BI.ZONE CPT (Continuous Penetration Testing)

Main article: Security Information and Event Management (SIEM)

The BI.ZONE CPT (Continuous Pricing Testing) solution is designed to constantly monitor the security of the company's external IT perimeter. Reduces the lifespan of vulnerabilities through in-depth analysis of external infrastructure. BI.ZONE CPT regularly monitors changes on the perimeter of the company and its affiliates, as well as provides information on existing vulnerabilities already verified by BI.ZONE. experts.

2021: Inclusion in the register of Russian software

On April 23, 2021, BI.Zone, a strategic digital risk management company, announced the inclusion of a number of its products in the register of Russian software. The Unified Register of Russian Programs for Electronic Computers and Databases includes BI.ZONE CPT, BI.ZONE CESP, BI.ZONE WAF.

We are proud that our products are the work of Russian developers. Including them in the register domestic software will allow our customers to reduce costs, since the cost of such products will not include VAT in the amount of 20%. First of all, this is relevant for companies that need to use only the Russian IT solutions, "said Rustem Khayretdinov BI.ZONE. Growth Director.

2020: Opening free access amid coronavirus epidemic

March 23, 2020 Sberbank announced that its subsidiary BI.Zone opened free access to services. cyber security Until July 1, 2020, any the Russian company can receive services to protect the corporate network and employees on remote access.

This decision was made due to the difficult situation prevailing Russia in the world in connection with the spread of coronavirus infection. The virus COVID-19 has affected many countries and caused a surge in cybercrime. Over the past two months, more than 4,000 have been registered with the domains words "coronavirus," covid, etc. At the same time phishing , the number of mailings compared to last quarter increased by 30%. About 20% of them contain information about coronavirus.

Due to the difficult situation, organizations massively transfer employees to remote work. With a successful transition, the role of the human factor increases: unprotected or non-compliant services are often added to the perimeter of the corporate network. Some companies are forced to take such a step consciously in order to provide quarantined employees with access to resources. Over the past week alone, BI.ZONE customers have seen a 23% increase in public remote service connections. This approach significantly increases the vulnerability of the corporate network to cyber attacks.

To support Russian business, from March 18, 2020 BI.ZONE opened free access to the following cloud services.

• Perimeter Scanner scans the external IT perimeter, looks for vulnerabilities in the network, automatically monitors open network ports and applications, and allows you to track the connection of third-party services.
• Continuous Pricing Testing (CPT) provides continuous monitoring of the external IT perimeter through regular automated checks. The service is especially relevant for large corporations and will allow replacing testing services with penetration for the duration of the epidemic.
• Cloud Email Security & Protection (BI.ZONE CESP) protects the email service from phishing and spam, checks attachments for malicious links and software.
• Phish Zone simulates phishing attacks within the company and trains employees to detect malicious letters. BI.ZONE specialists have prepared a special scenario related to coronavirus.

2019: Launch of Continuous Pricing Testing service

On October 29, 2019, BI.Zone announced the launch of the Continuous Pension Testing (CPT) service, designed to significantly increase the security of customers from outside cyber attacks.

Penetration Testing, or "penetration testing," has long been an important tool in the arsenal of cybersecurity specialists. Using various methods, experts simulate the actions of attackers trying to attack the organization, and thus identify most of the problem areas in the client's protection. Usually, testing is performed once a year or quarterly, and a variety of changes can occur between tests. Sometimes they unpredictably affect the degree of security of the organization, and are found at best during the next test. To solve this problem, BI.ZONE has developed a service that uses a different approach to digital protection of the outer perimeter. As part of CPT, many operations are automated, and the security of the client is constantly checked for strength. This allows you to find and eliminate new vulnerabilities as quickly as possible. In addition, the CPT includes the expert work of analysts, and at the request of the customer you can connect a number of additional options.

Despite the fact that the methodology for building an external IT infrastructure has changed greatly in recent years, the protection of this segment remains a mandatory element of cybersecurity for any organization. We offer a multi-level approach to protecting your company from external threats. As part of the service, we maximally automated the work that previously required the formation of a separate expert team. At the same time, client costs are reduced, and the time to close vulnerabilities is reduced. It is worth noting separately that with infrastructure changes in the organization, it is not necessary to repeat classical penetration testing, says Yevgeny Voloshin, director of the BI.ZONE expert services unit

According to BI.ZONE, employees of Russian companies regularly become victims of phishing and open letters with malicious attachments disguised as correspondence from counterparties and colleagues. Every year, messages from attackers are more and more difficult to distinguish from real letters, and 3 out of 10 employees are vulnerable to phishing. To verify the effectiveness of the customer's internal security team, as well as to teach staff how to recognize and handle malicious messages correctly, BI.ZONE experts suggest connecting an additional automated CPT option - training phishing mailings and simulating targeted hacker attacks.

Another way to increase the security of the company, which is available in CPT as an additional service, is automated load testing. During it, the service in controlled mode simulates an attack from the outside, the purpose of which is to overload the organization's applications with requests and disrupt their work. This allows you to find weaknesses in the application architecture and fix problems in advance in order to ensure the availability of enterprise services in case of a real attack.