Developers: | Solar (formerly Rostelecom-Solar) |
Date of the premiere of the system: | 2023/04/13 |
Last Release Date: | 2024/10/01 |
Technology: | IS - Firewalls |
The main articles are:
2024
Solar NGFW 1.4 with control center
Solar Group introduced the next version of the next generation Solar NGFW 1.4 firewall. The company announced this on October 1, 2024. The product now includes centralized management, session synchronization clustering, GeoIP, and an updated deep packet analysis engine, as well as an improved user interface. Updates will make it even easier to integrate Solar NGFW into large customer IT infrastructures.
When developing the solution, Solar applies the best practices for creating functions based on the roadmap, import substitution the development of security systems and network architectures of its customers, as well as relying on international and domestic trends in the NGFW market. The product has already received a certificate of conformity FSTEC of Russia as a firewall and intrusion detection system, which cyber security is necessary in the field for most customers seeking to replace foreign IPS in accordance with Presidential Decrees RUSSIAN FEDERATION No. 250 and No. 166 until 2025.
One of the key improvements of Solar NGFW 1.4 was the introduction of the Control Center, a specialized service with an intuitive graphical interface designed to manage all nodes of connected clusters through a single console, carried out using the secure HTTPS protocol. Solar NGFW users also have access to a centralized access policy change, log collection and display, and role model control.
In version 1.4, the system in the cluster has been improved: the interaction mechanism has been redesigned and session synchronization between nodes has been added. Stability and performance in this mode are also improved, which allows you to use the Solar Group product to protect critical network segments of large customers with the highest requirements.
In addition to the previously mentioned IT capabilities, the new version also paid attention to information security functions - they updated the DPI application control mechanism, which allows you to recognize applications in network traffic. Thus, the system has been replenished with dissectors of domestic applications: TrueConf, Express, Yandex Telemost, Kaspersky Update and others.
Solar NGFW 1.4 added the ability to use location data in firewall rules (GeoIP), for which the database of IP addresses recommended by the FSTEC of Russia with constantly updated information about 250 countries is used. In addition, they optimized the number of firewall rules created and improved system performance when working with a large number of ME rules.
Separately, it is worth noting improvements in the interface - now users can configure the sending of syslog messages about events of the Solar NGFW complex to centralized event collection servers. This means that all logs and events will be stored and analyzed in one place, which simplifies management and monitoring. It is also possible to filter ICMP traffic by individual message types. This allows only dangerous traffic to be blocked, not ICMP completely.
When developing Solar NGFW, we recognize the importance of both security and IT features, as our solution will be used by both information security professionals and IT administrators. In release 1.4, we took into account the needs of both categories of users: we finalized the mechanisms for deep package analysis for security specialists, and also, focusing on the requests of our customers, strengthened the network component - added support for the OSPF protocol, - said Albert Mannanov, Product Manager Solar NGFW Solar Group. |
In this release, the graphical interface has the ability to configure static and dynamic (OSPF) routing parameters. This will make it easier to integrate Solar NGFW into large customer IT infrastructures.
Obtaining the certificate of FSTEC of Russia
The certified version of Solar NGFW - the Solar Firewall appliance - has been tested and confirmed to meet the requirements for firewalls and intrusion detection systems. Solar (formerly Rostelecom-Solar) announced this on September 19, 2024.
The obtained certificate of the FSTEC of Russia indicates that Solar NGFW meets the requirements for firewalls for the type "A" security profile and the security profile of intrusion detection systems of the fourth protection class network layer (IT.ME.A4.PZ, IT.SOV.S.4.PZ).
The fourth level of trust of FSTEC Russia means that the Solar NGFW solution can be used to protect significant objects (critical information infrastructure ZO), CUES state information systems (GIS) and automated process control systems (), APCS as well as to protect information systems (ISDS personal data).
The FSTEC certificate of the fourth level of trust confirms the high level of security of the next generation Solar NGFW firewall and allows our customers to use a system that meets the requirements of the regulator to protect the perimeter of the network from network attacks, web threats and malware, - said Albert Mannanov, Product Manager Solar NGFW Solar Group. - Obtaining a certificate of conformity for the functional characteristics of our flagship product Solar NGFW is just the first step in its development on the Russian market. In the near future, we will present significant updates to customers that will improve the functionality and performance of the product. |
Solar NGFW 1.3 with High Performance Platform Management
On August 19, 2024, Solar Group, an architect of comprehensive cybersecurity, announced that it had made functional changes to the updated version of the next-generation Solar NGFW 1.3 firewall and optimized the SLA of customer response support for up to 30 minutes.
According to the company, during the refinement of the solution, the company focuses on key metrics and customer needs that determine the vector of product development for vendors: ease of migration from one solution to another, performance on large data streams, technical support and certification, as well as synchronization with Threat Intelligence.
The updated version optimizes the network stack, which allows you to stabilize the performance values of hardware and software platforms. Thus, for the segment of high-performance XL 4000 platforms, stable performance values of 40 Gb/s in L7 FW mode are provided with determining applications by the content of network packets enabled by logging in appmix traffic type.
The maximum number of sessions reaches 100 thousand/s (100 kCPS). This platform provides segmentation, perimeter protection and internal network segments of large organizations with centralized Internet access.
Solar NGFW 1.3 introduces changes that optimize system integration and operation. Thus, support for the SNMP protocol was implemented for monitoring and managing network devices and equipment: routers, switches, firewalls and other categories of devices connected via IP. This update optimizes the integration of the firewall into the existing IT infrastructure, which uses hardware in various commercial or open source solutions.
Also, Solar NGFW 1.3 has features that optimize administration processes and offer capabilities for managing network security. For high-load and complex IT infrastructures of large organizations, it is critical to flexibly manage virtual networks and create a large number of VLAN interfaces. To solve such a problem, the developers of the Solar Group optimized the component for working with network interfaces.
In addition, the ability to combine several physical network interfaces into a single logical channel has been added. This allows you to optimize aggregate throughput and ensure fault tolerance of the network connection: even in the event of a failure of one of the physical interfaces, data transfer will continue without interruptions. The developers also optimized the configuration of security policies in the Active/Passive cluster. Now it is enough to configure policies only on the active node - all changes are automatically synchronized with the standby node. This, along with the built-in help in the system, saves work and optimizes the work of the administrator when working with the system.
All updated Solar NGFW features are intuitively displayed in the GUI, making their configuration and use easy and easy for administrators.
On average, it takes about a month and a half from the idea to the implementation of the updated function in Solar NGFW. This dynamics allows us to develop the product taking into account the needs of customers, market trends and regulatory requirements. told Albert Mannanov, head of the Solar NGFW product of Solar Group |
To ensure the uninterrupted operation of Solar NGFW, a system of comprehensive technical support software and hardware platforms and analytical support has been created. Extended support includes a dedicated engineer who is assigned to the customer, and the Case Response SLA is no more than 30 minutes. As part of analytical the support, NGFW policies are regularly audited and optimized.
Support for Solar NGFW hardware platforms is implemented jointly with Kraftway. It is included in the service department and spare parts warehouse, which allows you to quickly resolve any technical issues. If necessary, a specialist visit, repair or replacement of equipment with SLA Next business day/next calendar day is available.
Solar NGFW is the next generation firewall (NGFW) for comprehensive protection of the corporate network against network attacks and malware. Provides control over access to web resources, as well as a modern web interface with automation of routine operations. The solution is suitable for import substitution of foreign firewalls, providing the necessary level of security for the network infrastructure and ease of use.
Solar launches its own NGFW in hardware based on Kraftway servers
Solar Group of Companies in mid-May announced the release of a new generation Solar NGFW hardware firewall. Solar NGFW hardware and software complexes (PAC) will be produced in conjunction with Kraftway. The PAC was developed on the basis of Kraftway servers in three versions: with a bandwidth of up to 20, 40 and 100 Gbps. The contract was concluded for 7 years, the first batch of devices in the amount of several hundred pieces is planned to be sold by the end of this year. Kraftway, among other things, takes on the tasks of providing the first line of technical support when servicing manufactured devices.
All PAC is made in 1U cases for a standard mounting rack. They are powered by third-generation Intel Xeon processors because they are not subject to sanctions restrictions. The performance of these crystals is sufficient for the throughput values stated above.
The minimum model is based on a single-processor board. It provides network filtering at speeds up to 20 Gbps, and intrusion detection - up to 4 Gbps according to the methodology published by Solar. The average model built on a dual-processor board allows you to increase network filtering performance up to 40 Gb/s. Both models are designed to protect corporate networks, so they have a wide variety of different network interfaces.
The design is based on Kraftway serial servers, modified to meet the requirements of Solar. In addition, the devices meet the requirements of Russian regulators for trusted PAC. In particular, they have a built-in trusted boot module that protects the system from compromise at the time of launch. It is the compliance with Russian realities and the presence of its own network cards in the Kraftway assortment that has become the key criteria when choosing a contract manufacturer PAC.
The older model was developed specifically for the requirements of Solar and provides a filtration speed of up to 100 Gbps. It also installs two processors, but they are already 24-core, and the amount of RAM has been increased to 128 GB. However, the key design elements are eight 100 Gb/s optical network interfaces, complemented by four copper ones with the same bandwidth. These devices are already designed to protect corporate and operator data centers.
According to Solar, it is on the basis of this model that the second version of the Solar NGFW architecture will be presented next year, which should already be comparable in performance to foreign counterparts.
In addition, Kraftway promises to transfer its base servers to the fourth generation of standard processors by the end of the year, which will expand the functionality of devices and reduce their power consumption while maintaining performance. In addition, the manufacturer is developing a new version of its hardware platform, where a Russian hardware encryption crystal will already be built in, which will accelerate secure SSL and IPsec protocols - their inspection is one of the important functions of NGFW.
According to estimates by Solar CEO Igor Lyapunov in 2025, the NGFW market in Russia will amount to approximately 30 billion rubles, while the total market for information security products for this period is expected at 210 billion rubles, that is, NGFW will account for about 14% of the total information security market. At the same time, Solar itself can earn about 500 million rubles at almost zero on PAC this year, which is not very much compared to the market leader UserGate, which earned 8 billion rubles according to the results of last year. Therefore, the company has developed a certain strategy for consolidating the NGFW product market.
Solar NGFW 1.2 with the ability to configure network interfaces in detail via a graphical interface
Solar Group released an updated version of Solar NGFW 1.2, which added the ability to configure network interfaces in detail through a graphical interface, import IPS signature sets and data about their categories, and configure a fault-tolerant pair. The developer announced this on April 26, 2024.
The Network Interfaces section has been added to the web interface to manage network configuration settings. It displays both Ethernet interfaces that are automatically added and VLAN interfaces that require full manual configuration. For convenient operation, the status display is "connected," "not connected," "intermediate," notifying about the absence of confirmation of the transition to another mode, as well as calling up detailed information on each interface that updates every minute. Previously, such settings were possible only through the command line.
The Intrusion Prevention menu has been updated with the Signature Sets tab, which allows you to download updates to new security risks in a timely manner. The system offers two types of actions: adding a new set or updating an existing one in the system. This change gives users a convenient mechanism built into the web interface for working with both their own signatures and for updating sets from Solar 4RAYS, the release frequency of which already reaches once every two weeks. Additionally, the feature allows you to add and update information about the categories to which signatures belong, which will simplify the work of administrators when drawing up a complex security policy.
{{quote 'In this release, we emphasized internal architectural refinements that lay the foundation for major improvements throughout the year. We have carried out a number of work to optimize the architecture of the system and its individual components, which increased the overall speed and stability of operation. In addition, a noticeable internal change was the addition of the ability to configure a fault-tolerant pair, which made the configuration of both cluster devices more convenient, "said Albert Mannanov, head of Solar NGFW product at Solar Group. }}
Together with the release of the updated version, the specialists of the Solar Group also updated the testing methodology, published in the public domain on the site. Two tests were added to it: general load in NGFW mode on AppMix close to real mixed traffic (AppMix) and functional for the IPS mechanism, which checks the correctness of repelling attacks under load on AppMix traffic.
Solar first presented the implementation of its NGFW in hardware and released the results of its testing
Solar In mid-February, the GC announced the[1] technique[2] load testing of its firewall own and conducted a demonstration of the performance of Solar NGFW on test equipment. According to this document, the company's device showed the following results: bandwidth in firewall mode is fixed at 20 Gbps, and in NGFW mode, with the deep packet research (DPI) and intrusion detection (IPS) rules enabled, the speed of operation was 4 Gbps.
Synthetic traffic of the Ixia PerfectStorm product was used as the load for testing.
The Solar NGFW design model demonstrated during testing is based on an industrial rack-mounted dual-processor computer based on Intel Xeon Silver 4210R crystals clocked at 2.4 GHz. Its RAM was 64 GB DDR4, and an Intel SSD with a capacity of 1 TB was taken as a drive. To provide networking, two 10 GbE SFP + cards from Intel (Ethernet Connection X722) were used, which were connected to the corresponding Ixia ports. The device runs Astra Linux 1.7.3.
A demonstration device took part in the testing, according to the test results of which the company expects to launch production. Solar expects to inform the public this spring about plans for mass production of the device.
During the testing process, the number of new connections was first determined (devices demonstrated results at the level of 100 thousand connection requests) and the number of simultaneously supported sessions (up to 1 million connections). And at the second stage, bandwidth was estimated in three modes: firewall with disabled rules (monitoring only - bandwidth at 20 Gbps), DPI (1,000 rules - 15 Gbps) and NGFW (10 rules and analysis of attack signatures - 4 Gbps).
Since the device has two 10 Gb/s interfaces, 20 Gb/s filtering-free operation is more an indicator of the efficiency of implementing a stack of network protocols in Astra Linux than the operation of, in fact, a firewall. The same applies to the number of new connections and the number of simultaneously supported sessions. A 5 Gbps slowdown with DPI enabled with a thousand rules is a good result. However, a five-fold drawdown when intrusion detection features are enabled is not a good indicator, although typical of NGFW as a whole.
It should be noted that FSTEC at about the same time announced the creation of a testing infrastructure based on the created Competence Center for testing performance, sustainability and functionality of Internet logs and other network devices. In addition, the agency expects to develop and publish a methodology for testing the performance of NGFW, which may differ from the proposed Solar. In any case, instead of Ixia, it is most likely planned to develop its own information security testing environment that will emulate the actions of information security violators.
2023
Solar NGFW 1.0 Load Testing
PJSC Rostelecom in its Laboratory conducted functional and load testing Solar NGFW 1.0. As a result of the tests, the performance and functionality of the product with a large number of rules and policies is fully confirmed. Rostelecom announced this on December 11, 2023.
Functional testing consisted of configuration settings and a health check of the claimed Solar NGFW 1.0 functionality. As part of the testing, NATs were tested; Traffic filtering based on IP and ports/; TCPUDP static routing; IPS detection and blocking attacks Application category traffic recognition followed by blocking, and basic configurations for integration into the network infrastructure. The configuration of Solar NGFW 1.0 during testing was carried out by employees of PJSC Rostelecom, with the advice and help of representatives of the GC "." Solar The results showed that Solar NGFW 1.0 supports the functionality announced in the release. The vendor also provided the timing and composition of releases for the further development of product functions.
Load testing was carried out at the stands of the Rostelecom Laboratory using the IXIA BreakingPoint testing platform. The task of load testing was to evaluate the declared performance of the product under conditions close to actual.
During testing, IXIA generated traffic and routed to Solar NGFW 1.0. The product was evaluated by key metrics - throughput, traffic latency, and maximum number of new and simultaneous sessions. Traffic profile - Enterprise Traffic Mix, with different composition of enabled security modules, with different options for packet sizes. Solar NGFW 1.0 has successfully passed all stages of testing.
Telecommunication industry controls and operates critical infrastructure, so it is increasingly becoming a target for cyber attacks. Attackers are actively generating new ways to penetrate corporate networks in order to gain access to confidential and stored in them to data. critical infrastructure End-to-end enterprise network security solutions help you effectively counter network attacks. I believe that Solar NGFW 1.0 has worked out its tasks as part of a pilot project on our test infrastructure. Separately, I want to note the convenience of configuring, managing and updating the firewall, - said Alexey Chugunov, director of information security PJSC Rostelecom. |
{{quote 'Our solution was developed using the Solar webProxy technical base, which is used as a content filtering platform for safe access to educational and information resources in all schools of the Russian Federation within the framework of the federal project "Information Infrastructure" of the national program "Digital Economy of Russia." And intrusion and advanced threat protection is provided by Solar 4RAYS 's IPS (Intrusion Prevention System) signatures. The synergy of different classes of information security solutions allows us to provide our customers with comprehensive and continuous cybersecurity based on our expertise and technologies combined into a single ecosystem, "said Galina Ryabova, director of the Center for Cybersecurity Technologies of Solar Group. }}
Inclusion in the register of domestic software
Ministry of Digital Development contributed unified register of Russian programs for electronic computers and databases firewall to the latest generation of Solar NGFW. The company Solar announced this on November 28, 2023.
Solar NGFW was first introduced to the market in April 2023 as a comprehensive, multifunctional solution providing robust, scalable, and manageable protection against network threats in challenging environments. As of November 2023, the key advantages of the product are high performance among all virtual versions - 4 Gbps in NGFW mode with all enabled functions and 20 Gbps in firewall mode, as well as an examination of the Solar 4RAYS Cyber Threat Research Center, which allows you to build a continuous process of detecting and developing new IPS signatures.
The current functionality of the product closes the main tasks of customers and is confirmed by the NGFW testing method developed by experts of the Solar Group. The technique is completely transparent and confirms the reliability of the solution, including through the implementation of a failover cluster for filtering network traffic.
The inclusion of the Solar NGFW software complex in the register of domestic software confirms the high reliability of the solution in ensuring comprehensive protection of the client network infrastructure, as well as complete import independence. Already in November 2023, we have more than 20 + pilots in our work, including in large Russian corporations. We are actively developing the product and the possibilities of its application, which in the near future will allow us to offer it as an effective replacement for foreign counterparts in a number of government bodies, "said Alexander Barinov, director of the network security product portfolio at Solar Group. |
Solar NGFW 1.1 with Solar 4RAYS Cyber Threat Research Center
Solar Group of Companies on November 21, 2023 presented an updated version of Solar NGFW 1.1, which will help the business protect high-load networks. The reliability of the product has become higher thanks to the implementation of the fault-tolerant pair "Active/Passive," and intrusion protection using signatures based on Solar JSOC allows you to quickly withstand modern cyber threats.
According to a study by Solar, 70% of Russian companies, against the background of the departure of foreign vendors and the tightening of cyber attacks, planned to switch to this system and its maintenance. The company's product was intended to help make this transition without reducing the level of security and usability. As of November 2023, Solar NGFW is undergoing an examination for inclusion in the register of domestic software.
High-load and critical infrastructure networks of large organizations consist of a large number of different devices. All devices potentially contain both already known vulnerabilities and new ones that are discovered daily, which are documented in the CVE database (a database of well-known information security vulnerabilities ). In addition to identifying known vulnerabilities, the product detects and blocks current cyber threats and malware by using IPS signatures (algorithms for detecting and blocking current cyber threats and malware) based on Solar JSOC, a commercial SOC in Russia.
The updated version uses the expertise of the Solar 4RAYS Cyber Threat Research Center, which builds a continuous process for detecting and developing new IPS signatures. This provides comprehensive protection for the customer's infrastructure. To ensure that Solar NGFW users always have an up-to-date and effective data IPS signature database against new threats, the developers have added the ability to update it in the CLI (command line interface), and in the future it will be automated.
Working closely with customers, we understand that in practice there are many different devices on the network with vulnerabilities that do not always have manufacturer patches. Together with Solar 4RAYS, we have built a process for developing signatures for detecting attacks and vulnerabilities that can be exploited remotely and implemented the ability to continuously saturate the product with data on cyber threats that are relevant for Russia. We also strengthened the reliability of the solution by implementing a failover cluster for filtering network traffic and automated a number of processes through the user interface, "said Albert Mannanov, head of Solar NGFW product at Solar Group. |
The implementation of "Active/Passive" clustering in the updated version is responsible for a high level of stability and performance. In this mode, when a node in the "active" state processes all traffic, the node in the "passive" state is standby and in standby mode.
Faced with different customer needs in the context of the interface device and having experience working with all vendors, Solar Group specialists upgraded the "Policy" section of the user interface, which introduced the separation of rules and exceptions, as well as created new filtering sections by traffic directions. With the ability to view the list of rules and exceptions separately, it has become easier to analyze data both in the context of signature sets and in the context of exceptions created. The Filter section was divided by traffic direction into Transit Filter, Inbound Filter, and Outbound Filter. Now, with a large set of rules, this display greatly simplifies the analysis and configuration of the firewall.
Solar NGFW 1.0 Comprehensive Security Solution
The company RTK-Solar"" announced on April 13, 2023 the release of a market multifunctional solution for a comprehensive protection corporate network - Solar NGFW. The product will provide companies with scalable, manageable protection against network threats difficult conditions. Users of the presented solution will receive protection against intrusions and advanced threats based on signatures , Solar JSOC control, applications ease of installation, configuration, management and updates. firewall
As specified in RTK-Solar, investments in the development of Solar NGFW amount to 1.2 billion rubles (calculated for 5 years), not including the cost of promoting the product. The commercial sale of the solution starts in mid-May 2023.
According to the developers, Solar NGFW 1.0 distinguishes the uniqueness of IPS (Intrusion Prevention System) signatures from Solar JSOC, modern web interface and stability. The product is focused on high performance in difficult conditions (with many built-in protection mechanisms with a large number of rules and policies). The firewall speed reaches 20 Gbps - the high performance of the solution was demonstrated on April 12, 2023 to the participants in the presentation of this product in Moscow. By 2024, Solar NGFW performance is planned to be increased to 100 Gbps.
According to RTK-Solar, Solar NGFW 1.0 is capable of solving tasks such as protecting the perimeter of the network from network threats, attacks and malware, segmenting the corporate network and creating a demilitarized zone (a segment where network devices are located that interact with external networks), Internet access control and intracorporate resources. Thus, all the necessary protective functions are taken into account in one solution. It also allows you to conduct in-depth traffic analysis to block application activity and quickly respond to cyber attacks. The architecture of the product implies its easy scaling. The solution was developed using the Solar webProxy technical base, which has been behind it for more than ten years of development in the Russian information security market.
Over the 2022 year, the number of cyber attacks on the Russian organizations has grown 2 times. Methods and techniques are improving, becoming more complex and targeted - the speed has increased multiples, and the actions of the attackers have become as hidden as possible. To counter this, you need to know all about the attackers and the slightest details of the development of attacks. The deep expertise of RTK-Solar, focused on a thorough knowledge of attack technologies, and the practice of reflecting them over the years allows us to answer a key technological challenge for the Russian network protection market in the form of a next-generation solution - Solar NGFW. To create complex solutions cyber security , the company has formed a team of 700 + developers and by 2026 plans to allocate more than 8.8 billion rubles of investments in its own, technologies stated Igor Lyapunov, General Director of RTK-Solar.
|
The next generation firewall market is large in the field of information security. According to RTK-Solar analysts, in 2022 its volume in Russia amounted to 15.7 billion rubles and took a share of 15% of the entire information security market. However, at that time, 80% of representatives were foreign vendors, most of whom had already left Russia. According to RTK-Solar forecasts, in 2023 the network security market will amount to over 16 billion rubles, and by 2025 it will reach 19.1 billion. The share of Russian developments by 2025 will grow to 75%. As of April 2023, the largest segment of consumers (65%) is accounted for by large domestic companies.
A study by RTK-Solar showed that 91% of Russian companies already use NGFW class solutions or plan to implement them until 2025. At the same time, more than 70% of respondents are not satisfied with the product used and are going to change it. Answering the question about the reasons, almost half said that they were not satisfied with the quality of the current decision, and among representatives of large organizations, 67% of participants gave such an answer.
For state-owned companies, in 50% of cases, the reason for the replacement is the decommissioning of the product used. In addition, a number of respondents announced the appearance of tasks that the existing firewall does not solve. This is most relevant for medium and small businesses - this reason was indicated by 33% of the study participants.
For the customer, implementing first and then maintaining the system is a pain. Many are afraid of the idea of being left alone with a complex solution, on the performance of which its safety depends. This is especially important for large companies with a large infrastructure, in which it is very difficult to cope on your own, and looking for a narrow specialist for a specific product is no less problematic. Fear arose a long time ago, when domestic vendors could not yet afford to maintain a sufficient staff of technical support, or it was about foreign companies that did not even have representative offices in Russia. Solar NGFW is a Russian software product focused on the needs of large business, positioned as an analogue of the solutions of departed foreign software developers, explained Alexander Barinov, director of the portfolio of network solutions "RTK-Solar."
|
Notes
- ↑ [https://rt-solar.ru/upload/docs/solar-ngfw-metodika-testirovaniya.pdf Solar Next Generation Firewall
- ↑ . The method of testing]