Note Dome

2024

Ability to validate development clusters against global safety standards

Note's developers have improved tools to protect container environments that allow applications to run in isolation from the main operating system. This will help improve the fault tolerance of the IT infrastructure without losing performance, as well as reduce the labor costs of specialists to find vulnerabilities. The company announced this on July 3, 2024.

Due to the increase in the number of business applications being developed and a decrease in the time for their launch on the market, companies are increasingly using containerization systems. Simultaneously with the growing popularity of these tools, the demand for their ability to withstand cyber threats increases. In order to update the protective mechanisms, the NOTE DOME command. Containers have updated the functionality of the product responsible for the safety of container environments. Now the system relies on the latest recommendations for the prompt elimination and prevention of threats and uses 17 international and domestic vulnerability databases.

The product has the ability to check development clusters for compliance with global security standards, configure vulnerability scanning and assess the possible impact of found threats using the built-in risk assessment algorithm. At the same time, in the event of an incident or unauthorized access, the protection tools will work without affecting the main infrastructure. The solution is compatible with domestic operating systems such as Astra Linux and Red OS.

{{quote "Regular updates of solutions from the cybersecurity ecosystem are needed to effectively counter the actions of attackers who are also constantly improving the way they attack. NOTE DOME. Containers, taking into account the best practices when working with container environments, allows users to independently assess risks at all stages of development, increase the fault tolerance of created and used applications, optimize resources and identify anomalies. It is fundamentally important that this happens without reducing the performance of the IT pipeline, - said Igor Soul, director of the NOTA DOME portfolio of solutions. }}

Automatic Threat Model Generation

Vendor Nota (Holding T1) has expanded the capabilities of NOTA DOME. Documents, systems for accounting for IT assets and categorization of critical information infrastructure (CII) facilities. The solution introduced the function of automatic formation of a threat model, which will allow companies to assess the relevance of hazards based on added edited reference books. This was announced by T1 Holding on April 25, 2024.

In the reference books NOTE DOME. The documents reflect information about threats, methods of their implementation, techniques and tactics of intruders, unloaded from the information security threats data bank (NOS) of the FSTEC. In addition, companies can now edit and supplement reference books based on their own resources and experience.

The solution has opportunities for assessing the risks of CII. After the client's information security specialists have pre-scanned the system, assigned assets (for example, domain name, IP address), equipment and programs, they can rank threats on a 10-point scale. Marks from 7 to 10 determine that a cyber attack is relevant, from 0 to 6 - not. As a result of the expert assessment, the business receives a model that reflects significant risks for the system - on its basis it is easy to determine the necessary IT tools for comprehensive protection.

Also updated NOTE DOME platform. Documents have expanded user scenarios. Now specialists can be tied to various information systems, indicate the role, authority and subjects for experts added through AD/ALD servers.

Threat modeling has always been a difficult task, for the implementation of which it is especially important to keep documents up to date so that they are a working tool, "said Igor Soul, director of the NOTA DOME portfolio of solutions. - A large-scale update of the solution was implemented in the quarter. Our specialists have tried to find a balance between automation and human participation in creating a threat model. In the second half of 2024, we plan to develop the functions of automating verification for compliance with the safety requirements of target objects in automatic mode. In addition, the product will add a flexible model for configuring access to data and user capabilities.

2023: Presentation of the "Note Dome" solution

On December 19, 2023, the Russian vendor Nota (T1 Holding) presented a comprehensive NOTA DOME solution, including four products in the field of information security of critical information infrastructure (CII) facilities. The ecosystem closes the basic needs for detecting and preventing cyber attacks, ensuring compliance with the requirements of the regulator, and also allows you to quickly replace a number of popular systems of foreign players who have left the domestic market.

NOTE DOME. Documents - a product of the SGRC (Security Governance, Risk Management and Compliance) class is designed to take into account IT assets and categorize critical information infrastructure objects. The tool automates the inventory of IT assets, the distribution of objects by significance and the formation of an act of categorization and threat model.

NOTE DOME. Management allows you to create a single center for managing network devices and firewalls of a number of domestic and foreign manufacturers. The tool is applicable to companies with distributed network infrastructure and is used to analyze security policies and identify anomalies. In addition, the product offers information security specialists recommendations for their elimination. NOTE DOME is responsible for updating network security rules and unification of requirements. Rules.

NOTE. DOME. Containers build a system for protecting container development environments. The solution improves fault tolerance for applications being developed and used, as well as optimizes resource utilization and speeds up vulnerability detection.

Also, users will have access to information security audit services: network research for vulnerabilities, penetration testing and confirmation of compliance with the requirements of the law. The vendor plans to distribute ecosystem products through a partner network that includes 70 technology players as of December 2023.

{{quote 'With the departure of foreign developers, the shortage of solutions for protecting critical infrastructure became especially noticeable. A capacious niche has opened, in which no Russian developers were previously represented. Thanks to the team's experience, we managed to form a full-fledged ecosystem from scratch in a year to ensure the protection of objects and the process of interaction with the regulator. In 5 years, we plan to occupy 10% of the information security market at this pace, which is comparable to the turnover of 4 billion rubles, "said Kirill Bulgakov, Managing Director of the NOTA vendor. }}

Before the start of development, we conducted large-scale studies of the corporate security market, identifying the classes of information security products that the market needed the most. Development roadmaps have been formed for each of the directions, taking into account both current and potential customer requests. However, we are already working on the issue of exporting a new class of solutions countries CIS states to the Persian Gulf - T1 markets that are strategically important for the Holding, "stressed the Igor Soul director of the NOTA DOME product portfolio.