ИТБ: Security Capsule (SC SIEM)

Security Capsule - SIEM system for recording security events.

2024

Compatible with Postgres Pro Standard (versions 14, 15, 16)

Postgres Professional, the developer of the Russian database management system Postgres Pro, and Innovative Technologies in Business LLC, the creator of the Security Capsule SIEM information security event monitoring and correlation system, announced full compatibility of their products. The certificate issued by Postgres Professional confirms the correct operation of SC SIEM with Postgres Pro Standard (versions 14, 15, 16). ITB announced this on December 18, 2024.

𝓲

Postgres Professional

The integration of Security Capsule SIEM (SC SIEM) with Postgres Pro provides users with a number of advantages:

• Improved performance and reliability: Support for the flagship edition of Postgres Pro Enterprise, with its key developments, ensures that SC SIEM operates smoothly in high-load environments, which is especially important for protecting and monitoring large infrastructures.
• Compliance with information security requirements: Both solutions are included in the register of domestic software, have FSTEC certificates and are compatible with Russian operating systems and information protection tools, which makes them an ideal choice for companies seeking to comply with regulatory standards.
• Import-substituting solution: The compatibility of SC SIEM and Postgres Pro allows you to create highly efficient solutions on a domestic basis, which reduces dependence on foreign software and supports technological sovereignty.

Integration with domestic security scanners

LLC ITB"" on December 6, 2024 announced an important integration system for monitoring and correlation information security of SC events SIEM with domestic security scanners.

𝓲

ITB

Security scanners are security solutions designed to scan networks, systems, and applications to identify vulnerabilities. They are widely used in the corporate environment to regularly monitor the state of information systems and ensure their compliance with security standards.

The integration of these scanners with SC SIEM provides users with several key benefits:

• Centralized analysis of vulnerability reports: Thanks to integration, data from reports are automatically sent to SC SIEM, where they are processed and analyzed. This allows you to centrally manage information about the vulnerabilities found and quickly get a complete picture of the security status of the organization.
• Risk Mitigation and Efficiency: Integration simplifies the work of security professionals, allowing them to spend less time debriefing individual reports and focus more on strategic tasks. This reduces the risks associated with human factors and improves the overall efficiency of the vulnerability management process.
• Deep analytics and reporting: SC SIEM, with integrated data from security scanners, provides advanced analytics capabilities. Specialists can quickly assess the severity of the identified vulnerabilities, their impact on the security of the organization, as well as generate detailed reports for management and audits.

This integration highlights SC's commitment to providing its customers with comprehensive and easy-to-use tools to protect their information systems. Combining the capabilities of SC SIEM with solutions for scanning vulnerabilities, XSpider,, Scanner-VS MaxPatrol Redchek makes security management even more efficient, helping organizations detect and eliminate threats in a timely manner, providing a high level of protection against. cyber attacks

Red OS Compatibility

On December 11, 2024, Innovative Technologies in Business announced the full compatibility of the Security Capsule SIEM information security event monitoring and correlation system with the Red OS. This significant achievement strengthens the possibilities of using domestic solutions for data protection and information security management that meet the requirements of import substitution.

𝓲

ITB

The integration of Security Capsule SIEM with RED OS allows you to effectively use this SIEM system to identify, analyze and respond to information security incidents in environments built entirely on Russian software. RED OS, certified by FSTEC and the Ministry of Digital Development of Russia, ensures stability, high performance and reliability of work in corporate and government structures, which makes it an ideal platform for hosting Security Capsule SIEM.

Security Capsule SIEM compatibility with RED OS opens up new opportunities for Russian companies seeking to meet the requirements of software localization and critical infrastructure protection. Users can now use Security Capsule SIEM in a RED OS-based infrastructure with a comprehensive security monitoring and analysis solution designed and supported at the domestic level.

Advantages of using Security Capsule SIEM with RED OS:

• Full compliance with compliance and information security standards;
• Resilience to external threats and high performance in domestic infrastructure;
• Comprehensive monitoring and analysis of security incidents using the latest algorithms and technologies;
• Support for import substitution within the framework of the technological independence strategy.

With the integration of Security Capsule SIEM and RED OS, organizations can significantly improve information security while maintaining flexibility and efficiency in data management and protecting critical systems from today's threats.

GigaChat Integration

Innovative Technologies in Business"" integrated neural network GigaChat business model in its information security INFORMATION SECURITY Security Capsule event monitoring and correlation system. The SIEM company announced this on November 12, 2024. This functionality reduced the response time to incidents by up to 70%, and the accuracy of their analysis increased to 30%. It was also possible to reduce the operating costs of the companies-users of the solution by 40%, but at the same time increase the efficiency growth of their teams by 50%.

GigaChat makes working with Security Capsule SIEM more intuitive and accessible. Unlike traditional SIEM systems, which provide "raw" information and technical descriptions of events, generative artificial intelligence interprets this data and explains its meaning in simple and understandable language. In addition to describing incidents, artificial intelligence generates recommendations for eliminating them and reducing the negative effect on infrastructure. For example, if the system detects an unauthorized access attempt, GigaChat may suggest steps to restrict login, upgrade software, or strengthen network perimeter protection.

Processing a large array of data, quickly providing clear explanations and recommendations allow operators to significantly reduce the time spent analyzing incidents and making decisions, and this reduces the risks associated with cyber attacks and increases the level of protection of companies' information systems.

{{quote 'author=said Sergey Grafov, Project Manager "Innovative Technologies in Business." | Customers, especially large companies, government agencies, and organizations with critical infrastructure, face an ever-increasing landscape of cyber threats. They also had a problem with processing huge amounts of data, information security events, which are mainly generated by corporate networks and systems, and in addition, there was often a need to improve communication between teams in order to simplify coordination and analysis of events. GigaChat for business helped us solve all these problems and make the Security Capsule SIEM system more flexible, intelligent and scalable,}}

The company's future plans include strengthening the integration of GigaChat's capabilities into the Security Capsule SIEM, including in terms of automatic real-time incident analysis.

Integration with F.A.C.C.T. Threat Intelligence

On September 12, 2024, the F.A.C.C.T. announced the technological integration of the Security Capsule SIEM (SC SIEM) information security event monitoring and correlation system with the F.A.C.C.T. Threat Intelligence system. Technical cooperation will provide SC SIEM users with a deeper proactive approach to protecting against current cyber threats, detecting complex targeted attacks. Read more here.

2016

Certification of FSTEC of Russia

In the fall of 2016, the Security Capsule software and hardware complex successfully passed certification tests in the certification system. FSTEC Russia Certificate of Conformity No. 3649 dated November 9, 2016.

Release of updated version of PACAB SIEM Security Capsule

On September 28, 2016, ITB announced the release of the upgraded version of PACAB SIEM "Security Capsule."

The SIEM "Security Capsule" PACAB is designed to record information security events and performs the following functions:

• registration and accounting of information security (IS) events in information-computing systems and networks,
• delimiting user access to SIEM information resources,
• SIEM access control,
• Monitor the integrity of SIEM files
• correlation of information security events,
• response to information security events.

System Architecture, (2015)

Based on the analysis of information obtained using SIEM "Security Capsule," the Security Administrator takes measures to ensure the security of objects of information and computing systems and networks.

Registration of information security events is implemented by maintaining logs of information security events:

• User access to the application and shutdown
• allowed/unresolved actions of users to access information resources;
• Messages received from network devices
• operator actions on client workstations such as: establishing access to the workstation using the eToken USB key;
• accessing external USB devices, accessing files on external devices.

The composition of the program modules (connectors) is variable by agreement with the customer.

List of developed connectors that accumulate data on information security events:

• Data from network devices that use the syslog protocol (for example, Cisco hardware, S-Terra hardware, CheckPoint)
• Data in DBMS logs, such as Oracle
• data in the system log of operating systems of the Windows, Linux families;
• data when using removable media such as eToken, USB, LPT, COM. IEEE 1394, ZlocK, Device Lock;
• Data from MPS from LSD, for example: Block Host, Dallas Lock;
• data from antivirus tools, for example: Doctor WEB, NOD32, Kaspersky Anti-Virus;
• Data from Active Direction
• Windows registry data;
• data from IDM systems (Identity Management), for example: Outpost;
• data from DLP systems (Data Leak Prevention), for example: Falcongaze.

SIEM "Security Capsule" is focused on compliance with domestic technical regulations and standards in the field of information security.

The system is focused on using:

• security administrators;
• administrators of IE, DBMS, LAN, LDS;
• heads of security services;
• heads of companies, enterprises (organizations);
• developers of confidential information protection systems.

Use

To use the SIEM system, the following conditions must be met: SIEM "Security Capsule" operates under the OS\ Microsoft Windows XP\7\8,10, Windows Sever 2010\2012 OC. Linux The Microsoft.NET Framework 4.0 runtime environment is required for the program to work. The program runs in a client/server architecture. Server part - DBMS. My SQL Database Server 5.5.2 or MS SQL is used as a DBMS.

Architecture

PACAB "Security Capsule" operates on the basis of client-server technology for distributed heterogeneous IS, LDS, LAN and confidential information protection system.

As part of the Security Capsule PACAB, the modules are:

• server part module;
• Monitoring and administration module
• central module;
• Client modules
• connectors;
• reporting module.

The server component has a hierarchical structure. Thus, event monitoring can be carried out locally in geographically remote departments, branches, subsidiaries and dependent organizations. Initial processing of information security events is carried out on local servers, either the full composition of information security events or the generated list of critical events and analysis results are transmitted to the central server.

In order to reduce the load on the data network, the initial processing of events is carried out on the Security Capsule servers installed in the LAN. Depending on the degree of importance and criticality, information about information security events is transmitted to higher-level servers. In order to reduce traffic, information to higher-level servers is transmitted on a schedule, usually during the lowest load on the LDS. Critical events are transmitted in real time.

An important module of the system is the module for processing and displaying information about events, generating reports. System administrators have the ability to independently, in accordance with the requirements of the information security policy, determine the list of monitored events, choosing from the basic set the required. Determine criticality levels.

As part of the event analysis, they are divided into events of OS information security, network devices, IPS from NSD, DBMS, antivirus tools, and application systems. Each monitored event or event group is assigned a status at the system setup stage. Event collection can be continuous, discrete with reference to a single time system, in a time interval. Events from different event sources can be mapped according to different criteria. Events can be sorted, ranked, and filtered by different characteristics. The system administrator has the ability to manage event handling rules. Events related to User Account Control are handled separately, including creation, modification, deletion, control-based access control, such as AD. Also, events related to the installation and/or removal of system-wide and application software, security tools using the system registry control mechanism are subject to processing. Security Capsule implements the maintenance of "white" and "black" lists of software.

The system provides user groups with configurable access rights and functionality for administration.

The modular architecture provides easy maintenance and scaling of the SIEM "Security Capsule."

Using SIEM "Security Capsule" it is possible to identify:

• Network attacks in the internal and external perimeters.
• Minimum hardware environment requirements.
• Viral infections, backdoors and Trojans.
• Attempts at unauthorized access to information.
• and Frod fraud.
• Errors in the operation of information systems.
• Vulnerabilities.
• Configuration errors in security and information systems.

Events captured by SIEM "Security Capsule":

• related to user attempts to establish access.
• messages from network devices.
• caused by user actions on workstations.
• obtained from removable media control means.
• applied information systems.
• related to AD.
• control of operating and software environments.
• DBMS.
• OS of the Windows family, Linux.
• received from MPS from NSD.

Hardware Requirements

• processor Intel X86 or compatible with a frequency of 1 GHz or higher;
• at least 256 MB of RAM;
• to install the Product, at least 200 MB of free space is required on the permanent storage medium of the machine memory used by the computer;
• manual manipulator of "mouse" type;
• a removable storage device (CD and DVD drive);
• SVGA video card;
• Ethernet adapter with 8P8C connector type for twisted pair;
• a computer keyboard;
• monitor with a diagonal of at least 15 inches and a resolution mode of at least 800x600 dpi.

PAKAB "Security Capsule" is certified by the FSTEC of Russia to protect confidential information, including ISDS. Certificate of FSTEC of Russia No. 2705 dated September 7, 2012.