Developers: | Solar (formerly Rostelecom-Solar) |
Date of the premiere of the system: | 2019/07/10 |
Last Release Date: | 2022/07/12 |
Technology: | SDN Software-Defined Network Software-Defined Networks, SaaS - Software as a Service, Information Security - Firewalls |
Content |
2024: Web Application Protection for Midsize Business
The protection service for web applications WAF (Web Application Firewall) of the Solar MSS platform from the "" Group Solar of Companies, the complex architect, cyber security will begin to provide services for medium-sized businesses through the implementation of the software Russian developer. About SolidSoft this "Solar" reported on October 16, 2024. The long-term examination of the WAF service from Solar in reflecting the attacks level of applications (L7), together with the integrated SolidWall WAF solution, will help medium-sized businesses (with revenues of 800 million per year rubles for offline business and 200 million rubles for online) protect their sites from threats as Internet part of a promotion without multimillion-dollar information security costs (IS).
Hackers are increasingly attacking online resources of medium-sized businesses in various regions of the Russian Federation. At the same time, according to experts from the WAF service, the number of information security events from the actions of automated scanners in the first half of 2024 increased 2.2 times compared to the second half of last year. Attackers look for vulnerabilities in web applications that allow attacks such as SQL injections (a vulnerability that allows an attacker to interfere with requests that a web application makes to its database), XSS (injection of JavaScript code into a web page, for example, in comments), and path traversal (a vulnerability that allows an attacker to gain access to closed files on the server).
Hackers scan up to 97% of Internet sites with automated tools to find vulnerabilities, so even stealth sites are targeted by attackers who, for example, can train before larger targeted attacks on large well-known web portals, "explained Alexey Pashkov, head of WAF and Anti-DDoS of Solar Group of Companies. |
This means that the sites of small online stores, construction companies, software developers or hotels from different parts of Russia are under the constant sight of hackers. Their performance can be disrupted at any time due to web attacks, which is fraught with suspension of key business processes, loss of customers, and subsequently profit.
To protect the online resources of medium-sized businesses, in the third quarter of 2024, Solar Group entered into an agreement with SolidSoft on the supply of SolidWall WAF licenses as part of the Solar WAF web application protection service, a specialized solution for protecting sites from external attacks and controlling the use of web applications in various scenarios. The solution provides 24/7 protection for web applications by tiering their traffic and blocking illegitimate requests. SolidWall WAF complies with regulatory requirements and is included in the Unified Register of Russian Programs for Electronic Computers and Databases. The firewall has been successfully tested and is actively used as part of the service from the Solar MSS team in four organizations from the industry and education sectors.
Thus, the WAF service from Solar will help protect medium-sized business sites from hacking, theft or loss of data, as well as encrypting information for the purpose of blackmail. Protection against key threats is available to medium-sized businesses with sites up to 100 RPS (request per second - the number of requests per second per site page) as part of a promotion. Also, the line of special tariffs for medium-sized businesses provides for the protection of sites up to 700 RPS. The WAF service is connected within 3-5 days after signing the contract for a period of one year. The first report on blocked web attacks, their types and regularity will be provided in your personal account in two months.
Sites and applications for many Russian companies are the main, and increasingly the only way to interact with customers and generate income. The importance of web resources for medium-sized businesses makes them a tempting target for hackers, especially if the company cannot allocate multimillion-dollar budgets for information security. Our solution based on SolidWall WAF is designed to solve this problem and ensure the protection of web resources without cutting functionality at an affordable cost, "explained Alexey Pashkov. |
2022: Launch of the Russian vulnerability control service Vulnerability Management
The company Rostelecom-Solar"" announced on July 12, 2022 the launch of the first Russian control service (vulnerabilities Vulnerability Management) within the Solar MSS ecosystem. The solution is provided from. Rostelecom National Cloud Platform In addition to the instrumental, as scannings infrastructures part of the service, customers receive full expert support from Rostelecom-Solar in terms of prioritization and elimination of found shortcomings - taking into account the current landscape. The cyber threats scanner certified solution RedCheck of the domestic vendor "" is used as.ALTEXSOFT
Customers can connect to Vulnerability Management within 1 day, and expert results are available in most cases after 3 days. The solution is focused primarily on the mass segment of medium and large businesses from retail, agriculture, industry, fuel and energy complex, finance, medicine and other industries.
Vulnerability management is the foundation of information security. At the same time, only large companies can afford to acquire an expensive scanner and hire Vulnerability Management experts , without whom it is impossible to correctly interpret the scan results , and most importantly, to implement compensatory measures. For organizations with a limited budget for information security , this approach is not available, and the only acceptable solution is the scanning service, which includes not only the technology supplied from the cloud, but also the expertise of the service provider. However, with the departure of a number of Western vendors from Russia and against the background of an unprecedented increase in mass cyber attacks, many of these companies were under attack. The launch of the import-substituted Vulnerability Management service from Rostelecom-Solar was a response to the urgent need of the market.
The use of a cloud vulnerability control service will take care of information security issues not only for large organizations, but also for medium-sized businesses, which are becoming an easy target for numerous cyber attacks. Expertise of leading specialists "Rostelecom-Solar" will help such companies to qualitatively investigate and increase the level of their security, and the high speed of connecting the service will make it possible to quickly respond to current cyber calls, noted Maxim Bronzinsky, head of Vulnerability Management at Rostelecom-Solar.
|
Vulnerability Management includes an inventory of the customer's infrastructure, direct scanning, and expert processing of the results. Scanning detects external vulnerabilities in systems that are exploited in the vast majority of mass attacks. Tool scanning data is processed by Rostelecom-Solar analysts, who prioritize the vulnerabilities found (including taking into account knowledge of current threats), as well as prepare a plan and specific recommendations for their elimination. At the exit, the customer receives three types of reports: for business (with a description of potential risks to the company), expert (for information security) and technical (for IT).
RedCheck in the hands of qualified specialists is able not only to solve problems of the Vulnerability Management class, but also to provide a full cycle of security management of the enterprise IT infrastructure. We consider it our mission to minimize the risk of implementing security threats, so we are pleased to support projects such as Security as a Service. Together with Rostelecom-Solar, we created the first domestic cloud vulnerability control platform that will allow more companies to minimize threats to business, said Sergey Uzdemir, Deputy General Director for IT at ALTEXSOFT.
|
2021
Opening of the Solar MSS cybersecurity services expertise center in Samara
Rostelecom-Solar, a subsidiary of Rostelecom, on September 7, 2021 announced the opening in Samara of the Solar MSS cybersecurity services expertise center and announced the transformation of this ecosystem. The center will provide cyber protection for regional state organizations, as well as large and medium-sized businesses in various constituent entities of the federation.
Among the key customers of Solar MSS are regional government agencies, banks, retail, industry, power, transport, logistics, educational and healthcare institutions, etc. The transfer of expertise to the region made it possible to form an optimal approach to service pricing without loss of quality. Now Solar MSS services have become more accessible to a wider range of companies, including those who, some time ago, could not afford highly professional protection against attacks, the company emphasized. At the same time, compared to the projects of classical procurement and the introduction of the same technologies, the service model not only saves companies from large capital expenditures at the start, but also provides savings on average of about 40% on the horizon of five years.
According to Igor Lyapunov, Rostelecom's vice president for information security, almost 40% of medium-sized business organizations faced cyber incidents in 2020, while due to budget and personnel shortages, they were unable to provide full protection. Existing service offerings on the market tend to be a suite of disparate technologies without analytical support. This approach does not solve the problems of companies and actually leaves them alone with pandemic attacks and complex threats that even medium-sized businesses and small regional government organizations face.
A key feature of Solar MSS for customers is an approach focused on solving the ultimate goal of the organization in the field of cybersecurity, and not on point-based technology delivery. Customers receive comprehensive cyber protection of business assets through an external expert team through a "single window" of interaction, and can easily control and evaluate the effectiveness of services. Security policies of various protection technologies are synchronized due to the interconnection of these technologies, and analytical reports are generated in the user's personal account to assess the quality of comprehensive threat protection.
"The transformation of the Solar MSS ecosystem has made it a one-size-fits-all solution for ensuring the cybersecurity of regional organizations of large and medium size. The main value that the customer receives is the round-the-clock cyber protection of not specific objects, but business assets in their entirety, taking into account the threats that are relevant to him, - said Konstantin Kamanin, director of product portfolio development at Solar MSS of Rostelecom-Solar. - Support for Solar MSS services is provided by a dedicated regional team of experts with specialized specialization. At the same time, the ecosystem is constantly developing taking into account emerging cyber threats: we regularly test modern technologies in our laboratory and work out new solutions for customers. " |
According to the Center for Countering Cyber Attacks Solar JSOC for 2020, most often cyber attacks in the regions are associated with the spread (malware including -) and virusesencoders the use of web vulnerabilities. Depending on the region, the proportion of each of these types of incidents is 30-40%. Therefore, Rostelecom-Solar experts have supplemented the existing portfolio with turnkey solutions (bundles) for comprehensive protection of online resources, countering to phishing and ransomware viruses, as well as building centers. State system of detection, prevention and elimination of consequences of computer attacks Each of the bundles is provided in three versions - from the basic one, which provides the necessary minimum protection and requires minimal investment, to the professional one, which takes into account all attack vectors.
To protect key state infrastructures, a separate comprehensive proposal has been formed to ensure the security of the entire region and all state facilities and turnkey systems. This approach implements a high level of layered protection and takes into account the requirements of regulators, noted in Rostelecom-Solar.
Thanks to changes in the technological component of the Solar MSS platform, the delivery time for services has been reduced. As of September 2021, 70% of them are available contactless (from the cloud) and connect in 2-3 days, which allows you to implement protection even during an evolving attack. For perimeter security solutions that require devices to be installed at the customer's site, connectivity speeds have increased more than 2-fold by increasing the number of warehouses with equipment and significantly automating the deployment process. At the same time, the number of connection schemes for such services increased to 20 possible options, which allows seamless integration of them into virtually any customer infrastructure. In addition, the updated Solar MSS network architecture now makes it possible to connect solutions from any vendor, which means to reduce the risks associated with sanctions.
Add Sandbox Service
Rostelecom-Solar on March 31, 2021 announced the launch of the Sandbox service - to protect against complex and previously unknown threats implemented through mail and web traffic. Sandbox has complemented the Solar MSS line of managed cybersecurity services. Check Point SandBlast provides 98.4% user security. At the same time, on the horizon of 7 years, the service is on average 30% cheaper for companies than their own solution. Read more here.
2020: Solar MSS Ecosystem
2019
As part of a comprehensive proposal based on Rostelecom's Virtual Data Center
On October 28, 2019, Rostelecom-Solar announced that, together with Rostelecom, it was launching a comprehensive offer that includes Solar MSS managed information security services and the Virtual Data Center service. Read more here.
Solar MSS announcement
On July 10, 2019, the company Rostelecom-Solar"" introduced Solar MSS - an ecosystem of services cyber security that solve the tasks of protecting against cyber threats in the process digital transformation the Russian of organizations. Thus, now the Rostelecom-Solar service offer includes two areas - services based on the Russian center for monitoring and responding to cyber attacks Solar JSOC and managed cybersecurity services based on the Solar MSS ecosystem.
According to the company, the Solar MSS concept was created on the basis of practical experience in implementing several hundred projects in the direction of the Unified Cybersecurity Services Platform (EPSC). As of July 2019, the Solar MSS ecosystem includes 9 mutually integrated managed cybersecurity services, the technology core of which is the Unified Cybersecurity Services Platform (EPSC), built on a breakthrough technology software-defined for threats and attacks, which allows you to continuously improve the technologies and security policies of each of them.
Due to the growing demand for EPSC services, the creation of Solar MSS required an increase in both the capacity of the platform for providing connections, and a significant modernization of the internal architecture for optimal service management. The Solar MSS suite of technologies is selected in such a way as to provide protection against all the main types of attacks with the ability to focus on the segments most critical for each individual organization. told Valentin Krokhin, Development Director of Rostelecom-Solar |
The experience of providing services accumulated since the launch of the Unified Cybersecurity Services Platform in November 2018 made it possible not only to optimize and improve each service separately, but also to link them into sets of technological bundles.
The list of tasks solved by Solar MSS for July 2019 includes:
- External perimeter security and intrusion protection for organizations of all industries, including protection of government information systems using certified technical means.
- Secure critical web resources, from identifying vulnerabilities or developer bugs to protecting against DDoS attacks - both channel and application level.
- Comprehensive counteraction to phishing attacks: technical - in terms of protecting mail channels and organizational - in terms of training to increase user awareness.
- Comprehensive control of user actions on the Internet from URL filtering to control of used applications and others.