGFW "Continent 4." The first of them will be presented at the end of the summer of 2024 along with the new version of Continent 4.2. Read more here.

Start of sales of Continent 4.1.9 version

"Security Code" on April 23, 2024 announced the passage of certification and the start of sales of the version "Continent 4.1.9," which added a number of new protective mechanisms and network functions.

The added functionality in version 4.1.9 includes virtual routing (VRF), an explicit proxy server (Explicit Proxy), new sources of knowledge about threats. Tools for automating administrator work through the API were also added, the logging mechanism was redesigned, and a number of other functions were added.

This version has successfully passed the certification of the FSTEC of Russia. Certificate No. 4496 dated 14.12.2021 of FSTEC of Russia confirms compliance of Continent 4.1.9 with the requirements of guiding documents to:

  • 4 levels of trust;
  • Type A firewall protection profile of the fourth protection class;
  • protection profile of type B firewalls of the fourth protection class;
  • Protection Class 4 EPS requirements.

It is planned to conduct tests for compliance with the protection profile of firewalls of type D of the fourth protection class.

The product can be used to protect significant objects of CII up to 1 category, ISDS up to 1 level, GIS of up to 1 class and NPP up to 1G class inclusive.

Avanpost FAM Compatibility

On April 10, 2024, the company Avanpost announced that it Security Code had successfully tested the compatibility of products with NGFW Continent 4 and the system/. multifactor authentication Avanpost FAMMFA+ More. here

Continent 4.1.7.1525 passed certification tests of the FSTEC of Russia

The flagship product of the "Security Code" The next generation firewall (NGFW) "Continent 4.1.7.1525" passed the certification tests of the FSTEC of Russia and goes on sale. The developer announced this on April 3, 2024.

FSTEC specialists confirmed that the latest version of NGFW "Continent 4" corresponds to the protection profile of firewalls of type A of the fourth protection class, the protection profile of firewalls of type B of the fourth protection class, the requirements for CS of the 4th protection class, the 4th level of trust. Thus, this version can be used to ensure the security of significant objects of critical information infrastructure (CII) up to 1 category, personal data information systems up to 1 level, GIS up to 1 class and NP up to 1G class inclusive.

In the "Continent 4.1.7.1525" version, the Suricata package has been updated with a number of vulnerabilities fixed, the functionality has been optimized and several new features have been added. Among the key innovations:

  • Increased the allowed number of ARP records stored in the cache
  • Improved address allocation mechanism for connecting to the Access Server.
  • support for new versions of browsers for monitoring;
  • Optimized policy setting with a large number of bond + vlan interfaces on the cluster

Compatibility with Security Vision products

The Continent 4 Multifunctional Firewall (NGFW) from Security Code and the Security Vision Threat Intelligence Platform (TIP), User and Entity Behavior Analysis (UEBA), Security Orchestra, Automation and Response (SOAR) and Next Generation SOAR (NG SOAR compatibility was confirmed as a result of which they passed comprehensive testing. Security Vision announced this on March 21, 2024.

The integration of NGFW Continent 4 and Security Vision products will enable customers to:

  • receive network security events from firewalls and quickly detect related incidents and various network anomalies;
  • Ensure comprehensive monitoring and response to cybersecurity incidents

improved manageability of information security processes.

Integration includes the following interactions:

  • Network security events: Continent 4 sends data to Security Vision, the data format is syslog;
  • Incident Response: Security Vision blocks malicious IPs to Continent 4 by creating a prohibiting filtering rule or adding IPs to an existing network group (which is already used in network traffic filtering rules).

Additionally, commands for managing network objects (Host, Group, Service) are implemented. Integration is carried out through API Continent 4.

In addition to the standard, a technical platform-independent deployment of Continent 4 integration components and Security Vision products has been tested.

File:Aquote1.png
The key parameters of the value of the automation platform for the market are well-developed integrations with the most popular solutions. The integration of Continent 4 from Security Code and Security Vision products will provide greater market coverage with a comprehensive approach to customer infrastructure. By working out this integration in the "combat" environment, we literally responded positively to the customer's request and can confidently scale this practice, "said Marina Gromova, head of the Security Vision partner department.
File:Aquote2.png

File:Aquote1.png
NGFW is a key point for both the process of detecting an attacker and the process of responding. As part of building an open ecosystem, it is very important for us to strengthen cooperation with developers in this area. Securtiy Vision products are used by many of our customers, and we are glad to provide additional return on their investments, "said Pavel Korostelev, Head of Product Promotion, Security Code.
File:Aquote2.png

Traffic Analysis Module Development Plan

RuSat Automated Control Systems JSC will develop modules for analyzing the I&C traffic for the product of the IT company Security Code - Continent 4. This was reported to RASU on January 31, 2024. It is a comprehensive enterprise-level network security appliance that can be used across infrastructures, including high-performance ones such as data centers. Due to the addition of modules, the device can be used to ensure uninterrupted and safe operation of the APCS of key infrastructure facilities.

The fourth version of the "Continent" is the development of the Kontinent network protection complex, but at the same time it is a device of a different class - UTM, which consolidates a firewall, an intrusion detection system and a number of other security mechanisms on one hardware platform. Other key changes to the fourth generation of the product were an increase in firewall performance to 80 Gbps, as well as a completely redesigned centralized management and monitoring system.

File:Aquote1.png
The control systems of important industrial facilities pay special attention to the synergy of built-in and superimposed cybersecurity tools, with the firewall representing the "first line of defense" against potential cyber threats. Integration of industrial traffic analysis modules will allow using the complex as part of the APCS without a massive number of other hardware, including at nuclear facilities, "said Evgeny Dorofeev, Managing Director for Information Security and Trusted Digital Solutions of RASU JSC.
File:Aquote2.png

He also stressed the importance of exchange of expertise and cooperation in the development of solutions to ensure the sustainability of strategically important infrastructures.

File:Aquote1.png
Almost all APCS belong to key infrastructure facilities, therefore they require appropriate attention from the point of view of cybersecurity. A large number of control system protocols give exponential growth in signatures and combinations of likely attacks, so it is necessary to involve highly specialized laboratories to conduct appropriate analysis and formalization. JSC RASU is an unconditional leader in the field of APCS and will make a huge contribution to the security of such systems, "said Fyodor Dbar, Commercial Director of Security Code.
File:Aquote2.png

2023

Integration of "Continent 4" with PT Sandbox

The PT Sandbox from Positive Technologies and the Continent 4 firewall from Security Code have passed technological compatibility tests and can now provide layered protection of companies against complex cyber threats: ransomware, wipers, zero-day threats, rootkits, bootkits. Positive Technologies announced this on September 20, 2023. Read more here.

As part of PAC for safe data transmission in networks of CII facilities

Russian companies have tested a software and hardware complex (PAC), which provides secure data transfer in networks of critical information infrastructure (CII) facilities. The project was attended by information security vendors "Security Code" and "Gulf," manufacturers of telecom equipment "T-KOM" (part of Rosatom State Corporation) and QTECH, as well as IT and information security integrator "Incom." Representatives of the "Security Code" reported this on August 17, 2023.

The PAC operates on the principle of unidirectional data transmission. The primary input of data is through the QTECH switch (QSW-3750-28T-AC-R - controlled L2 + switch with 24 ports 10/100/1000Base-T and 2 ports 1000Base-X SFP), then the information flow is processed by the firewall and the Continent ACS crypto gateway. Through the T-COM switch (TPK-20-10/2-P - an industrial L2-controlled switch with 10 ports 10/100/1000Base-T and 2 ports 1000Base-X SFP (8 PoE 802.3af/at ports, PoE budget up to 240 W), type - POE-1), the data reaches the Industrial Diode PAC, which passes them to the protected segment of the corporate network and does not allow passing in the opposite direction.

File:Aquote1.png
PAC Industrial Diode of the Gulf company at the physical level provides data transfer only in one direction, which makes it an effective means for safe collection of APCS data and protection against external attacks at KII facilities, "said Denis Golovkin, director of business development at Incoma. - In this installation, "Continent 4" from the "Security Code" provides protection of the network perimeter and plays the role of a crypto gateway. Controlled T-COM and QTECH switches connect network devices into a single system.
File:Aquote2.png

Testing was carried out according to several parameters: correct file transfer, data transfer protection using the dynamic session control mechanism, the level of quality of detection and prevention of network attacks, compatibility of individual solutions during interaction. According to the results of the research, experts confirmed that the equipment meets the declared functionality and meets the safety requirements according to the standards of Russian regulators.

File:Aquote1.png
"T-KOM" confirmed the high quality and reliability of the industrial L2-controlled TPK-20-10/2-P switch in the complex of data transmission for networks of KII facilities, - said Alexey Matsnev, technical director of the company. - A high level of electromagnetic compatibility ensures that the switch is resistant to severe electromagnetic interference, and the passive cooling system is silent. During testing, the T-COM switch ensured uninterrupted data transmission to the PAC and will be in demand in APCS networks and at CII facilities to protect networks from incoming cyber attacks.
File:Aquote2.png

It is assumed that a comprehensive solution will be in demand in industries where companies collect information unilaterally. These can be software updates, receiving a signal from IP cameras outside the secure perimeter, incoming data streams from open sources. Among the areas of application: power, transport, health care, financial organizations.

File:Aquote1.png
After the departure of Western vendors, the development of domestic security systems has become a cornerstone in the protection of KII facilities, "said Fyodor Dbar, commercial director of Security Code. - The concept of unidirectional transmission is applied at enterprises where I&C operates, in Data Centers, in controllers, etc. With the help of this complex, Russian organizations will be able to avoid data leaks and stop activities.
File:Aquote2.png

Federal institutions have already become interested in the project. Issues about holding "pilots" at the sites of state organizations are being discussed.

"Continent 4.1.7" with the ability to add your own hashes of malicious files for streaming antivirus

A technical release of the NGFW version of "Continent 4" has been released. This was announced on April 26, 2023 by the company Security Code.

The Continent 4.1.7 version has added a number of protective mechanisms and functions that will even better ensure the safety of corporate users when working on the Internet and make it easier for the administrator to manage the complex.

Updated functionality in version 4.1.7:

  • Transparent Kerberos user authentication
  • Pre-configured Threat Intelligence features from the Security Code
  • The ability to add your own hashes of malicious files for streaming antivirus
  • Inspection of TLS 1.3
  • Separate address pools to connect remote users
  • Delimitation of access for connection to CCN via CC
  • Automate the transfer of major infrastructures from Continent 3 to Continent 4

Certification in Belarus

The products "Continent 4," vGate and Secret Net Studio from the Russian developer of information protection tools "Security Code" have been certified by the Operational and Analytical Center under the President of the Republic of Belarus and can now be sold in the republic. The developer company announced this on April 24, 2023.

Certificates for numbers BY/112 02.01. TR027 036.01 00750, BY/112 02.01. TR027 036.01 00746, BY/112 02.01. TR027 036.01 00747 for Continent 4, Secret Net Studio and vGate, respectively, confirm that all three products have passed the necessary test tests and meet seven regulator standards that cover several different areas of information security:

  • Software and hardware protection against malware
  • Anti-virus software
  • Router software
  • firewalls;
  • intrusion detection and prevention systems.

All certificates are valid until April 2028.

File:Aquote1.png
Passing certification tests and obtaining certificates itself is a long-awaited event both for the "Security Code" and for our Belarusian customers. Now we can sell Continent 4, Secret Net Studio and vGate in the Republic, - commented Oleg Kravchuk, director of work with foreign and strategic projects of Security Code. - OAC certificates confirm that our solutions meet the requirements for use in critical objects of informatization, state information systems, personal data systems.
File:Aquote2.png

2021: TrueConf Server Compatibility

On March 30, 2021, TrueConf announced that, together with the Security Code company, it ensured the compatibility of POTrueConf Server with solutions for creating and protecting VPN networks according to GOST - UPKS Continent 3.9 and Continent-AP. Read more here.

2020

Obtaining a patent "Method for organizing the operation of network equipment components for processing network packets"

The patent "Method for organizing the operation of network equipment components for processing network packets" is issued for the technology that is used in the high-performance firewall Continent 4. This was announced on May 20, 2020 by the "Security Code."

The patent documents the peculiarity of network packet processing technology, which provides a significant increase in firewall bandwidth. The technical result is achieved by changing the interaction of the processor with other components of the system, as well as loading only filtering rules suitable for processing a packet into the processor, which minimizes the transfer of data between the central processor and other components of the system.

The technology is implemented in the UTM complex Continent 4 as a high-performance NF2 screen that converts traffic filtering rules into prefix trees and provides a fixed packet analysis time regardless of the number of rules themselves.

Native package logic is not the only innovation used in the NF2 Continent 4 firewall. The DPDK suite of tools made it possible to bring the traffic filtering process into the user space and avoid performance degradation while increasing the total number of filtering rules for any type of traffic.

File:Aquote1.png
Now the administrator does not have to choose between security and system performance - our solution can provide maximum traffic processing speed under any conditions. To create your own firewall of this level required a large amount of time and effort of the development team,
told Sergey Lvov, Head of High Performance Solutions at Security Code.
File:Aquote2.png

Start of sales of UTM complex with support for cryptographic algorithms "Continent 4"

On April 9, 2020, the company Security Code"" announced the start of sales of the UTM complex with support the Russian cryptographic algorithms for Continent 4, designed for comprehensive protection of the corporate-level network. Continent 4 is the development of the line of network protection complexes of the Continent APCS, but at the same time it is a device of a different class - UTM, consolidating on one hardware platform, an firewall intrusion detection system and a number of other security mechanisms. Other key changes to the fourth generation of the product were an increase in performance to firewall 80 Gbps, as well as a completely redesigned centralized management and monitoring system.

According to the developer, according to the results of testing Continent 4, partners and customers positively assessed the UTM concept and the ability to use several security mechanisms at once on one hardware platform, The transformed, intuitive, centralized management interface, the simplicity and speed of VPN tunneling and also reported that they were ready to recommend Continent 4 to colleagues, since the product is not inferior not only to Russian, but also to foreign firewalls of the latest generation (NGFW).

Continent 4 is a key link in the Security Code's holistic approach to protecting modern corporate networks. Together with the VGate-based virtual environment microsegmentation system, the Continent TLS-based secure remote access system and the Secret Net Studio-based software perimeter, Continent 4 implements the zero trust concept. The concept provides for multi-level network segmentation and protection against attacks by advanced attackers.

In the near future, the complex will be submitted for certification in systems FSB Russia FSTEC and Russia to confirm the compliance of the Continent 4 ME of type "A" of class 4, SOV of the class 4 network level, CIPF of class KS2/KS3, with the requirements for trust levels.

Integration with the KuRait quantum key distribution system

The Security Code and KuWright specialists performed joint integration and successfully tested the compatibility of the Continent 4 corporate firewall and the KuWright quantum key distribution system. Read more here.

2019

Holistic Infrastructure Protection

UPKSH Continent Holistic Infrastructure Protection
UPCS Continent Server Infrastructure Protection
UPKSH Continent Client Infrastructure Protection

Continued sales of UPKSH "Continent" 3.7 with the certificate of FSTEC of Russia

On November 5, 2019, the company Security Code"" announced the continuation of sales of the products APKS "Continent" 3.7 and SOV "Continent" (APKS "Continent" version 3.7 (version 2), certified in the system. FSTEC Russia

UPKSH "Continent"

The period of validity of the certificate of the FSTEC of Russia No. 3008 on the APKS "Continent" 3.7 expired on November 1, 2019. In accordance with the Federal Law "On Technical Regulation" No. 184-FZ of December 27, 2002, the manufacturer is obliged to suspend or stop the sale of products if the validity of the certificate of conformity has expired, with the exception of products issued for circulation in the Russian Federation during the validity of the certificate of conformity.

According to Regulation 55 of the FSTEC of Russia, the certificate of conformity shall be terminated in the following cases:

  • failure of the applicant to submit materials confirming the elimination of non-compliance of the information security means with the information security requirements within the specified period;
  • non-renewal of the information protection means by the applicant within the established period of technical support;
  • the applicant's request to terminate the certificate of conformity.

The product APKS "Continent" 3.7 (versions 1 and 2), which is in the register of the FSTEC of Russia as a certified product and manufactured before November 1, 2019, can be sold after the expiration of the certificate of the FSTEC of Russia. The operation of such devices is allowed until the end of the declared period of technical support - 01.11.2022.

The specialists of the company "Security Code" sent a letter to the FSTEC of Russia with a request to give a detailed official comment on the continuation of shipments of the devices of the "Continent" APCS 3.7 (versions 1 and 2).

In addition, sales of the Kontinent software application 3.7 with a certificate from the FSB of Russia, which allows you to use the device to protect data transmitted over open communication channels, do not stop.

In the line of APKS "Continent" the most productive and functional version 3.9 is available, certified by the FSB of Russia as CIPF of class KS2 and FSTEC of Russia as a firewall of class A4 and SOV of the fourth class network level. By the end of 2019, it is planned to obtain certificates from the FSB of Russia for CIPF in class KS3 and class 4 firewalls.

Release of the Continent Enterprise Firewall 4

On August 1, 2019, Security Code announced the release of the Continent 4 corporate firewall, which is part of the Continent line, designed to protect the perimeter, segment the internal network, and encrypt communication channels between branches of large territorial-distributed companies and organizations.

"Security Code" announced the release of the corporate firewall Continent 4

According to the developer, the main thing in Continent 4 is the implementation of the concept Unified Threat Management (UTM). All mechanisms safety are integrated within one device, which allows you to radically simplify the network protection system.

According to the developer, key security mechanisms include:

The main features of Continent 4, noted by the developer:

  • Completely redesigned management system to administer a large security infrastructure
  • Dedicated monitoring subsystem for timely detection of attacks and detection of problems in the protection system
  • Integration c LDAP-servers to use user and group accounts to create a more effective access control policy
  • Powerful deep traffic analysis engine that detects more than 2,600 network applications
  • Operation of the intrusion detection system in transparent mode (without affecting the network topology)

According to the developer, a change in the operating system and a significant redesign of the network stack made it possible to achieve high performance. The bandwidth of the older platform is up to 50 Gbps in firewall mode and up to 11.5 Gbps in combined mode (simultaneous operation of the firewall, intrusion detection system, network application control system).

For the tasks of segmenting data center networks and protecting high-load networks, a software architecture of a high-performance firewall was developed and is under patent in August 2019. It allows you to provide firewall bandwidth up to 80 Gbps and, by translating the rule base into a prefix tree structure, its performance does not depend on the number of filtering rules.

Continent 4 actively uses the products of technology partners "Security Code." In particular, the mechanism for restricting access to malicious sites is implemented on the basis of Kaspersky Lab technologies.

As the developer noted, continent 4 will be certified by the FSTEC of Russia and the FSB of Russia.

File:Aquote1.png
"Continent 4 is a platform on the basis of which Russian customers will be able to consolidate network security mechanisms. A completely domestic origin allows it to be used within the framework of import substitution programs. High performance and efficiency will provide protection against existing threats without affecting the operation of the existing infrastructure, and the technological groundwork will protect against future threats, "
File:Aquote2.png

2017

UPKSH "Continent" beta version 4.0

The Security Code announced in December 2017 the release of the Continent 4.0 beta, a centralized complex for protecting network infrastructure and creating VPN networks using GOST encryption algorithms. It is noteworthy that the release date of the product coincided with the anniversary of one of the key regulators of the information security market - the FSB, one of the largest licensees of which is the "Security Code."

Continent 4.0 is a new generation centralized complex for protecting network infrastructure and creating VPN networks using GOST encryption algorithms. The key changes in the fourth generation of the product - with the same hardware resources - were:

  • Up to 40Gb/s firewall performance
  • Using a hardware crypto accelerator for GOST encryption, which made it possible to achieve encryption performance of 20Gbps
  • New management interface and a separate dashboard
  • Integration with Active Directory
  • IP address reputation-based traffic filtering
  • Network Application Control

The Continent 4.0 complex will meet the expectations of Russian customers in terms of productivity growth and functionality expansion. Security Code experts are convinced that the constant development of the IT infrastructure increases the requirements for perimeter protection and communication channels. In particular, a recent study by company analysts demonstrated that when choosing network security tools, the priority requirements are: the presence of advanced centralized system management and monitoring, stability and high-quality technical support, a high level of protection and performance.

Testing the quality of communication in the network under the protection of the KPCS "Continent"

In August 2017, it became known about testing the quality of communication in the network under the protection of the KPKSH "Continent."

Univef, together with the Security Code company, conducted bench tests of the functioning of the communication channels of the network environment, protected using the hardware and software encryption complex (ACS) "Continent." Channel testing was carried out using the Univef SLA communication service quality control system.

UPKSH "Continent" 3.7 (2017)

During the tests, the stability of the operation of a typical configuration of a secure network was checked when measuring traffic passed through the Continent complexes, which were used as duct-forming equipment. With the help of the Univef SLA system, quality parameters significant for the operation of information services such as packet delay time, delay variations (jitter), packet loss level, bandwidth and others were measured. In addition, the absence of the influence of measurement traffic on the encrypted user stream was checked.

According to the results of all tests, it was recorded that the use of the "Continent" ACS as channel-forming equipment of the network does not affect the process of measuring and assessing the qualitative characteristics of communication channels. At the same time, it was found that the presence of user traffic does not distort the measurement results obtained by the Univef SLA system, and the process of these measurements itself does not affect the parameters of the quality of transmission of working traffic within a protected network loop.

Thus, the study showed that in the network infrastructure protected by the Continent ACS, it is possible to ensure metrologically correct quality control of communication channels using the Univef SLA complex without compromising the main traffic.

File:Aquote1.png
"One of the most important requirements for network security tools is that the parameters of the protected traffic are not affected. When developing the Continent ACS, we minimized the negative impact on the transmitted data. And independent testing confirmed the results we received. "

Kirill Kodanev, Security Code Product Manager
File:Aquote2.png

File:Aquote1.png
"The Univef SLA system is originally designed to work in various network configurations. Joint testing with colleagues from the Security Code company confirmed the capabilities of our solution for correct monitoring of the quality of communication channels protected using not only firewalls, but also cryptographic tools, in particular, the Continent ACS.

Igor Vershinin, Head of Product Development at Univef SLA
File:Aquote2.png

UPKSH "Continent 3.M2"

On September 6, 2017, the Security Code company announced the release of the Continent encryption hardware and software complex 3.M2. The updated version has features that make it easier to implement and operate VPN networks of increased security. Among them - prioritization of traffic and increasing the performance of devices due to the use of a software crypto accelerator.

KPKSH "Continent" 3.M2 is a centralized complex for creating VPN networks of an increased level of security using GOST encryption algorithms.

This version of the product is distinguished from the previous version (3.M) by the following functionality:

  • Encrypt traffic without changing the network topology with a cryptocommutator (L2 VPN)
  • working with fault-tolerant communication channels;
  • Support for dynamic routing protocols
  • prioritization of traffic;
  • support for information exchange between subnets using the same address space;
  • implementing a DHCP service capable of operating in both server and relay mode;
  • high efficiency of devices owing to use of a software crypto accelerator.

The product has already been certified FSB Russia (SF/124-3183). The document confirms that the KPKSH "Continent" version 3.M2 meets the requirements of the FSB of Russia cryptographic information protection for KV class tools and can be used for cryptographic protection of information that does not contain information constituting a state secret.

File:Aquote1.png
Security Code experts have been observing increased demand for advanced security encryption for several years. At the same time, we understand that for the convenience of operation and continuous operation of networks, it is necessary that solutions are built on the basis of modern network technologies. The Continent product will 3.M2 allow, on the one hand, to satisfy the demand for protective equipment of the required class, on the other hand, to provide convenient management, "commented 3.M2 Kirill Kodanev, Product Manager of the Security Code, on the release of the Continent software and software.
File:Aquote2.png

Integration with NeuroDAT SIEM

On August 28, 2017, the Security Code company announced the integration of the Continent attack detector and the NeuroDAT SIEM information security monitoring system developed by the Information Security Center. A comprehensive solution allows security personnel to detect potential threats in a timely manner by consolidating all information security events into a single repository.

SIEM Security Information and Event Management products are used to consolidate and correlate events from various information protection tools; their presence is one of the key factors in improving the efficiency of the organization's information security system.

When creating a joint solution, the companies set themselves the goal of optimizing the detection of computer attacks and increasing the speed of obtaining data in the event of a security violation, and also sought to choose the optimal tool for correlating information security events.

The main features of the Continent ACS are centralized management, the ability to block network attacks, as well as high performance. Compatibility testing of Kontinent and NeuroDAT SIEM was carried out on a dedicated segment of the corporate network of the organization with an Internet connection. During the integration, CBI specialists developed a connector for receiving data on security events using the Syslog protocol and rules for registering incidents based on events registered by the Continent ACS.

According to the "Security Code," the use of a joint solution provides ample opportunities to fine-tune the rules for registering incidents based on data received from the Continental ACS and from third-party information protection tools supported by NeuroDAT SIEM.

File:Aquote1.png
Increasing awareness of information security incidents, prompt response to attacks and neutralization of these attacks at the initial stages - we set ourselves such goals when integrating NeuroDAT SIEM and the Continental Emergency Response System. Now we announce the achievement of these goals, we are ready to further respond to the current requirements of the information security market, "commented Kirill Kodanev, product manager of the Security Code company, on the creation of an integrated solution.
File:Aquote2.png

File:Aquote1.png
The main goal of the integration of NeuroDAT SIEM products and the KPCS "Continent" was to expand the sources of information security events that are integrated with NeuroDAT SIEM. This will allow potential users to more flexibly approach the choice of information protection tools that are planned to be introduced into information systems, "said Ivan Aksenenko, head of the Information Security Center company.
File:Aquote2.png

UPKSH "Continent" 3.7.6

On January 18, 2017, the Security Code company announced the completion of the certification procedure for UPKSH Continent 3.7.6 for compliance with the requirements of the FSTEC of Russia for firewalls. The Russian FSTEC Certificate No. 3008 confirms that the Kontinent encryption hardware and software package version 3.7.6 meets the requirements adopted by the Russian FSTEC in 2016.

The product is certified as Class 3 Protection for Network Layer Firewall Firmware (Type "A") and Class 3 Protection for Network Layer Intrusion Detection Systems.

The certificate makes it possible to use the "Continent" ACS version 3.7.6 when creating the ISDS up to and including UZ1, GIS up to and including class K1, APCS up to and including class K1, NP up to and including class 1V security (guestine with the "secret" stamp), as well as public information systems (IS OP) of class 2. In the process of preparing the product for the fulfillment of new requirements, several significant improvements were implemented. Thus, to improve the efficiency of the firewall, the process of inspecting the SSL protocol was provided. As a result, the firewall can decrypt and check the contents of encrypted user sessions on the fly.

The Continent ACS 3.7.6 implements detection and blocking of network application traffic, which significantly increases the filtering efficiency of those that do not depend on a specific network port. In addition, the administrator can now create traffic filtering rules based on HTTP (S) and FTP commands and thus increase the efficiency of controlling user access to the Internet. The updated product also integrates the attack detector and crypto gateway with the firewall function. Now, when a threat is detected, the attack detector can give the firewall on the Continent crypto gateway a command to create a temporary rule to filter the traffic of the source of the attack.

File:Aquote1.png
The FSTEC of Russia strengthens the requirements for information protection tools, which contributes to increasing the level of security of the IT infrastructures of Russian organizations. The development of products and their functionality in accordance with the requirements of the regulator, as well as ensuring the convenience of implementation and operation are our priorities.

Kirill Kodanev, Security Code Product Manager
File:Aquote2.png

2015

The hardware platform of the "Continent" APCS has been updated IPC-100

In May 2015, the Security Code announced a planned update of the Continent IPC-100 hardware platform (S102), designed to protect the enterprise network and build virtual private networks (VPN).

The new generation of Continent hardware platforms IPC-100 (S102) is built on a modern processor and a set of Intel system logic, has increased performance thanks to increased RAM - up to 4 GB and SATA DOM disk up to 4 GB.

"Updated platform" Continent "IPC-100 received a multi-line LED-indicator to display the operating modes of the complex, which makes it possible to simplify the task of operational monitoring of the system state, and thanks to the transition to the use of PAC" Sobol "in the Mini PCI-E form factor, the design of the hardware platform has become much simpler, which generally made it possible to increase the reliability of the system. In the future, the updated hardware platform "Continent" IPC-100 (S102) will also be used for the production of APKS "Continent" 3.M2 - a specialized solution developed under the requirements of CIPF class KV2 (model of the violator of the N5), "said Alexander Nemoshkalov, Head of the" Network Security "department of the company" Security Code. "

The Continent platform IPC-100 (S102) has already arrived at the warehouse and is available for order with the software of the Continent software system version 3.7. The Continent IPC-100 (S102) is also compatible with the software of the Continent software version 3.6 ((build 3.6.91.0), previous builds 3.6 are not supported).

The updated hardware platform "Continent" IPC-100 (S102) complies with the regulatory requirements, which is confirmed by the current certificates of the FSTEC and the FSB of Russia issued for the Kontinent APPCS 3.6 and the Kontinent APCS 3.7.

UPKSH "Continent" 3.7 certified in the FSB of Russia as CIPF in class KS3 and as ME in the 4th class of security

In May 2015, the Security Code company announced that it had received certificates from the FSB of Russia from 20.05.2015 No. SF/124-2617 and No. SF/525-2618 confirming the compliance of the Continent Encryption Hardware and Software Complex. Version 3.7 "Requirements for encryption (cryptographic) means designed to protect information that does not contain information constituting a state secret for class KS3 and requirements of the FSB of Russia for devices such as firewalls for class 4 security.

Certificates of conformity of the FSB of Russia dated 20.05.2015 No. SF/124-2617 and No. SF/525-2618 allow the operation of the Kontinent APKS 3.7 as CIPF for class KS3 until May 20, 2018 and as ME for class 4 protection until May 19, 2017. The validity of the received certificates of conformity of the FSB of Russia applies to the entire range of hardware platforms of the KPKSH "Continent."

Continent 4.0

On November 20, 2015, Security Code announced the launch of the Continent 4.0 intrusion detection system with an upgraded audit and monitoring system.

The system operates in the network security segment and supports cluster configurations with load balancing, whereby 10 Gb/s performance can be achieved. The product is focused on large organizations with a distributed branch network, supports hierarchical management and event logging.

Intrusion detection system - the first product in the "Continent" line 4 version. According to the company, in the near future the product will include a cryptographic information protection subsystem and a firewall - Continent 4 will become a comprehensive modular solution for ensuring network security, by analogy with Secret Net Studio - for endpoint protection.

APKSH "Continent" admitted to SMEV

On November 26, 2015, the Security Code company announced the inclusion of its products in the list of cryptographic equipment permissible for connecting to the electronic government infrastructure and the interdepartmental electronic interaction system (CMEV) - the Ministry of Communications and Mass Media of the Russian Federation gave the go-ahead .

This act will allow participants in interdepartmental electronic interaction to choose the method of connection from the equipment they have, avoiding additional costs.

UPKSH "Continent" (2014)

As part of the development of the Unified System of Interdepartmental Electronic Interaction (SMEV), the Ministry of Communications and Mass Media of the Russian Federation has expanded the list of cryptographic equipment with which you can connect to the electronic government infrastructure (IEP). In particular, the list of solutions includes the Continent family of products developed by the Security Code company, designed to maintain network security.

The decision is due to a number of properties of the "Continent" ACS. Among them:

  • high platform performance,
  • The ability to support the protection of state-of-the-art communications applications, combined with ease of implementation and operation.

One of the factors of choice was the availability of the necessary certificates of the FSB and FSTEC of Russia by the KPKSH "Continent."

Fyodor Dbar, Commercial Director of Security Code, commented on the decision of the Ministry of Communications of the Russian Federation:

- We have been working with large state structures for more than 20 years. Typically, such organizations have been users of certain products for a long time. The ability to connect to (SMEV) subnets built on the Continent APCS will significantly facilitate our customers the task of quickly launching interdepartmental interaction processes and will allow them to save significant resources, both financial and technological. This is especially important right now, in a difficult economic situation. The role of SMEV cannot be overestimated: this system allows federal, regional and local authorities to electronically exchange the data necessary to provide public services to citizens and organizations.

2013

UPKSH "Continent" 3.7

An intrusion detection system (IDS) that meets the requirements of the Russian FSTEC for Class 3 IDS will be added to the Kontinent version 3.7, and firewall mechanisms will also be implemented that also meet the requirements of the Russian FSTEC for Class 2 firewalls (ME).

This was announced on August 1, 2013 by the Security Code company.

The data protection developer announced the transition to iterative development of information protection tools, which will allow the company to completely update the product line and release a number of new products by the end of 2013.

Continent Intrusion Detection System 3.7

  • high-performance crypto core with VPN performance up to 3 Gb/s (for IPC-3000F platform);
  • load balancing between several crypto gateways to achieve cryptographic traffic processing performance at speeds greater than 10 Gbps;
  • IPv6 support and other new features.

The basis of the Continent intrusion detection system is:

  • SNORT, an open-source network intrusion detection and prevention system that parses and analyzes traffic to detect attacks;
  • a regularly updated signature database from EmergingThreats;
  • a proprietary heuristic analyzer that improves the quality of attack detection and reduces the number of false positives;
  • Network Management Center, which provides remote configuration and monitoring of the Continent DA modules.

The company "Security Code" reported in July 2014 that the "Continent" complex passed certification tests for compliance with the requirements of the Ministry of Telecom and Mass Communications of Russia and received a certificate of compliance No. OS-2-SPD-1346, valid until June 18, 2017.

The certificate confirms that the Continent Information Processing System version 3.7 complies with the Rules for the Use of Information Packet Switching and Routing Equipment, approved by Order of the Ministry of Communications of Russia dated 06.12.2007 No. 144, with amendments dated 23.04.2013 No. 93.

2010

UPKSH "Continent IPC-100"

The hardware platform of the "Continent" APCS IPC-100 allows user companies to gain additional advantages when using the "Continent" hardware and software cryptographic gateway (APCS) to build cryptographic information protection systems . The innovations of December 2010 had a positive effect on the reliability and performance of the Continent software and software complex, and will also help companies solve the problems of improving the energy efficiency of their IT infrastructures.

The updated hardware platform IPC-100 uses a modern processor Intel Core 2 Duo with a frequency of 2.8 GHz, a 1066 MHz bus, a L2 3MB cache, and a DDR3 1333 MHz RAM of 1GB. Thanks to the use of high-performance processors and memory, the developer managed to increase the performance of encrypted traffic processing up to 250 Mb/s.

Along with increased performance, the energy efficiency of the Continent UCS based on the updated IPC-100 platforms has been improved. The power consumption of cryptoschips decreased from 350W to 270W.

The improvements also affected the network interfaces of the hardware and software complex: the total number of ports was brought to 8, two of which are intended for use with SFP optical modules, this allows the use of the Continent IPC-100 crypto gateway for cryptographic protection of information transmitted via optical communication channels, without using additional media converters. This innovation simplifies the integration of Continent crypto-gateways into the customer's existing network infrastructure and reduces the likelihood of failure, as well as reduces the amount of additional equipment required.

The updated Continent IPC-100 platform is specially designed and developed taking into account the specifics of the operation of crypto-gateways in unattended mode, as well as taking into account the requirements of high reliability. The solution is designed with high-quality components, which increases the MTBF by 4 times compared to the previous generation of IPC-100 platforms and amounts to 40,000 hours.

Data transfer rate of "Continent" UFCS IPC-100

  • Performance VPN (mode) enciphering - up to 250 Mbps
  • ME performance (open traffic) - up to 400 Mbps

Network interfaces of the "Continent" APCS IPC-100:

  • 6x 1000BASE-T Gigabit Ethernet copper, with RJ45 connectors
  • 2x 1000BASE-X Gigabit Ethernet optical, with SFP connector for transceiver installation

UPKSH "Continent" (version 3.5, UVAL.00300-104)

In June 2010, the Security Code company reported that the Continent APKSh (version 3.5, UVAL.00300-104) received a certificate of conformity of the FSB of Russia for class KS2 CIPF. The obtained certificate confirms that the hardware and software means of cryptographic protection of information of the KPKSH "Continent" version 3.5 meets the requirements of the FSB of Russia for class KS2 CIPF. According to the certificate, the Continent ACS can be used for cryptographic protection (generation of key information, encryption and imitation protection of data transmitted in IP packets over common data transmission networks, as well as for managing key information) of information that does not contain information constituting a state secret. The certificate is valid until 09.05.2013.

This certificate makes it possible to use CIPF "Continent" version 3.5 to create automated systems that meet the requirements of the regulator of the FSB of Russia.

The Continent ACS is a comprehensive solution that combines a VPN gateway, firewall, and static router. The complex includes a software VPN client "Continent AP" (Continent Subscriber Point), designed to organize access of remote employees to the resources of corporate information systems, through virtual private networks (VPN) based on global public networks using TCP/IP family protocols.

What's new in version 3.5:

  • The protocol of interaction between CSh has been changed. Instead of the IP250 protocol, communication between KSh over the UDP protocol is implemented, which greatly simplifies the configuration of firewalls located on the traffic path;
  • Added the ability to filter IP packets by regular expressions for application protocols (for ftp and http protocols);
  • Support for the IP options field in the header of the IP packet used in the MSVS OS is implemented, due to which the compatibility of the Continent ACS version 3.5 with the MSVS OS is achieved;
  • Support is provided for correct shutdown of the KSh power supply when working with uninterrupted power sources in the event of a long-term power failure;
  • Added the ability to change the external address of the working cryptographic gateway;
  • PPPoE support for the CCN has been added;
  • Added support for dynamic assignment of KSh addresses to the external interface;
  • Improved support for the OSPF dynamic routing protocol.

Continent 3.M

The hardware and software encryption complex "Continent 3.M" (UVAL 00300-94) passed certification tests at the end of 2010 and received a certificate of the FSB of Russia (No. SF/124-1598), confirming compliance with the requirements for encryption (cryptographic) means designed to protect information that does not contain information constituting a state secret, according to class KV2 CIPF. UPKSH "Continent 3.M" (UVAL 00300-94) also has a certificate of compliance (No. SF/515-1531 of October 4, 2010) with the requirements of the FSB of Russia for devices such as firewalls of class 4 security and can be used to protect information from unauthorized access in information and telecommunication systems of state authorities of the Russian Federation.

The SF/515-1998 certificate from the 30.09.2012 for the KPKSH "Continent" version 3.M confirms compliance with the requirements of the FSB of Russia for devices such as firewalls according to the 4th class of security and can be used to protect information from unauthorized access in information and telecommunication systems of state authorities of the Russian Federation. The certificate is valid until 20.10.2015.

Appointment

  • Integration of enterprise local networks via the Internet into a single VPN network;
  • Connecting remote and mobile users to VPN over a secure channel;
  • Sharing of access between information subsystems of the organization;
  • Organization of secure interaction with third parties;
  • Secure remote management of routers.

Continent of IPC-25

The updated Continent IPC-25 hardware platform is based on an Intel Atom D425 processor with a clock speed of 1.8 GHz, a L2 cache of 512KB, low power consumption (TDP 10W) and DDR3 1333 MHz RAM of 1GB and is equipped with 4 10/100/1000 Ethernet ports.

With the use of a modern Intel Atom processor in combination with DDR3 RAM, Security Code has managed to create a highly efficient compact system with low power consumption (no more than 20W) and sufficiently high performance. The updated platform is equipped with a low-noise intelligent cooling system, which allows it to be used in office premises or at workplaces without compromising the comfort of employees, including in projects to protect personal data to ensure cryptographic protection of information transmitted over open communication channels using the Internet.

The updated Continent IPC-25 platform is equipped with 4 10/100/1000 ports Ethernet. In addition to the usual ability to segment networks, this will allow users to use the expanded functionality of reserving a communication channel and balancing outgoing traffic between several providers, which is being implemented in the Continent software and software application system version 3.6, which is currently being developed. The new version ON of Continent 3.6 will go on sale after the certification process is completed in the first quarter of next year, "said Alexander Nemoshkalov, product manager at Security Code

Thanks to its compact size of 175 x 210 x 50 mm (GxHxV), support for round-the-clock operation, unattended mode and low power consumption, the updated Continent IPC-25 platform is best suited for embedded applications in such projects as: ATM protection, automated industrial equipment management systems, video monitoring and crime detection systems, etc.

The Continent IPC-25 platform is specially designed and developed taking into account the specifics of the operation of crypto-gateways in unattended mode, as well as taking into account the requirements of high reliability. The solution is designed with high-quality components, which increases the MTBF by 4 times compared to the previous generation of IPC-25 platforms and amounts to 40,000 hours.

Data transfer rate:

  • Performance VPN (mode) enciphering - up to 30 Mbps
  • ME performance (open traffic) - up to 85 Mbps

Network interfaces: 4x 1000BASE-T Gigabit Ethernet copper, with RJ45 connectors

The updated Continent IPC-25 hardware platform will go on sale from July 1, 2011, and at the same time, from June 6, orders for two and three-port Continent IPC-25 platforms of the previous generation will be discontinued.

VPN gateway UFCS "Continent" 3.6

In Continent 3.6, priority is given to the development of network capabilities of the product, more than 20 innovations have been implemented, including:

  • provision of fault tolerance of external communication channels (protection of external WAN and VPN channels, monitoring of WAN, VPN links status), automatic switching of CS to the standby channel;
  • Balancing outgoing open traffic between external links (MultiWANs) according to specified routing policies
  • Support for RIP, BGP, OSPF dynamic routing protocols with centralized configuration and monitoring
  • Full QoS support with advanced queue management and queue congestion protection
  • multicast routing support, which makes it possible, for example, to transmit video streaming traffic from a single source to multiple recipients for use in real-time online monitoring systems;
  • Support for VPN virtual channels with prioritization capability (up to 32 VPN virtual channels with independent cipher queues), enabling efficient high-priority traffic (VoIP) and guaranteed bandwidth redundancy
  • In the access server settings, you can specify the addresses of DNS servers on the secure subnet to be used by the subscriber stations. Users "Continent AP" after establishing a secure connection can access protected resources by DNS names;
  • The "AP continent" installed on computers on a secure network can connect to the access server, this allows you to create superimposed, cryptographically secure networks in cases where the organization's local network is not structured;
  • added the ability to change the external address of the CCN by means of centralized control, which allows you to make a painless transition when changing the provider or changing the IP address of the CCN.

The changes also affected the centralized management interface of the Continent ACS, in version 3.6 it is possible to logically group objects by various features, for example, by geographical or organizational affiliation, it is possible to create a hierarchy of groups of cryptographic gateways, which makes it possible to significantly simplify the process of administering a large number of objects for networks consisting of several thousand crypto-gateways (CS).

The key management scheme has undergone changes: the convenience of operation has been increased, the possibility of unscheduled key changes to the KS by means of centralized control from the network management center (CCN) has been implemented, which does not require the local presence of the administrator on the KS. You can also change KSh keys automatically on a schedule or manually. PAK "Sable" or key notebook RDP-006 can be used as the source of the initial key information for the CUS initialization.

In Continent 3.6, the performance and scalability of the complex is significantly increased, the CCN on the hardware platform IPC-1000 allows you to organize a network of up to 5,000 (five thousand) crypto gateways, the access server (SD) on the platform IPC-1000 provides the ability to simultaneously connect up to 7,000 (seven thousand) users "Continent AP."

The new version is compatible to the majority of the hardware Continent platforms and supports a possibility of the centralized remote updating with ON "Continent" 3.5 for the following platforms: IPC-25 (MS9830), IPC-25 (MS92D9), IPC-100 (G560), IPC-100 (MS92E3), IPC-400 (MS9297), IPC-1000 (x3650M2), IPC-1000 (MS9297), IPC-1000F (MS9297), IPC-1000F2 (MS9297), IPC-1010 (MS9297).

Users of the "Continent" APCS with valid technical support for the "basic" level will be able to purchase a new version on preferential terms, users with valid technical support for the "extended" level will receive the new version free of charge, as part of the maintenance contract.

A positive conclusion (extract 149/3/2/1-7229 dated May 21, 2012) confirms the compliance of the KPKSH "Continent" version 3.6, "Requirements for encryption (cryptographic) means designed to protect information that does not contain information constituting a state secret," according to the CIPF class KS2 in versions 1, 2 and according to class KS3 in version 3. The conclusion obtained authorizes the operation of CIPF "Continent" version 3.6 (RU.88338853.501430.001) until April 30, 2017.

Description

ACS Continent (hardware and software encryption complex "Continent") is a hardware and software complex that allows you to ensure the protection of the organization's information networks from intrusion by data transmission networks (Internet), confidentiality when transmitting information over open communication channels (VPN ), organize secure access for VPN users to public network resources, as well as secure interaction of networks of various organizations.

Links