Gardaí NDR

The main articles are:

• Firewall
• Antiviruses

2024

Integration with AxelNAC

The Axel PRO product studio and the Garda group of companies have joined forces to ensure integrated protection of the network infrastructure of Russian business and increase the responsiveness to current threats. Gardaí announced this on August 29, 2024.

To achieve strategic goals, the companies integrate Garda NDR and AxelNAC. Read more here.

Ability to prevent hard-to-detect network attacks

The Garda Group of Companies has updated the NDR system designed to identify and prevent cyber attacks. The company announced this on August 28, 2024. Customers now have the ability to prevent hard-to-detect network attacks. Using machine learning models based on autocorrelation technology, Garda NDR detects anomalies in network traffic and determines calls to botnet control centers.

Experts from the Garda group of companies added a machine learning model to the list of NDR system tools to identify calls to botnet control centers (Command & Control Center, C&C) with support for autocorrelation.

The technology allows you to identify repetitive sequences from several unique requests from bots to their control centers. The system detects hidden dependencies in network traffic, more accurately detects anomalies that indicate the presence of bots and their activity in the network. As a result, Garda NDR is useful for countering even hard-to-detect network threats.

The model is encryption resistant and supports detection even when using DNS-over-HTTPs tunnels.

In 2021, we released the first version of behavioral ML models (machine learning models) and made a strategic decision to develop non-signature methods for detecting threats and anomalies, which are a key element of functionality for NTA/NDR solutions, - said Pavel Shubin, head of product development at Garda NDR. - Since that moment, the Garda NDR ML models have evolved significantly, now they are able to detect even non-obvious deviations in the behavior of devices and users that cannot be determined by other methods. Behavioral models (profiling), taking into account the ever-increasing complexity of attacks, are still the most effective tool for detecting them.

We clearly understand that the Russian approach to NTA solutions, based on a combination of IDS and DPI, is outdated and does not meet the tasks of the market and the current threat landscape. We are constantly improving ML models and have released a new model for detecting calls to C&C, which allows detecting masking sequences from several unique "taps," added Stanislav Gribanov, head of the Garda NDR product.

Garda NDR plans to use machine learning methods to identify cyber threats in large volumes of network data flows

The Garda Group of Companies and the Engineering Center of the National Research State University named after N.I. Lobachevsky developed a solution for identifying threats to information security in large volumes of network data flows using machine learning methods. Garda announced this on July 23, 2024.

Experts of the Garda group of companies, together with scientists from the Engineering Center of Lobachevsky University, completed a study on the use of machine learning methods to identify cyber threats in large volumes of network data streams. Its results will be used in Garda network security products, such as Garda NDR, and will improve the accuracy of detecting known threats and the effectiveness of detecting zero-day attacks. The solution will increase the degree of security of large network infrastructures, where network traffic monitoring is most effective using NetFlow.

The developed solution uses a cascade of ML algorithms and a set of synthesized features based on network traffic parameters available via the NetFlow protocol. As a result of the studies, the optimal parameters of the algorithms were established, the performance of the solution was assessed on various types and volumes of network traffic, taking into account variability, seasonality and other factors.

The subject of a joint study was the current information security (IS) tasks, protection against both well-known and previously unknown classes of threats. The task of detecting and classifying threats was investigated and solved by methods of matstatistics and artificial intelligence. A large amount of network traffic data made it possible to take into account the seasonality factor, the dependence of parameters on a number of external factors, and determine the conditions for detecting an unknown threat. A number of extensive studies were conducted together, the desired current solution and valuable practical experience were obtained, which we will gladly share with our students during the training process. We look forward to further fruitful cooperation with the Garda group of companies, says Vadim Turlapov, project manager, Doctor of Technical Sciences, Professor of the Department of High Performance Computing and System Programming, Institute of Information Technologies, Mathematics and Mechanics, N.N.

Шаблон:Quote 'author = noted Vladimir Ponomarev, First Deputy General Director of Garda Technologies (part of the Garda group of companies).

"NDR 4.0 Garda" with 8X More Network Stream Content

Garda NDR developers have repeatedly increased the performance of the solution, the updated version will allow customers to optimize equipment costs and reduce network load. The developer announced this on June 19, 2024.

The key change "Garda NDR 4.0" affected the performance of the network stream content recording subsystem. The recording speed has been increased by 8 times. Thus, one combined server, which includes a sensor, storage and control system, supports processing up to 10GB/s of network traffic.

One co-located server processes up to 10 Gb/s, while supporting centralized deployment, security policy management, and horizontal performance scaling. We were the first of the domestic vendors to implement in the NDR system the functionality of active response full packet capture - dynamic traffic recording when policies are triggered, "said Stanislav Gribanov, head of the Garda NDR product.

"Garda NDR 4.0" allows you to optimize the cost of hardware power for storing traffic. Due to the active response option, customers with high network infrastructure bandwidth were able to save the contents of a full copy of all traffic for several hours or not at all, and information security incidents for up to several weeks.

The updated version of Garda NDR quickly detects compromised devices, thereby protecting the organization's network from possible attacks. The option is implemented by improving the functionality of the ML-model of beacon detection of botnets. The system detects the facts of infected devices accessing command centers (C&C) inside dns tunnels and even inside dns-over-https tunnels if common attacking frameworks Cobalt Strike, Sliver, Brute Ratel C4 penetrate the network.

The mechanism for creating security policies has become more understandable to the user: it is tied to scenarios for detecting threats and anomalies. Specialists of the information security competence center of the Garda group of companies have developed more than 60 such policies with an emphasis on ML and threshold behavioral models that are available out of the box. All policies correspond to the MITRE matrix ATT&CK and Kill Chain.

Due to security policies based on behavioral models, the efficiency of detecting unknown threats (zero-day) has been increased over deep network packet analysis filters (DPI traffic filters) in the new version of Garda NDR 4.0. This significantly distinguishes the system from outdated NTA class solutions, focused on a large number of signatures and grouped simple rules.

The functionality of widgets has been expanded, it helps in creating informative dashboards and reports.

2023: Garda NDR 3.4

The manufacturer of the family of products for data protection and network security, the Garda Group of Companies, on December 26, 2023 presented an updated version of the Garda NDR 3.4 network threat detection and response system. Updates allow you to quickly detect attacks on the corporate network, more quickly and accurately respond to incidents. Updated custom reporting forms make it easier to monitor suspicious events on the network and easier to analyze data for effective incident response.

The updated version of the Garda NDR system analyzes and processes network data more efficiently by supporting the NSEL protocol. Optimization of NetFlow data processing, including session grouping, made it possible to more clearly display events and reduce reporting time.

Garda NDR 3.4 has improved the detection process by malicious software (software) introducing a hash count mechanism files and a link for automatic virus scanning. The option helps to enrich information the malware, as a result, to perform in-depth data analysis and take effective response measures.

We added the ability to transfer data to SIEM and support external integrations through Python scripts for ML and threshold behavioral models, "said Stanislav Gribanov, Garda NDR Product Manager of the Garda Group of Companies. - This will significantly improve the ability to actively respond to incidents and provide a more complete view of what is happening.

In this release, restrictions on the number and nesting of logical information asset management groups have been lifted, so the user can more conveniently create and distribute assets into the full hierarchical structure of groups. This makes working with assets and analyzing them in traffic more understandable and convenient to use.

Release 3.4 introduces an updated report editor that allows you to customize widgets to suit users' individual needs, receive scheduled reports, and therefore control the application. The form of reports has become more flexible, which expands the capabilities of analytics. Now widgets can be exported and imported - this is how the developers made it easier to transfer dashboard configurations and simplified customization for customer tasks.