Research Institute of SOCB: SafePhone

Main articles:

• DLP - Data Loss/Leak Prevention
• Data management

The SafePhone solutions are designed to protect against unauthorized access to information stored and processed on corporate mobile communications (MCC), as well as for centralized management of these tools.

There are many means of unauthorized access to mobile devices: from the simplest programs that allow you to read your SMS messages, to applications that can record telephone conversations and secretly transmit them to the attacker's email, seamlessly connect to an externally inactive mobile device and receive information captured by its microphone, video and camera. The ways of infecting mobile devices are very diverse: through physical access to the phone, through the cable interface, through wireless channels (Bluetooth, WiFi), as well as using externally harmless SMS messages.

In the light of the widespread trend of using personal mobile and other electronic devices (BYOD) at work, the issue of information protection is becoming more and more urgent . The implementation of this program in corporate networks will ensure a reliable level of security.

Additional service capabilities of the solution (monitoring the use of corporate MCC, monitoring the movement of subscribers, remote control and removal of applications, the use of internal message service instead of SMS service) will minimize the cost of corporate customers for corporate cellular communications in general.

2021: As part of a solution to prevent information leaks through mobile devices

SOKB Research Institute and Smartecosystem (part of the Automatics concern of Rostec State Corporation) have prepared a solution for the corporate market based on the AUUA T1 and EMM SafePhone smartphone. The main feature of the solution is that in addition to the already implemented hardware switch of the built-in cameras and microphones, a software one has been added, which, if necessary, can be used by the owner directly on the device or the administrator from the console SafePhone remotely. Read more here

2020

Compatibility with Red OS

Research Institute SOKB and RED SOFT on December 14, 2020 announced the completion of tests for compatibility of EMM SafePhone and the operating system of RED OS. The tests confirmed the compatibility and correctness of the software operation.

The use of a joint solution ensures that customers meet the requirements not only in terms of information security, but also in terms of import substitution of software, said Dmitry Sirik, head of the project department at SOKB Research Institute.

One of the main tasks facing our company is to create an ecosystem based on RED OS using exclusively domestic products. The compatibility of EMM SafePhone not only expands functionality of our operating system, but also gives the chance to the customer to ensure safety of business processes of the organization, applying import-independent ON - Rustam Rustamov, the deputy CEO of RED SOFT noted.

Free provision of SafePhone against the background of the coronavirus pandemic

On March 23, 2020, the SOKB Research Institute announced that in connection with the transition of many employees to remote work, the company decided to provide the product to the SafePhone for free.

SafePhone - as of March 2020, the only certified Russian multi-platform - allows you to fully manage mobile devices of different manufacturers, applications and organizations, also providing a secure corporate browser (iOS), a secure corporate "Dropbox" and a secure mail client (iOS).

2019

Compatibility with Samsung Knox platform

SafePhone received accreditation of the Samsung Electronics centralized corporate mobility management system in the fall of 2019 and was included in the EMM (Enterprise mobility management) list of solutions compatible with the Samsung Knox platform.

Integration with the platform means that now Samsung devices can be connected to the SafePhone "out of the box" using Knox Mobile Enrollment (KME) technology. The first time the devices are turned on, the mobile SafePhone client will automatically load them, which will install the necessary applications and apply system settings that meet the requirements of the corporate security policy. The use of KME technology makes the process of connecting devices easy, fast and secure, while eliminating any user influence. Even resetting to factory settings will prevent the employee from taking the device out of EMM control because it will be automatically re-registered in the SafePhone.

In addition, the capabilities of corporate Knox containers are SafePhone available to users. A knox container is a secure area of ​ ​ a mobile device for storing enterprise applications and their data. Outside this area, the device belongs to the user - there are his applications and data to which his employer does not have access. The contents of the container belong to the company. A user cannot unauthorized data retrieval or access a corporate VPN outside the Knox workspace. To make it convenient for users to use containers, the administrator can copy familiar applications from the device to the enterprise area of ​ ​ Knox. For example, a web browser or mail client. In this case, employees will not need to get used to new applications. They will gain secure remote access to the data using tools familiar to them.

Innovations have also appeared for SafePhone administrators. Now they can manage dozens of security policies, some of which are unique to the Samsung Knox platform. For example, only on Samsung devices you can prevent overlinking before you download Android. Third-party devices may be vulnerable to this attack.

Postgres Pro Certified 10 Compatibility

On March 27, 2019, Postgres Professional announced that together with the Research Institute of SOCB, they tested the compatibility of their solutions. The test results confirmed the full compatibility of the EMM platform SafePhone 4.0 with the SUBDPostgres Pro Certified 10. More details here.

Integration with Forsyth. Mobile Platform "

On February 13, 2019, Forsyth announced that together with the Research Institute, SOKB combined their many years of experience in software development and released a joint solution - Protected Mobility. More details here.

2018

EMM SafePhone 4.0: The New Age of Enterprise Mobility

In December 2018, SOKB Research Institute completed work on a new version of the EMM solution SafePhone 4.0. The solution is designed to centrally manage and secure the use of mobile devices in the enterprise information infrastructure.

Taking into account the results of long-term use of SafePhone in the largest Russian companies , the new version of the solution additionally implements the functions of separating personal and corporate data on the device, managing (installing, updating, deleting) enterprise applications, ensuring remote secure access to corporate e-mail, documents, files, etc.

In SafePhone 4.0 , self-diagnostics functionality also appeared, providing IT professionals with online access to information about the status of servers included in the hardware of the solution.

Since 2012, we have sought to convince corporate customers to use enterprise devices to ensure an acceptable balance of convenience and security. And many of our customers have chosen this scenario for themselves. But the needs and specifics of corporate mobility turned out to be more multifaceted than we expected. Therefore, in 2016, for small and medium businesses, we began to offer services for centralized management of mobile devices and applications based on the SafePhone solution from our own secure data center SafeDC (SaaS), and in the new version of SafePhone 4.0 we implemented all possible scenarios for using both enterprise and personal mobile devices. EMM SafePhone 4.0 is adaptable for any business, system settings are easily configured for the specific tasks of companies in various areas of activity, and meeting the toughest information protection requirements makes SafePhone 4.0 an ideal option for public sector organizations. Thanks to the scalability of SafePhone 4.0, it is possible to implement the system both in a large geographically distributed corporation and in a very small business. Like all previous versions, SafePhone 4.0 is available for deployment on the customer infrastructure, as well as in the cloud service format. Despite the successes achieved, the company plans to start several new projects to implement SafePhone 4.0 at once in January next year, "commented Igor Kalaida, Director General of SOKB Research Institute, on the release of the new version .

SOCB Research Institute partners also see the prospect of joint projects to use SafePhone 4.0 as part of corporate mobile workplaces for office and field employees. Mobils Director of Business Development Sergey Makaryin believes that "the growing interest in corporate mobility, as well as the development of complementary solutions SafePhone and WorksPad, inspires confidence that the cooperation of MobilityLab and SOKB Research Institute will have a synergistic effect."

It is important to note not only the new functionality, but also the new sales policy SafePhone 4.0. We have revised the licensing format, choosing the optimal option for the Russian market. SafePhone 4.0 includes mobile client licenses and technical support. You do not need to purchase a server license. At the same time, various modifications and modules of SafePhone 4.0 are available to the customer, therefore, in the project you can configure the EMM solution depending on need and budget, "says Maria Yukhova, director of the marketing and sales department of SOKB Research Institute .

Licbez on Secure Mobile Access

Regularly examining open contests for the implementation of remote access systems to ensure a convenient working mode for mobile employees, you involuntarily pay attention to the technical requirements for ensuring the security of the data used in the work. In the vast majority of cases, we are talking about protecting only the communication channel between the mobile device and the corresponding server group by creating a cryptotunnel, including using encryption algorithms certified by the FSB of Russia. It's a misconception... and, in the future, not cheap, because of the possible consequences.

There are three main methods for remote mobile access - using native mobile applications, using Web and virtual access (VDI).

From the point of view of information security, all methods are equally 'good'.

Web browser or VDI access is good in theory because it does not require enterprise data to be stored on the device. But in practice, the ability to work with the application is a typical requirement. In addition, any browser communicates continuously with the Internet, even without being infected, and the cache used by the web browser is not encrypted...

Access to data using a native mobile application is more predictable in terms of communication control. However, in the case of a mobile application, there is a problem with data that is directly on the mobile device during the operation of the application and possibly stored on it. If it is possible to install mobile applications from open app stores (AppStore, Google Play) on the device, and especially from unverified sources, you do not have to seriously talk about the preservation of data. The data on the device is in most cases not encrypted and can become the prey of an attacker as a result of the implementation of one of many universally described attacks.

The installation, upgrade, and configuration of a mobile application is usually performed in most cases by IT employees. The process is time-consuming and unsafe. Time consuming - because installing/upgrading applications often requires an IT employee to access the mobile device directly. Unsafe because installation of the application requires certain access rights.

Which application will be installed - original or modified, will the IT employee limit himself only to installing the application - the question is not idle...

How can the risks associated with all of the above be avoided?

There are two paths:

The first is to develop all the necessary trusted applications, including a web browser, teamwork, place them in an isolated and encrypted area of ​ ​ the mobile application and conduct all communications through perimeter protection using "guest" encryption. The method is quite reliable, but very expensive to implement.

The second is the use of EMM (Enterprise mobility management) tools that implement the mechanisms of concatainerating (isolation) applications as necessary and include tools for online protection (taking control) of any applications. This is either an SDK ( ideally), which allows you to embed the necessary functionality in the code of the managed application, or Wrapper, as a means for processing and enabling you to take control of the executable file of the mobile application.

Choosing a second path will reduce the cost of implementing protection, but limit the choice of mobile device models and versions of mobile operating systems.

Thus, State-owned companies and large corporations were likely to follow the first path.

The second is the shortest path to mobile security of medium and small companies, albeit with restrictions.

2017: Partnership with Digital Design

The Scientific and Testing Institute of Integrated Security Systems (NII SOKB) and Digital Design have entered into a strategic partnership agreement with the aim of implementing and promoting solutions based on their own developments.

The collaborative effort will enable companies to offer SafePhone-class MDM (Mobile Device Management) and Secure Mobility applications in a single employee mobile workplace, ^[1]

2014: On the global market - SafePhone Plus

On March 24, 2014, Infotecs and NII SOKB announced the launch of a joint solution to protect corporate mobile communications SafePhone Plus to the European market.

Description

The solution was presented at Mobile World Congress 2014 on February 23-27 in Barcelona and aroused interest among representatives of large and medium-sized businesses, specialists of small and medium-sized companies, manufacturers of mobile devices.

A comprehensive SafePhone Plus solution was developed by Infotecs and the Research Institute of SOKB. It helps prevent the most dangerous problems of corporate mobile security by enabling employees to exchange important business information over a secure channel.

When using the SafePhone Plus solution, users' mobile devices are installed: software client programs SafePhone, - and VipNet SIP clients. For enterprise operating equipment - server components SafePhone Server, ViPNet Coordinator and Server SIP, which allows you to protect data transfer and communication over the Internet using technology. VoIP

Features

SafePhone Plus technology is built on the basis of threat analysis based on national and international experience and helps solve security problems in a corporate mobile environment:

• data transmission via a closed secure channel between subscribers within the corporate network, mobile subscribers, provision of safe video conferencing;
• preventing unauthorized access to information on a mobile device in case of loss or loss of access to corporate resources through an internal network;
• blocking listening to an acoustic environment around a mobile device, blocking address listening of a particular subscriber in online or delayed mode through a communication operator or without it.

As part of SafePhone Plus, products are certified FSB and FSTEC Russia compliant with regulatory requirements.

Today, the transition to mobile technologies is actively continuing to expand access to corporate resources. Increasingly, companies around the world are in need of confidentiality of negotiations and data transfer over the Internet. It is important to note here that not only large corporations and government agencies, but also medium-sized businesses are showing interest in SafePhone Plus technology to ensure the high security of their mobile employees, "said Andrei Chapchaev, CEO of Infotecs. "We hope that entering a new market for us will allow even more companies to provide secure access to the corporate information infrastructure thanks to advanced VipNet and SafePhone systems."

Notes