Ankey ASAP (Advanced Security Analytics Platform)

2024

Increase of compliance with Rossi FSTEC certification requirements to CD 4

The Ankey ASAP advanced analytics platform has increased compliance with the requirements of the Russian FSTEC certification in terms of trust to the fourth (UD 4). Gazinformservice (GIS) announced this on October 9, 2024.

This confirms that the solution complies with the security standards established by the Federal Service for Technical and Export Control, and can be used in organizations with strict requirements for information protection.

Increasing certification to CD 4 allows you to use the solution in organizations that apply high safety criteria for used, "said softwareYana Zakovryazhina, product manager at Ankey ASAP. - We are talking about, state bodies and institutions organizations,,, health care, power engineering specialists transport communications as well as the sphere, bank enterprises,, and fuel and energy complex atomic energy many metallurgical industry others.

.

Ankey ASAP 2.4.2 with the ability to switch to Efros CI reports from the ASAP web interface

Gazinformservice has presented a quarterly update to the Ankey ASAP 2.4.2 advanced security analytics platform. The key change in version 2.4.2 was algorithms aimed at identifying insiders. The developer announced this on August 21, 2024.

The platform is now able to analyze atypical volume, as well as the time of events, which is an additional tool for detecting suspicious activity within the organization (among persons who have access to confidential information - approx. Ed.).

In addition to strengthening protection against insiders, Ankey ASAP 2.4.2 has expanded a number of functions to identify cyber threats. This version of the product has updated the rules of the first actions for the Rare Events Analyzer - the considered conditions for the first actions (new or rare events) have been expanded. Including extensions in the updated version of the product also affected the visual component - a widget designer for dashboards was added. The preference allows you to create your own visualization.

Analyzers for detecting atypical event volume and time have been developed. Their use is aimed at expanding the tools for identifying insiders and compromised users.

In Ankey ASAP version 2.4.2, it became possible to switch to Efros CI reports from the ASAP web interface, which will provide online access to reports on configurations of security objects.

Improvements also affected support for sources. Implemented behavioral analytics content for firewall sources from UserGate, Continent and Dionis. Expanding content to event sources will allow you to have a more holistic idea of ​ ​ the state of information security of the organization. This version also implements behavioral analytics content for DLP "Stakhanovets." Expanding content under DLP will allow you to effectively respond to threats, faster detecting suspicious actions.

The Ankey ASAP Advanced Behavioral Analytics Platform has OS Red OS ON received 8 and Staffcop Enterprise compatibility certificates, expanding integration capabilities and improving overall security.

In release 2.4.2, in addition to the changes listed above, system-wide improvements were carried out, bugs were fixed and requests for revision were recorded.

Ankey ASAP 2.4.2 is a tool for improving the security and control of information resources of any organization. It is important to emphasize that the extensions in this product release will significantly complement the tools for identifying compromised users within the company, "said Yana Zakovryazhina, product manager at Ankey ASAP of Gazinformservice.

Red OS Compatibility 8

Companies Gazinformservice"" and Red Soft"" will provide comprehensive protection for domestic users operating systems thanks to the joint work of proprietary products - Ankey ASAP and 8 Red OS. Gazinformservice announced this on July 10, 2024.

Compatibility with the Ankey ASAP PC will allow RED OS 8 users to take the security of their systems to a new level of protection:

• Detection of threats in the shortest possible time: Ankey ASAP uses advanced behavioral analysis to detect anomalies, including 0-day, LotL attacks and APT threats in the early stages.
• Behavior modeling: Ankey ASAP creates digital shadows of objects, which allows you to accurately determine deviations from normal functioning.
• Incident Investigation: The platform provides tools for in-depth analysis of information security events in accordance with the MITRE ATT&CK and NOS matrix, as well FSTEC as marking on the Kill-Chain chain.
• SOC Optimization: Integral assessment of behavior suspicion and aggregation of events into a single feed helps the work of SOC first-line specialists.

Also, the safety of RED OS 8 is ensured by means of information protection from trusted RED SOFT partners, built-in tools for monitoring and responding to incidents, there is a vulnerability scanner and secure development tools.

The compatibility of Ankey ASAP with RED OS 8 is an important step to ensure comprehensive protection of users of domestic operating systems. We are pleased to offer a solution to quickly identify and analyze threats in the customer's modern infrastructure, "said Yankey ASAP Product Manager Yana Zakovryazhina.

It is difficult to overestimate the demand for high-quality information security solutions among our customers. Ankey ASAP allows you to detect attacks early, which significantly reduces possible damage. I am sure that our cooperation with Gazinformservice will bring many more benefits to those who choose domestic software, - commented Rustam Rustamov, Deputy General Director of RED SOFTWARE.

Staffcop Enterprise Compatibility

Atom Security (brand - Staffcop) and Gazinformservice confirmed the correctness of the joint functioning of the Ankey ASAP software complex and the Staffcop Enterprise system on the basis of joint tests. Gazinformservice announced this on July 9, 2024.

The corresponding certificate was signed by the heads of companies.

Шаблон:Quote 'author = said Ivan Khaustov, CEO of Atom Security.

{{quote 'author = noted Roman Pustarnakov, Deputy General Director - Head of the Customer Management Department of Gazinformservice. | Proven product compatibility improves the quality of information security incident monitoring and analysis. With the integration of Ankey ASAP and Staffcop Enterprise, information security professionals can more effectively detect and respond to threats using suspicious detection tools and advanced behavioral analytics. This improves the overall security strategy of the company and increases the level of protection against cyber threats,}}

2019: Ankey ASAP Platform Test Release

On December 16, 2019, Gazinformservice"" announced the release of a test version of the advanced analysts safety Ankey ASAP platform with behavioral analysis functions. The creation of the platform was the result of a joint project between Gazinformservice LLC and the Laboratory artificial intelligence neural network and Technologies. Peter the Great St. Petersburg Polytechnic University

File:Security threat vulnerability hacking spyware.jpg

According to the developers, the Ankey ASAP (Advanced Security Analytics Platform) is a product of the advanced information security event analytics class with behavioral analysis functions. The product generates analytical content and behavior models of users and components (entities) of the corporate network using heuristic and statistical algorithms, as well as machine learning algorithms based on data obtained from information protection tools and information systems of the enterprise. The Ankey ASAP provides a security professional with tools to identify signs, conduct a technical investigation, and gather digital evidence of security incidents. Unlike traditional defenses, the product uses automatically generated behavior profiles to identify incidents, rather than formal rules and signature methods. At the same time, obtaining a multidimensional view of the context of security events allows you to more efficiently analyze and make decisions on detected cybersecurity incidents in a shorter time.

The Ankey ASAP platform actively uses machine learning technologies to identify incidents. Due to the shortage of specialists with interdisciplinary knowledge and skills in the areas of information security and artificial intelligence, Gazinformservice in 2017 turned to colleagues from the Laboratory of Neural Network Technologies and Artificial Intelligence of St. Petersburg Polytechnic University Peter the Great (SPbPU) for help. With the help of colleagues from SPBPU, it was possible to modify known methods for detecting anomalies, combining and adapting them to different statistics of real data sets and features of the problems being solved. As of December 2019, pilot projects have been initiated from potential customers, research and experiments with machine learning models, including neural network models, are ongoing. First of all, for behavioral analytics tasks, which allow monitoring abnormal behavior of users and objects of various information systems in a time mode close to real.

According to Gazinformservice, in 2020 a commercial version of the product will be released, supplemented by subsystems for monitoring integrated indicators of anomalies in user behavior (entities) and scenarios for managing analytical investigations. Depending on the machine model that revealed the abnormal behavior, investigative-relevant analytical content will be automatically generated and automated scenarios will be executed that notify the relevant persons, initiate proactive protection actions, for example, activation of additional rules on the firewall. Adaptive management of analytical cases will allow you to form a knowledge base from investigation and response scenarios in accordance with global security incident management practices, taking into account the practice and requirements of the security policy of a particular enterprise. This functionality will reduce the time for detecting and investigating incidents, reduce information overload and requirements for a high level of competence of an information security analyst.

"Behavioral analytics solutions began to actively develop by foreign security vendors 3-4 years ago. However, their use in projects for Russian companies and organizations that own critical information infrastructure is unacceptable. There were no industrial solutions from Russian security system developers. In this regard, in 2017 we decided to develop an advanced cybersecurity analytics platform - Ankey ASAP (Advanced Security Analytics Platform). The creation of the platform, along with the traditional engineering tasks of implementing high-load big data processing systems, had a significant scientific and mathematical component. The lack of the necessary competencies, the shortage of specialists in the labor market with interdisciplinary knowledge and experience in the field of intellectual technologies and information security pushed us to find partners among universities and scientific centers. Colleagues from the Laboratory of Artificial Intelligence and Neural Network Technologies of the Polytechnic University expressed their readiness to work together to develop intelligent systems in cybersecurity, " noted' Nikolay Nashivochnikov, Deputy General Director - Technical Director of Gazinformservice LLC '

"Thanks to the joint work of SPbPU and Gazinformservice LLC, the project managed to create a unique infrastructure and software for data collection and processing, which allows you to quickly check the models and methods for detecting cybersecurity incidents against real data entering the system continuously. This solves the serious problem of the lack of suitable marked-up cybersecurity datasets and opens up ample opportunities for research. To train complex neural network models, researchers from SPBPU State University use the power of the Polytechnic supercomputer center, which has the fifth highest performance as of December 2019. supercomputer in the Russian Federation The results obtained in the project make it possible to talk about the prospects of the developed direction and open wide horizons both for the implementation of new research, including identification computer attacks at the early stages or in the process of their preparation, and for the creation of a software product that can compete with analogues not only in, RUSSIAN FEDERATION but also abroad. " noted Alexey Lukashin, head of the supercomputing center of St. Petersburg Polytechnic University