RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

UserGate UTM

Product
Developers: UserGate, Usergate (formerly Entensys)
Date of the premiere of the system: 2016/04/06
Last Release Date: 2023/03/29
Technology: Information Security - Antiviruses,  Information Security - Antispam,  Information Security - Firewalls

Content

UserGate UTM is a hardware and software complex for supporting network security. Its functionality includes: firewall, intrusion detection system, protection against malware and viruses, content filtering system, spam filtering and other functions.

2023

Based on Linxdatacenter Firewall

Linxdatacenter on May 17, 2023 announced the launch of the next generation NGFW virtual mesh screen for integrated protection of resources in the cloud. The development of the domestic vendor UserGate was chosen as the basis of the solution. Read more here.

Identifying a vulnerability in the ICMP implementation for Windows

UserGate On March 29, 2023, the Monitoring and Response Center announced that it had added a signature to the UserGate Intrusion Detection System (IDPS) in NGFW 7.0 to detect exploitation vulnerabilities in the Internet Control Message Protocol (ICMP) implementation from. Microsoft OS Windows

In affected versions of Windows, the tcpip.sys driver has a memory management vulnerability. It occurs when processing fragmented ICMP packets with an error message that contain malicious IP header parameters. This vulnerability allows a remote attacker to cause a Windows system crash or could lead to remote execution of malicious code if an application that uses a raw socket is running on the target machine.

Rating according to CVSSv3.1 - 9.8 Vulnerabilities are assigned identifiers CVE-2023-23415;BDU:2023-01227

Affected versions:

  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 20H2 for 32-bit System
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)

The UserGate Cyber Threat Monitoring and Response Center recommends that users:

  • Users of UserGate NGFW v. 7:
    • install the latest updates from the OS manufacturer's website;
    • check the relevance of the subscription to the Security Updates module;
    • add the signature "Windows tcpip.sys driver Remote Code Execution" to the IDPS blocking rule
      . UserGate NGFW 7.0 with subscription to the Intrusion Detection System (IDS) detects and blocks sessions associated with this vulnerability.

  • Users of UserGate NGFW v. 6:

    • install the latest updates from the OS manufacturer's website;
    • Make sure that the internal network zone does not have permission for ICMP traffic or create an ICMP traffic disallowing ME rule on the internal zone.

2022

Availability from the OnCloud Cloud

The company Onlanta"" (part of the group) LANIT Russian and the vendor in the field information security UserGate entered into a partnership agreement, under which the UserGate security gateway from became available to customers and users of Onlanta services. This was clouds OnCloud announced on September 12, 2022 by LANIT. More. here

Integration with NP MCDS

As part of the technological integration of their solutions, iT Bastion and UserGate developed and tested a scenario for secure and controlled access to IT infrastructure and timely response to potential security incidents that may arise during the work of privileged users. ATI Bastion announced this on June 27, 2022. Integration includes the creation of the company's VPN tunnel and DMZ, organized by UserGate NGFW with limited access to the enterprise infrastructure. Read more here.

Migration to the Security as a Service cloud service

With the departure of foreign companies from the domestic information technology market, the issue of import substitution became the most acute. Kcak is painless to switch to domestic solutions for information security, optimize costs and not lose the usual functionality. UserGate NGFW in cloud environments in terms of functionality is in no way inferior to the usual software and hardware complex. Read more here.

2020

Integration with AVSoft Athena

On October 30, 2020, it became known that within the framework of the cooperation between UserGate and AV Software, the integration of UserGate NGFW and AV SOFT ATHENA was prepared, which will form a solution for building a reliable security system for CII, taking into account the counteraction of mass and targeted attacks. The presented solution includes:

File:Aquote1.png
technological partnership with AB Soft Company allows our Customers, using UserGate NGFW, to create protection against all types of threats, including "zero-day threats." The virtual and physical sandboxes used in AVSOFT ATHENA allow you to create a solution that allows you to respond to any incidents in the field of information security.
File:Aquote2.png

The comprehensive approach implemented during the integration of UserGate NGFW targeted attacks harmful software and the AVSOFT ATHENA protection and analysis system takes into account all the requirements for FSTEC of Russia providing cyber security CII facilities. "

File:Aquote1.png
UserGate has developed the latest generation UserGate NGFW firewall, which is a popular solution in the information security market, especially given our realities. The use of such a tool in the design and construction of protection for corporate or departmental networks allows you to localize attacks and minimize the risks associated with information security. We are glad to become partners of UserGate in such a project, as we see serious prospects and opportunities in this[1].
File:Aquote2.png

Obtaining FSTEC certificate for compliance with 4 level of trust requirements

On June 3, 2020, the company UserGate announced the confirmation of compliance of its solutions with the requirements for level 4 trust approved by Order FSTEC Russia No. 131 of July 30, 2018.

"UserGate UTM" is a device combining an intrusion detection system and a firewall, entered into the register of certified information protection tools of the FSTEC of Russia and fulfilling the requirements for level 4 trust. Now, the certificate of conformity No. 3905, re-issued on May 25, 2020, confirms compliance with the requirements established in the following documents:

  • Information security requirements establishing levels of trust in information technical protection tools and information technology security tools (FSTEC of Russia, 2018) - 4 levels of trust;
  • Requirements for firewalls (FSTEC of Russia, 2016);
  • Type A firewall protection profile of the fourth protection class. IT.ME.A4.PZ (FSTEC of Russia, 2016);
  • Type B firewall protection profile of the fourth protection class. IT.ME.B4.PZ (FSTEC of Russia, 2016);
  • Requirements for intrusion detection systems (FSTEC of Russia, 2011);
  • Class 4 Network Intrusion Detection Protection Profile. IT.SOV.S4.PZ (FSTEC of Russia, 2012).

This level of certification makes it possible to use the solution as part of automated systems up to the class of 1G security, significant objects of category I CII, personal data information systems (ISDS) of level 1 of security, state information systems (GIS) of class 1 of security, automated process control systems of class 1 of security and public information systems of class II.

UserGate also announced plans to continue certification of devices according to the requirements of the FSTEC of Russia and to add compliance with the "D" firewall protection profile to the current certificate by the fourth quarter of 2020.

2016

Integration with InfoWatch Traffic Monitor

On November 29, 2016, the press services of the companies Entensys InfoWatch announced the settlement of issues of technological cooperation regarding the integration of corporate access control technology Internet into UserGate UTM and. ON InfoWatch Traffic Monitor

On November 29, 2016, partners organized system interaction through the ICAP (Internet Content Adaptation Protocol) protocol. Technology sharing is aimed at ensuring the security of organizations from leaks of confidential information, comprehensive protection of enterprises from threats associated with the use of Internet resources by employees .

File:Aquote1.png
The joint use of two Russian solutions and their coordinated work make it possible to ensure a higher degree of protection for a wide variety of companies. From several first projects, we see that the ability to integrate InfoWatch Traffic Monitor and UserGate UTM solutions is of interest to many companies using these products.
File:Aquote2.png

File:Aquote1.png
The integration of InfoWatch Traffic Monitor and UserGate UTM solutions will enable customers to gain additional capabilities to investigate information security incidents in their organizations and provide centralized incident storage in a single database. Timely response to such incidents will help minimize the company's reputational, operational and financial risks.

Marina Batalova, Product Development Manager of InfoWatch Group of Companies
File:Aquote2.png

UserGate UTM

On April 6, 2016, Entensys announced the release of UserGate UTM.

UserGate UTM is based on an innovative platform created by Entensys for telecom operators and capable of working in projects with tens of thousands of users with a channel width of up to 10 Gb/s. With the release of this development, Entensys announced itself as the only Russian company producing gateway Internet security solutions of this level.

UserGate UTM Networking Diagram (2015)

The product is aimed at large organizations and it implements the following functionality:

  • access control based on user identification (AD, Kerberos, LDAP, Radius, Captive Portal, etc.),
  • load balancing,
  • bandwidth management,
  • prevention of modern threats,
  • SSL analysis,
  • application recognition
  • others.

The solution supports the concept of BYOD (Bring Your Own Device), allowing you to apply special policies to users' personal mobile devices. Using the product, it is possible to organize Internet access for guest users.

UserGate UTM is focused on protecting networks of medium and large enterprises, including industrial facilities, where uninterrupted operation and high performance are more required.

UserGate UTM comes as a virtual image that supports VMware, Hyper-V, Virtual Box, and others, or as a firmware appliance. The UserGate UTM Appliance C, D, E, and F models are tailored to different user segments, from a small business desktop upgrade to a high-performance server solution for businesses with tens of thousands of users.

According to the developers, UserGate UTM is based on:

  • Innovative architecture with built-in support for distributed work provides high performance and reliability, scalability
  • Its own content analysis mechanism guarantees high traffic processing speed for arbitrary dictionary database sizes
  • Qualitative analysis of national segments of the Internet, in particular Runet and Russian-language content
  • Support of industrial protocols used in the Russian Federation, EU and other countries (Scada, GOST R IEC 60870-5-104)