Komrad Enterprise SIEM Komrad Centralized information security event management system

KOMRAD is a centralized information security event management system compatible with domestic information protection tools .

The use of "KOMRAD" allows centralized monitoring of information security events, detection of information security incidents, prompt response to emerging threats, compliance with the requirements of regulators for the protection of personal data, as well as for ensuring the security of state information systems.

2023

Integration with NP MCDS

Echelon Technologies and iTBastion integrated their products - KOMRAD Enterprise SIEM and SKDPU NT solutions. Now, using the information security event management system KOMRAD Enterprise SIEM 4.3, you can get information about incidents registered in the system for monitoring the actions of privileged users of "SKDPU NT." This was announced on October 12, 2023 by representatives of the iT Bastion company.

KOMRAD Enterprise SIEM

According to them, when using the information security event management system KOMRAD Enterprise SIEM 4.3 in online mode, you can track information about information security incidents registered in the control system for user actions with privileged access rights "SCADA NT," namely, "SCADA NT Monitoring and Analytics" and "SCADA NT Access Gateway."

KOMRAD Enterprise SIEM 4.3 users can receive event cards from SCDPONT, filter them, and create filter-based directives. Customers with extended technical support for KOMRAD Enterprise SIEM have the ability to use additional examination packages with 30 ready-made filters and 30 correlation directives for a specific event source.

KOMRADEnterpriseSIEM is a flexible and scalable domestic system for centralized management of information security events from Echelon. Allows you to collect information security incidents and respond quickly to them. The use of the complex allows you to fulfill the requirements of regulators for the protection of personal data, ensuring the security of state IT systems and monitoring the critical information infrastructure of companies.

SKDPUNT is the own development of the Russian company iTBastion, a complex product that implements the full functionality of PAM systems (Privileged Access Management). Enables controlled remote access to the IT infrastructure for all users with privileged rights and access.

{{quote 'author
= noted Dmitry Mikheev, Technical Director of iTBastion|For us, confirmation of the technological compatibility of the SCDPUNT RAM platform with the KOMRAD Enterprise SIEM centralized event management system is another important step in realizing the needs of many of our customers who should use Russian solutions in their IT perimeters. These opportunities that customers gain through our joint partnership efforts enable them to identify and address emerging IBs in a timely manner. problems, adjust plans, optimize resource utilization, and automate business processes.}}

The ability to integrate KOMRAD Enterprise SIEM with the SCDS NT platform opens up additional opportunities for information security specialists to monitor the actions of privileged users. commented Alexander Dorofeev, CEO of EchelonTechnologiya

Possibility of delivery as part of the Ampire platform

The companies Prospective monitoring"" (GC InfoTeCS"") and the Group of Companies Echelon"" have reached an agreement on a technological partnership, under which information protection the Echelon line of funds can now be delivered to customers as part of the platform. Ampire InfoTeCS Group of Companies announced this on July 13, 2023. As of July 2023, three Echelon development products are built into the Ampire platform: the KOMRAD Enterprise centralized information security event management system, the SIEM comprehensive security analysis system, and the Scanner-VS firewall intrusion detection system. Rubicon More. here

2019

Red OS Compatibility

On November 13, 2019, RED SOFTWARE announced that, together with Echelon, it confirmed the compatibility and correctness of the KOMRAD Enterprise SIEM software product (manufactured by Echelon) under the control of the RED OS operating system (manufactured by RED SOFTWARE).

RED OS is a Russian operating system with a large list of compatible domestic products. This fact allows RED SOFTWARE to offer the market importonic independent complex solutions based on our OS, suitable for implementation in various fields. Thanks to cooperation with Echelon, we have further expanded the functionality of RED OS, commented Rustamov Rustam, Deputy General Director of RED SOFT

Support for RED OS SIEM by the KOMRAD system seriously expands the possibilities for modern detection of attempts to organize targeted attacks on the objects of our country's critical information infrastructure. " said Deputy General Director of JSC NPO Echelon, Alexander Dorofeev

Astra Linux Special Edition Compatibility Certificate

On May 29, 2019, JSC NPO Echelon announced that the KOMRAD SIEM system received a certificate of compatibility with OCAstra Linux Special Edition.

According to the company, as part of the Ready For Astra Linux hardware and software manufacturers support program implemented by Astra Linux GC, the COMRAD SIEM system was tested for compatibility with the Astra Linux Special Edition protected operating system and the correctness of the solutions collaboration was confirmed. The SIEM-system "KOMRAD" is used for centralized monitoring of information security events in information systems based on the operating system Astra Linux Special Edition.

The SIEM-system "KOMRAD" allows you to collect and analyze various information security events of the Astra Linux Special Edition OS: unsuccessful attempts to authorize users, enter suspicious commands, launch services, etc. If signs of an incident are detected (correlation directives are triggered), administrators are notified and the response process is started.

According to the test results, the SIEM-system "KOMRAD" received the status of Software ready for Astra Linux Special Edition.

The SIEM-system "KOMRAD" is certified by the FSTEC of Russia and the Ministry of Defense of Russia and can be used to ensure the security of personal data information systems, state information systems, critical information infrastructure.

2018

Scalability support and no performance constraints

On November 12, 2018, the Echelon Group of Companies presented an updated COMRAD information security event management system that supports scaling and includes a number of additional capabilities.

In the presented version of the SIEM system:

• It became possible to separate system components into separate nodes (Enterprise license): collector, processor, correlator and control node;
• it became possible to filter information security events and fine-tune it;
• Added event collection protocols: NetFlow v5/v7
• Enhanced data analytics and visualization capabilities with the ability to edit charts and create templates based on them.
• the licensing scheme has been changed, the performance of the system is determined by the capabilities of the hardware, and not by licensing restrictions, the developer emphasized.

According to the developer, the licensing program of the updated SIEM system KOMRAD provides for three types of licenses: Base, All-in-one and Enterprise. The Base license includes deployment on one node and support for basic event collection protocols: syslog and ossec, the All-in-one license has a wide and constantly replenished list of event collection protocols, and the Enterprise license allows you to distribute system components to individual nodes.

The updated and scalable KOMRAD supports the ability to manage all modules of the system from one node, buffer events when sent from the collection module to the storage and processing module, as well as connect two or more correlation modules to one storage, the developer claims.

Important changes also affected log management. The presented version has the ability to filter information security events and fine-tune it.

The developer noted that KOMRAD supports a wide range of event sources in the IT infrastructure and includes operating systems of the Windows and Linux families, a variety of DBMS, active network equipment, information protection tools. The updated version adds event collection protocols: NetFlow v5/v7, which allow you to collect traffic information from network devices.

The user interface of the system has been redesigned in KOMRAD. The main changes affected analytics and visualization tools. The function of editing diagrams and creating templates has appeared. A large number of widgets allow you to intuitively present the information you need to the administrator about the situation in the IT infrastructure, the developer believes.

Integration with InfoWatch Traffic Monitor

On August 1, 2018, the group of companies, InfoWatch the Russian developer of complex solutions for providing information security organizations, and Echelon the group of companies "," specializing in integrated provision of information security for enterprises and the development of security tools information protection and control, announced the completion of the integration of the solution for preventing leaks confidential information and protecting business from internal threats () DLP systems InfoWatch Traffic Monitor with the centralized information security event management system (-system SIEM) "Komrad." More. here

Certification of the Ministry of Defense of Russia

The centralized management system of information security events "KOMRAD" passed inspection control in the certification system of the Ministry of Defense of Russia, as a result of which certificate No. 3899 was obtained, valid until March 19, 2021.

The received certificate confirms the fulfillment of the requirements of the Order of the Ministry of Defense of the Russian Federation, including:

• guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of control of the absence of undeclared opportunities "(State Technical Commission of Russia, 1999) - by the 2nd level of control;
• compliance with the real and declared functionality in the documentation.

2017

Compatible with NT 4.0 Sentinel

On August 18, 2017, NPO Echelon announced the compatibility of the NT Information Protection System version 4.0 with the Komrad SIEM system.

Information Protection System NT 4.0 Guard is a software package of information protection tools using hardware identifiers. The product is certified FSTEC Russia according to the 2nd level of control over the absence of NVA, the 3rd class of protection against NSD (certificate of the FSTEC of Russia No. 3553 is valid until 20.04.2019).

IPS from NSD Watch NT (version 4.0) can be used to comprehensively protect information resources from unauthorized access when working in single and multi-user automated systems (AS), in state information systems (GIS) and personal data information systems (ISDS) in accordance with the requirements of the legislation of the Russian Federation.

In turn, Komrad is a centralized information security event management system compatible with domestic information protection tools. The use of "Komrad" allows centralized monitoring of information security events, detection of information security incidents, prompt response to emerging threats, fulfillment of the requirements imposed by regulators for the protection of personal data, as well as for ensuring the security of state information systems.

The SIEM-system "Komrad" is certified by the Ministry of Defense of Russia in the 2nd level of control of the absence of NVA (certificate of conformity No. 2315) and the FSTEC of Russia in the 4th level of control of the absence of NVA (certificate of conformity No. 3498).

Support of the NPS Watch NT 4.0 as a source of events of the SIEM-system "Komrad" will allow organizing proper control of information security events related to attempts to obtain unauthorized access to critical information.

Compatibility with Dallas Lock 8.0 editions "K" and "C"

On August 3, the developer companies Confidential and NPO Echelon announced the signing of a compatibility certificate confirming the correctness of the joint work of the Dallas Lock 8.0 IPS editions "K" and "C" with the information security event management system Komrad 2.0.

NPS Dallas Lock 8.0 is a certified information protection system designed to protect confidential information (revision "K" and "C") and information constituting a state secret up to and including "top secret" level (revision "C"). It is used for, information protection contained GIS in all security classes, in NPP up to 1B security class inclusive, in up to APCS 1 security class inclusive, as well as for ensuring all levels of security of personal data. Dallas Lock version 8.0 runs on autonomous AWS and in complex network infrastructures. Supports work OS in families (from Windows to). Windows XP Windows 10

Dallas Lock is certified: FSTEC Russia

• in version 8.0-K - according to level 4 of monitoring the absence of EOP, class 5 of protection against NSD, class 3 of protection ME, class 4 of protection EPS, class 4 of protection ESD (certificate of FSTEC of Russia No. 2720 of 25.09.2012, valid until 25.09.2018);
• in version 8.0-C - according to level 2 of control over the absence of EOP, class 3 of protection against NSD, class 3 of protection of ME, class 4 of protection of EPS, class 2 of protection of ESD (certificate of FSTEC of Russia No. 2945 of 16.08.2013, valid until 16.08.2019).

In turn, the Komrad system is compatible with domestic information protection tools. The use of Komrad allows centralized monitoring of information security events, detection of information security incidents, prompt response to emerging threats, compliance with the requirements of regulators for the protection of personal data, as well as for ensuring the security of state information systems.

Komrad 2.0 is certified:

• The Ministry of Defense of Russia - according to the 2nd level of control over the absence of NDV (certificate of conformity No. 2315);
• FSTEC of Russia - according to level 4 of control over the absence of NDV (certificate of conformity No. 3498).

Support of MPS Dallas Lock 8.0 as the source of events of SIEM-system Komrad will allow to organize proper monitoring of information security events in GIS, PD and APCS systems.

2016

"Komrad 2.0"

On August 23, 2016, the Echelon group of companies announced the release of the Komrad 2.0 version of the information security event management system.

Advantages of KOMRAD Enterprise SIEM software:

• performance: up to 20,000 EPS;
• the ability to configure and connect non-standard sources of information security events: the system has a universal adapter that allows you to connect any source of events;
• the ability to scale the solution and create an information security monitoring system of any scale;
• spectrum of supported domestic MPS;
• prompt notification (SMS, e-mail) and response to internal and external threats - security of the automated system;
• monitoring of compliance with the specified requirements for information security, collection of statistics and construction of security reports;
• configurable visual indicators of the information system state for any level of employees of the organization;

Centralized collection of data on information security events enables analysis with maximum process automation and prompt response to identified security threats.

The complex supports various types of reports, for example: a list of network objects, threat signals, a list of security incidents, a list of detected vulnerabilities, the general state of the network, the availability of network nodes, network statistics, marks on fixes of found shortcomings, etc.

Komrad 2.0 supports a set of event sources in the IT infrastructure:

• family operating systems Windows and, Linux
• various DBMSs,
• active network equipment,
• a variety of information security tools.

A feature of "Komrad 2.0" is support for domestic IPS, the ability to receive event logs from any type of source through a universal adapter. Integration with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation (SOPKA) is supported.

Screenshot of the program window, (2016)

The developers announced a redesign of the system interface. Widgets in an intuitive way provide the administrator with information about the situation in the IT infrastructure. Event correlation rules are created using a visual tool. It became possible to graphically analyze the direction of a computer attack.

SIEM system performance increased: the number of events processed per second (EPS) reached 20 thousand.

Functionality

Log-management

• High-performance event collection: Enables centralized event collection across enterprise infrastructure
• normalization: bringing the logs of all sources into a single format to simplify their analysis;
• storage of events: in the original ("raw") and normalized form. Initial events can be used in investigations of information security incidents;
• real-time event monitoring: allows you to analyze events as soon as they arrive in the system;
• fast full-text search: almost instantly allows you to find the desired event among millions of similar ones in a matter of moments;
• event filtering: is carried out using a convenient constructor for creating and executing requests to the event database;
• visualization of events: presentation of analyzed data in the form of graphs and diagrams (linear, columnar, circular, radial, etc.);
• visual setting of data display boundaries: event diagram allows to set exact time interval for events display;
• saving requests: any request to the event database can be saved in the system for quick access to it in everyday work;
• Export - Any selection of events can be saved in PDF or CSV format.

Event correlation

• generation of incidents: if chains of critical safety events are detected, an information security incident is generated;
• visual correlation directives: intuitive graphical designer of directives makes the process of creating a directive easy and accessible;
• multilevel correlation: the ability to specify an unlimited number of levels and rules in the directive designer;
• support of behavior pattern methodology: correlation directive packages reflect a possible chain of events (anomalies) that corresponds to the real attack model;
• configurable notification system: the ability to notify incidents in various ways (pop-up notifications, e-mail, execution of user scripts, etc.);
• incident management: automatic assignment of a group of persons responsible for the incident, a system of statuses and tags, setting the visibility of incidents;

Analytics

• a fully functional visualization subsystem: plotting on arbitrary data (any event fields), a flexible parameter system, customizable information panels. Examples of use: real-time event level, threat vector, threat level assessment, etc.;
• control of compliance with regulatory documents: a convenient automated system for monitoring compliance of the protected information system with regulatory documents;
• incident investigation tools: tools for building a visual model of the incident, detecting anomalies and behavioral analysis;
• reports: creating reports in a printable form (PDF, CSV);

Scaling

• the ability to scale and create a system for monitoring information security of high performance and availability;
• construction of hierarchical event processing systems: integration with elements of the own system: SOV, event sensor, correlation server, control server; Integration with external systems (for example, SOPKA).

Specifications

• collection of events using Syslog protocols (including in CEF format), Syslog-ng, SNMPv2, SNMPv3, HTTP, SQL, ODBC, WMI, FTP, SFTP, Unix/Linux sockets, plain log, SSH, Rsync;
• technologies: NoSQL, full-text search, the current operating system kernel;
• performance: up to 20,000 EPS. 10,000 EPS on a server platform with the following characteristics: 2 CPU Intel Xeon E5 2650, RAM: 32 GB, HDD: 2 TB.

Certificate of FSTEC of Russia

NPO Echelon announced at the beginning of 2016 that it had received a certificate from the FSTEC of Russia for the KOMRAD Enterprise SIEM software package.

The obtained certificate indicates that the KOMRAD Enterprise SIEM software package is a software tool for monitoring the results of recording security events and responding to them, complies with the requirements of the guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of control of the absence of undeclared capabilities "(State Technical Commission of Russia, 1999) - according to the 4th level of control and technical specifications when fulfilling the operating instructions given in the NPYeSh.60010-03 30 form.

The KOMRAD Enterprise SIEM software package was previously also certified by the Ministry of Defense of Russia and has a certificate No. 2315 confirming the fulfillment of the requirements of the Order of the Ministry of Defense of the Russian Federation, including:

• guidance document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of control of the absence of undeclared opportunities "(State Technical Commission of Russia, 1999) - according to level 2 of control (NDV-2);
• requirements for compliance with the real and declared functionality in the documentation.

Certificate GOST R ISO 27001

In April 2016, NPO Echelon announced the expansion of the functionality of the SIEM compliance module of the KOMRAD system: now it is possible to monitor compliance with the national standard for information security management using the system GOST R ISO 27001.

Also, the KOMRAD complex has certificates Ministry of Defense of Russia No. 2315, FSTEC Russia No. 3498 and is included in the unified register of Russian programs for electronic computers and databases (Russian register). ON Order from Ministry of Telecom and Mass Communications of russia 18.03.2016.