Positive Technologies и АИС: A-SIEM

2019: Development of A-SIEM

On October 25, 2019 the company Positive Technologies reported that together with Air navigation and information systemsSIEM MaxPatrol SIEM JSC " signed the agreement on technology partnership and developed the joint solution — A-intended for identification of incidents of cyber security in real time. the hardware and software system is constructed based on a system and a number of solutions AIS, adapting it to needs state of corporation "Rostec". The complex will allow to reveal relevant threats, to carry out the retrospective analysis and monitoring of cyber security in distributed infrastructures, to detect suspicious activity and to timely elicit the fact cyber attacks.

Our task consisted in systemically to solve a cyber security problem in air navigation and information clusters on the basis of domestic technologies. The created solution completely is developed in Russia, all its components — the software, engineering, services in information security field and other — are developed and will be implemented the Russian engineers, explains Andrey Gorobets, the head of department of information security of the joint-stock company "Air navigation and information systems

This system can be used for monitoring of cyberincidents in the most significant segments air navigation and other high-tech industries. The hardware constructed based on x86 platform is expected installation of operating systems, databases, the MaxPatrol SIEM components and differs in compactness and high efficiency. The version of MaxPatrol SIEM preset on the server of production "AIS" on the functions is completely identical to the current version of a product and receives all corresponding updates (including examination packets) in the normal mode.

Users of a hardware and software system will be able to reveal the most relevant threats using updates of packets of examination and will receive the broad picture of IT infrastructure thanks to technology of detailed inventory. Also the product supports hierarchical installations that allows to obtain up-to-date data about a cybersecurity status in all organization at any time and to reveal the distributed attacks on infrastructure of separate division or the whole enterprise. Using compromise indicators users will be able to carry out the retrospective analysis of events of cybersecurity and thus to reveal the attacks which took place in the past and to prevent their development. The complex supports daily filled up base of Positive Technologies indicators and also supports the indicators developed by Kaspersky Lab and Group-IB.

Partnership with "AIS" — a significant stage of development of our SIEM system: the hi-tech projects implemented by colleagues are of particular importance for one of key industries of the domestic industry, require use of the product approved at the level of the state for protection of the most vulnerable objects in terms of security. The joint solution has no analogs and, by our estimates, can potentially occupy a considerable niche among solutions on information security both at the enterprises of Russian Technologies State Corporation, and in the market of Russia, notes Maxim Filippov, the director of business development of Positive Technologies company in Russia

The hardware and software system is tested by experts of "AIS" jointly with specialists of Positive Technologies and showed the high performance and reliability. Its first deliveries are expected in the I quarter 2020.