Garda Perimeter

The Perimeter system is designed to analyze traffic in data transmission networks, warn, detect and suppress attacks of various types on objects of the operator's network and its clients.

2023: Certification in Belarus according to TR 2013/027/BY

The protection system against DDoS attacks "Perimeter" manufactured by "Garda Technology" received a certificate of compliance with the requirements of the Technical Regulations of the Republic of Belarus TR 2013/027/BY. The solution is ready for use in Belarusian companies. Garda Technologies announced this on January 19, 2023.

"Perimeter" passed the necessary tests in accordance with the requirements of the National System for Confirming Compliance of the Republic of Belarus, performs the declared functions, is protected from modifying critical parameters and meets a number of other criteria.

Certification of Perimeter in Belarus is a big step towards protecting the country's business from attacks aimed at abandoning enterprise information systems, "said Vadim Soldatenkov, head of DDoS protection at Garda Technology. - In Russia alone, the number of DDoS attacks in 2022 increased 10 times, while Perimeter allows you to cope with their reflection by large telecom operators, for example, TransTeleCom, MegaFon, Rostelecom, etc. I am sure that the positive Russian experience in using Perimeter will help colleagues from Belarus to ensure the cyber stability of business and replace the solutions of manufacturers who left the country.

"Perimeter" is installed at the border of the network and is used to protect against DDoS attacks of the corporate infrastructure and IT sites of organizations. The complex helps to constantly control the exchange of traffic with external networks, and the absence of artificial bandwidth restrictions allows you to fully protect connected communication channels across the entire width.

2022: Use to optimize the DDoS Protection solution

On November 1, 2022, TransTeleCom announced that its DDoS Protection service has increased the speed and accuracy of the incident monitoring mechanism. The improvement was achieved thanks to the use of the traffic protection subsystem developed by the Russian company Garda Technology. Read more here.

2020: Obtaining the certificate of FSTEC of Russia

FSTEC Russia issued a certificate of conformity for the complex of protection against DDoS-attacks "Perimeter." This was announced on February 17, 2020 by the company Garda Technology"."

Perimeter is a solution for protection against denial of service attacks (Anti-DDoS), supplied as an autonomous complex and certified by the FSTEC of Russia. Unlike solutions that redirect traffic for cleaning to external sites, Perimeter filters directly on the customer's data network. This approach not only guarantees the safety of client data, but also eliminates congestion of the entire intermediate IT network infrastructure when traffic is redirected.

Perimeter is a confidential information protection tool certified according to Level 4 of the RD NDV, which helps government and corporate customers comply with the requirements of a number of Russian regulatory legal acts:

• joint order of the FSTEC of Russia and the FSB of Russia No. 489/416 "On Approval of the Requirements for the Protection of Information Contained in Public Information Systems" by using a certified means of filtering and blocking network traffic;
• FSTEC Orders No. 17 of 11.02.2013 and No. 21 of 18.02.2013 regulating the protection of state information systems and the security of personal data;
• Federal Law No. 187-FZ "On Safety critical information structure of the Russian Federation" and by-laws: FSTEC Order No. 239 of 25.12.2017, in terms of preventing intrusions (computer attacks) and ensuring the availability of significant objects, Order No. FSB 196 of 06.05.2019, in terms of identifying and responding to computer incidents, working with attack artifacts and the absence of undeclared capabilities in use; software
• Order of FSTEC No. 31 of the 14.03.2014 in terms of ensuring measures to protect APCS at critical facilities.

A certified solution is necessary for companies in the financial sector to implement the measures defined in the National Standard RUSSIAN FEDERATION GOST R 57580.1-2017 "Security (financial banking) transactions. Protection information of financial institutions. Basic composition of organizational and technical measures, "as well as to ensure the availability of information resources payment systems according to the requirements of Federal Law No. 161-FZ dated 27.06.2011 " On the National Payment System "and Resolution Government of the Russian Federation No. 584 dated 13.06.2012 " Regulation on the Protection of Information in the Payment System. "

In addition, the capabilities of Perimeter correspond to methodological recommendations for the creation of departmental and corporate centers of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation.

Successful certification in FSTEC of Russia confirms the quality and demand of the solution. Perimeter is chosen by telecom operators and corporations of our country both to protect against DDoS attacks of their own infrastructure, and to ensure the security of their customers. We are confident in the reliability of our solutions, and the passed certification tests confirm their compliance with domestic requirements for information protection, said Roman Zhukov, director of the Garda Technologies competence center

2019: Attack Detection Engine and User Interface Update

On July 30, 2019, Garda Technologies announced the release of an updated version of the Perimeter hardware and software complex designed to protect against network denial of service attacks (DDoS attacks) on telecom operator networks, data centers, large and medium-sized corporate networks.

As noted in Garda Technology, Perimeter has received an updated attack detection mechanism and methods for suppressing them, which allow you to effectively respond to modern threats of DDoS attacks, and an updated user interface.

The Perimeter hardware and software complex is installed on networks of provider and telecommunications services, corporate networks, data center networks with network traffic volumes from Gbps to tens of Tbit/s. Cleaning clusters, which are part of the Perimeter agro-industrial complex, allow you to effectively protect the company's infrastructure from DDoS attacks up to 640Gbit/s.

The updated version of the Perimeter agro-industrial complex has revised the principle of detecting attacks. Flexible configuration of the complex allows not only to identify well-known DDoS attacks, but also to adapt the detection subsystem to new threats taking into account the needs of protected clients, to reduce the likelihood of false detections caused by the nature of the traffic of protected clients, according to Garda Technology.

The complex shows the most important information about the attack, focusing the user's attention on the characteristics of the attack, which can be used to successfully suppress it. The updated user interface allows you to track the dynamics of the attack in real time and receive all the data about it.

According to the developer, cleaning clusters and the capabilities of network equipment are used to suppress attacks in the Perimeter agro-industrial complex. The updated version allows you to use these tools together, including with fully automatic attack suppression. This provides tiered protection for the client: at different levels of attack danger, various suppression tools will be used. For example, attacks that do not exceed 10 Gbps are filtered by the complex cleaning cluster. When the attack volume increases to 20 Gbps, filtering is performed on network equipment.

According to the developer, the updated version significantly expands the ability to automatically counter DDoS attacks. The updated suppression mechanisms allow you to flexibly adapt to the development of a DDoS attack, including and disabling the necessary cleaning methods at the right time. Provides effective protection even if an attacker tries to bypass the countermeasure system, changing the nature of the attack. At the same time, the complex takes into account not only the methods for suppressing attacks laid down in it, but also the features of each protected resource, excluding the influence of tools for suppressing a complex attack on legitimate traffic. The updated version of the Perimeter APC allows the operator to intervene in the automatic filtering process and make changes if necessary. At the same time, the complex will continue to work in automatic mode, tracking the dynamics of the DDoS attack and including the necessary suppression methods, taking into account user adjustments.

The complex allows you to effectively protect Internet sites both from powerful DDoS attacks that overload communication channels, and from attacks aimed at the resources of the Internet site, including from slow attacks. The updated version implements a mechanism for decrypting HTTPS traffic, which allows you to apply additional protection methods to it: authenticating users and identifying sources that attack the service using statistical and behavioral algorithms, noted in Garda Technology.

As of July 2019, the updated version of the Perimeter agro-industrial complex includes an expanded list of traffic analytical reports, including reports on virtual network traffic (VPN), the implementation of a "hot" backup that allows you to continuously detect threats, as well as a mechanism for monitoring changes in the configuration of the complex.

2013: Main functions of the Perimeter-F agro-industrial complex

As of January 2013, the main functions of the Perimeter-F agro-industrial complex include:

• Filtering requests of network subscribers to Internet resources by URL or IP addresses
• Support for filtering Cyrillic domain names and Cyrillic in URL
• Filtering Requests Using Proxy Servers
• Filtering requests from mobile clients (Android, iOS, etc.)
• Automatic synchronization with the Unified Automated Information System (UAIS) of the Unified Register of Sites (zapret-info.gov.ru)

2012: Compliance with requirements No. 139-FZ

"MFI Soft" presented in October 2012 the hardware and software complex "Perimeter-F," which meets the requirements of the law "On the protection of children from information harmful to their health and development," to restrict access to domain names, site page pointers and network addresses of the Internet.

AIC "Perimeter-F" was developed specifically for Internet providers wishing to prepare for the final entry into force of the Federal Law of the Russian Federation of July 28, 2012 No. 139-FZ "On Amendments to the Federal Law" On the Protection of Children from Information Harmful to Their Health and Development "and certain legislative acts of the Russian Federation."

The advantages of the Perimeter-F agro-industrial complex solution are, first of all, the ease of connection and maintenance, including for regionally distributed companies, as well as its availability, associated with the ability to choose the performance of the complex depending on the volume of traffic entering from customers, and not from the total network traffic. The scalable architecture of the solution allows you to increase its performance without limitation.

All solutions of MFI Soft are accompanied by round-the-clock Russian-language service support and warranty obligations.

The law 139-FZ obliges telecom operators, hosting providers and content providers of the Internet to block for three days access to Internet content included in the so-called "black lists" ("Unified Register of Domain Names and (or) Universal Pointers of Pages of Sites on the Internet and Network Addresses on the Internet containing information prohibited for distribution in the Russian Federation by federal laws"), which are accompanied by Roskomnadzor.

According to the leaders of 'MFI Soft', Perimeter-F is an alternative to expensive deep traffic analysis (DPI) systems for automating work related to the fulfillment of the above requirements of Roskomnadzor, providing the ability to block and unlock web resources by a single resource indicator (URL) and IP addresses and maintaining automatic synchronization with a single automated information system (UAIS) serving 'blacklists' (zapret-info.gov.ru).

2011: Perimeter System Description

According to the information as of May 2011, the functionality of the Perimeter system allows the operator to: monitor network traffic in real time with the possibility of long-term storage and sampling of information for any period of time; Detect attacks on networks at speeds up to 100Gbs and higher and suppress them while keeping resources working for users. Optimize, plan, and control internal network structure, interconnect, and peer-to-peer relationships by analyzing traffic routes.

The Perimeter system was developed taking into account the requirements of modern high-speed data transmission networks for detecting and effectively suppressing network anomalies that require high-performance solutions. The system consists of two components: an analyzer and a cleaner. The analyzer provides interaction with the operator's equipment, tracking network infrastructure objects, detecting attacks and displaying statistics. The cleaner provides DDOS filtering of DOS/attacks at the stack TCP/IP and application level. Analysis and filtering algorithms, according to the developers, allow you to effectively combat all known types of threats and malicious influences. The telecom operator can either independently operate the system, or use the services of MFI Soft for filtering and cleaning traffic with its help.

According to Anatoly Korsak, General Director of MFI Soft, the Perimeter system is the only solution developed in Russia that allows the operator to protect the network and clients from hacker attacks, as well as monitor the state of the network and analyze inter-operator relationships.

"Sinterra" still uses the system. On the basis of the complex, a set of services and services that are actively sold has been developed, notes Andrey Bugaenko. "We record a significant amount of traffic every day, qualified by the system as malicious," says Andrey Bugaenko. - A number of clients managed to keep business thanks to the use of the system. There are customers who are trying to make money selling our service to their clients.'

The current Perimeter is an improved version of Anomaly, notes Natalya Korobkova from MFI Software, and it is designed for large operators. MFI Software is ready to release other versions of such an information security system to the market, already for small operators.

"The volume of the information security systems market in Russia per year in all segments (large, medium and small companies) exceeds 1 billion rubles. This also includes players, for example, whose main specifics are antiviruses, but there are departments for DDoS attacks and analysis, "says Denis Kuskov, head of the TelecomDaily analytical agency. - In principle, there are not few systems on the market that allow solving certain problems separately. They are for both small and large companies. I do not think that even the changed solution of "MFI Soft" will be in demand among small companies that apply other, more economical solutions. "

2010: Creation of the Anomaly system

MFI Soft created the system in February 2010 in conjunction with Sinterroy"," which it acquired in 2010. MegaFon Then the product was called "Anomaly." The contract for the development information security of the Sinterra and MFI Soft operator network system was signed in October 2008. The project was carried out in several stages during 2008 and 2009. Each stage of development was tested on the "pilot" zone of the Sinterra network, which includes all elements of the operator's infrastructure: IP/MPLS networks, MG/MH, DPC and a distributed call center segment. "^[1]

Andrey Bugaenko, IT Director of Sinterra, names four reasons for the product's appearance in the company: the development of a domestic product with better characteristics than a few foreign analogues, the launch of an additional service to the market that customers need, a profitable investment in the potential of specialists in technological innovation and financial profit. "For more than a year, we have a geographically distributed (cloud) and accurate tool for controlling traffic on IP/MPLS networks. It is able to analyze the data flow at a speed of over 300 Gbps, monitor and build analytical reporting for commercial and technical services for several thousand parameters in terms of operators, customers, traffic structure and volume, network interaction, network equipment status, etc., "- said Andrey Bugaenko to ComNews reporter.

The project was funded by both parties. "Then it was investing in new technology, developing an asset in which intellectual labor was the basis and which became our intellectual property. We contributed about 70 million rubles to the project. and the intellectual and managerial potential of the company, "said Andrei Bugaenko. MFI Softs do not disclose the final size of investments in the project, but note that the product belongs to them.

Notes