PT Sandbox protects Pulkovo Airport IT infrastructure from malware

2023: PT Sandbox Implementation

LLC "Air Gate of the Northern Capital," the main operator of Pulkovo International Airport, uses the PT Sandbox network sandbox to protect e-mail from malicious investments, illegitimate links and controls the receipt of files into the organization's contour. Positive Technologies announced this on November 29, 2024. With the help of the Positive Technologies product, the information security service controls the content (files and letters) entering the organization, detects and blocks malware, including complex and previously unknown ones. In the first months after the PT was introduced, Sandbox prevented Trojans from penetrating and exploiting the airport infrastructure.

Airports are objects of critical information infrastructure and are obliged to ensure the continuity of their work even in the event of cyber attacks. In 2023, the information security division of Air Gate of the Northern Capital LLC carried out a comprehensive modernization of the security architecture of Pulkovo Airport. One of the priority areas of the project was the organization of effective protection of information channels from malware.

According to information security analysts, in 40% of cyber attacks on CII objects, attackers use malware. To counter modern malware attacks, the airport needed a sandbox-class solution that would detect and repel such threats with high accuracy, preventing them from overcoming the corporate perimeter. It was also important for information security professionals that the sandbox provide automated real-time protection and provide an opportunity to investigate incidents involving HVEs. In addition, the system being implemented was to be included in the register of domestic software and have an FSTEC certificate.

During pilot tests, along with other competitive advantages, PT Sandbox demonstrated effectiveness in identifying cyber threats in airport mail traffic and was chosen for full implementation in Pulkovo infrastructure. The work was completed in 2023.

Unlike other sandboxes, PT Sandbox offers simple and convenient integration with any IT and IT systems. Thanks to a large set of plug-in sources, we have covered all the necessary channels with protection, and we can easily add new ones. Separately, I would like to note the responsive and attentive technical support: the vendor's specialists accompanied us at all stages of the project, advised and helped us, which made it possible to finish the implementation faster, "said Sergei Savchenko, head of the information security service at Air Gate of the Northern Capital LLC. - Per month, PT Sandbox processes an average of 700 thousand tasks on the stream, of which 1,500 contain suspicious files, and 30 identified activities are dangerous incidents.

PT Sandbox has flexibly integrated into the infrastructure: the information security service did not have to change the existing business processes of the airport, the product also did not affect the continuity of applications. The Positive Technologies sandbox analyzes each object using machine learning technologies, uses static and dynamic methods using unique PT Expert Security Center (PT ESC) rules, and several antivirus engines.

PT Sandbox is an integral part of Pulkovo's comprehensive defense against massive and targeted attacks. The sandbox detects viruses, ransomware and other illegitimate programs, preventing them from being in the contour of the organization, - said Elena Polyakova, product marketing manager at PT Sandbox. - In this project, the information security service competently built work on detecting HPE, implementing two scenarios for checking objects on the basis of our product. The first provides for monitoring the security of mail traffic in blocking mode. In this way, you can locally and without delay in the delivery of letters stop the penetration of dangerous files into the infrastructure. As part of the second scenario, PT Sandbox automatically checks objects from network folders.