Developers: | Security Code |
Last Release Date: | 2024/09/02 |
Technology: | Virtualization, Information Security - Authentication, Information Security - Information Leakage Prevention |
vGate is a certified protection tool for virtual environments on Microsoft Hyper-V and VMware vSphere platforms developed by Security Code. With vGate, Russian companies can easily and reliably increase the level of information protection against specific virtualization threats, as well as bring IP in line with FZ-152.
The use of vGate to protect VMware vSphere and Microsoft Hyper-V virtualization platforms provides the possibility of using modern virtualization technologies in the IT infrastructures of personal data operators and government organizations, since the security functionality is confirmed by the certification of the FSTEC of Russia.
2024
vGate R2 4.95 compatibility with SpaceVM
The Security Code and Dacom M tested and confirmed the compatibility of the SpaceVM platform with the latest version of the vGate R2 4.95 Information Security Tool (IPS). This was announced by the "Security Code" on October 23, 2024. This integration provides opportunities to improve the security of virtual infrastructures across industries, including banking and other business segments.
We are pleased that we continue to deepen our cooperation with the "Security Code." Successfully passing SpaceVM and vGate R2 4.95 compatibility tests is an important step for our customers. Product integration will allow users not only to increase the level of protection of their IT infrastructure, but also to create a sustainable foundation for effective, long-term business process planning. Strengthening data security helps reduce risks associated with cyber threats, which in turn allows companies to focus on strategic development and innovation, minimizing potential losses and ensuring stable operations, said SpaceVM Product Director Alexei Menzovitny. |
vGate R2 4.95 passed the inspection control of the FSTEC of Russia, thanks to which a bundle of products can be used in organizations that belong to the critical information infrastructure (CII), and therefore must meet increased security requirements.
"Security Code" has long established itself as a reliable developer of information protection tools for virtualization environments. We regularly test vGate, and as of October 2024, the solution is compatible with a large number of diverse domestic platforms. Cooperation with DAK M is another milestone in the development of the product. Such a technological tandem is a good example of a solution that meets both security and business requirements, "said Evgeny Tarelkin, a leading expert in the Security Code product promotion department. |
vGate R2 4.95 includes a number of improvements, such as increased firewall performance for scenarios with more filtering rules. The comfort of using the solution for information security administrators has also been increased: a home page has been added to the Web Console with basic settings, product statuses and new HTML documentation.
In the absence of support from foreign developers, migration to domestic virtualization solutions becomes a necessity. SpaceVM from DACOM M provides a high degree of security and the absence of known vulnerabilities, which makes it an ideal choice for organizations seeking to protect their data. vGate, in turn, offers the ability to microsegment the network, thanks to which attackers will not be able to reach critical IT infrastructure systems, even if they manage to penetrate through the first echelon of protection.
Version vGate 4.95 passed the inspection control of the FSTEC of Russia
The updated version of the CSR vGate 4.95 passed the inspection control of the FSTEC of Russia and is now available for order. This was announced by the Security Code on October 10, 2024.
The product passed the necessary tests, which confirmed the compliance of vGate 4.95 with the requirements of the FSTEC of Russia:
- means of protecting information that does not contain information constituting a state secret according to level 4 of trust;
- means implementing firewall functions according to the protection profile of type B ME of the fourth protection class;
- to computer equipment according to the 5th class of security.
The certificate of conformity is valid until March 28, 2025, as of October 2024, it is under extension. Note that the Security Code specialists have developed a number of additional functions for vGate R2 4.95. For example, a Home page with basic settings, product statuses and HTML documentation has been added to the Web Console of the solution. Security administrators have received a separate "MPS Administrator" privilege in standard installation mode.
Version 4.95 has received significant changes, for example, increased firewall performance for scenarios with a large number of filtering rules, "said Dmitry Domansky, head of Security Code virtual infrastructure protection tools. - It is especially worth emphasizing that added support for the firewall of virtualization environments such as Astra PC SV Brest and ovirt-based virtualizations, primarily zVirt. |
Support for KVM virtualization has been added for IPS functionality:
- SpaceVM 6.3.1, 6.4.0, 6.4.1 и 6.5.0;
- ECP Veil 5.1.9;
- zVirt 4.1.
For ITU vGate, KVM virtualization support has been added:
- PC SV "Brest" 3.3, as part of Astra Linux SE 1.7.4 release "Smolensk";
- Proxmox VE and OpenNebula as part of Alt Virtualization 10.2;
- zVirt 3.0, 4.0, 4.1;
- HostVM 4.4.8;
- Glovirt 2.1.1;
- Ed Virtualization 7.3;
- ROSA Virtualization 2.1.
The introduction of vGate 4.95 allows you to qualify solutions that use a supported virtualization environment without a Russian FSTEC certificate.
Compatibility vGate 4.95 and zVirt 4.1
Security Code integrated the vGate virtual environment protection solution into Orion soft's zVirt virtualization system. This was announced by the "Security Code" on September 2, 2024.
Product compatibility will allow customers to reduce the time required to qualify a critical infrastructure circuit to meet regulatory requirements. licenses You can now purchase on vGate 4.95 and zVirt 4.1 only as part of a technological bundle.
vGate 4.95 and zVirt 4.1 compatibility provides access to protection functionality for all components of the virtualization environment without additional testing and expense. A comprehensive solution solves problems that require the use of products certified according to the 4th level of trust of FSTEC, 4th class of protection of firewalls of type "B," 5th class of security of computer equipment.
The integration of vGate 4.95 and zVirt 4.1 was an important step in our strategy to protect virtualization, "said Evgeny Tarelkin, an expert in the Security Code product promotion department. - We see how there is active migration to domestic software. Orion soft is a key player in the market, and adding vGate certified information protection to the virtualization system will help secure the IT infrastructure of even more customers. |
Many Russian enterprises with CII facilities are faced with the task of ensuring the protection of IT systems with the help of domestic solutions by the beginning of 2025. The combination of vGate 4.95 and zVirt 4.1 allows you to solve this issue faster, saving time and labor on testing and implementing a solution to protect the virtual infrastructure. In the future, we plan to maintain compatibility with the latest versions of the Security Code solutions. In particular, to ensure the integrated work of vGate with the newly launched version of zVirt 4.2, - said Alexander Gavrilenko, head of work with technological partners Orion soft. |
Integration with Red Virtualization
Red Software, together with Security Code, offers to use a ready-made bundle that includes Red Virtualization and vGate, a product for protecting a virtual environment with tools for monitoring, auditing and internal security control. The proposal was developed for organizations seeking operational import substitution in 2024, taking into account the requirements of the regulator. In particular, the bundle is suitable for government organizations and CII. Red Soft announced this on June 4, 2024. Read more here.
Integration of vGate R2 4.9 and SpaceVM (6.2.0 and 6.2.1)
Cloudy the platform SpaceVM confirmed full compatibility with the MPS "" Security Code- vGate R2 4.9, which passed inspection control. FSTEC This was Dacom M announced on March 18, 2024. More. here
2019
vGate 4.2 with VMware vSphere 6.7 Launch
On October 16, 2019, Security code"" announced the passing of certification tests and the start of sales of the vGate 4.2 product. The key difference between the updated product is support for VMware vSphere 6.7. Collaboration with the latest version of the platform virtualizations VMware allows you to use the product in modern virtual infrastructures. vGate 4.2 is compatible with Platform Services Controller, which is separate server for load sharing, and can be used in large-scale with IT infrastructures complex architecture. With the VMware vSphere 6.7 Security Configuration Guide, customers can automate their today's virtualized infrastructures.
As of October 2019, the certification tests were completed to FSTEC Russia confirm the previously issued certificates of conformity. The product vGate 4.2 can be used for protection confidential in class information 5 of SVT, level 4 of PVA control, for protection IMISndo of level 1 inclusive, GIS up to class 1 inclusive and NP up to class 1G inclusive. The product vGate-S 4.2, in turn, can be used for information protection containing information constituting a secret state , it meets the requirements of guiding documents for the absence of undeclared capabilities in level 2 control and can be used in NPP up to and including class 1B.
{{quote 'author=comments Polyansky Denis, Head of Virtual Infrastructure Protection at Security Code|In the release of vGate 4.2, the main efforts were aimed at supporting the latest versions of virtualization platforms - vSphere 6.7 and Scala-R 1.20. Particular attention was paid to supporting complex vSphere 6.7 configurations so as not to limit the platform's capabilities when implementing vGate. In addition, automation and acceleration functions have been developed, such as auto-adding virtual machines to segments, working with Active Directory groups, and many others., }}
Integration with Skala-R hyperconverged infrastructure
On June 17, 2019, IBS Interlab reported that the hyperconverged IT infrastructure of Skala-R received support from vGate. Read more here.
vGate 4.2
On May 21, 2019, the company Security code"" announced the release of the vGate 4.2 product, designed to provide safety virtual infrastructure, control privileged users and filtering traffic at the hypervisor level.
According to the company, the main feature of this version of vGate is compatibility with the latest version of VMware vSphere 6.7 with support for the latest platform updates at the time of release. This makes it possible to apply the product to the most modern virtual infrastructures. vGate 4.2 works in large-scale infrastructures with a complex architecture and provides collaboration with Platform Services Controller, which is dedicated to a separate server and contributes to load sharing. With the updated VMware vSphere 6.7 Security Configuration Guide, the system is brought into compliance with international requirements in a few clicks.
Among the updated features of the vNetwork component is the automatic addition of virtual machines (VMs) to virtual infrastructure segments by name, which simplifies the process of applying filtering rules to VMs in large dynamically changing infrastructures.
The virtual infrastructure monitoring module has added the ability to control user authentication bypassing vGate security. In this scenario of user behavior, a security incident is generated that can also be translated into external systems such as SIEM.
Active Directory Group (AD) support enhances process automation for security administrators. Unlike the previous version, in vGate 4.2 you can assign labels and access rules to AD user groups - accordingly, all users of the group will inherit access rights and privileges from it automatically.
vCenter has become a mandate access object. This feature will be especially relevant for large virtual infrastructures, where the process of labeling all objects can take a long time.
For the first time in the history of product development, an authentication agent for Linux was added. The first supported operating system was the Alt 8 SP OS.
In addition, support for the Russian hyperconverged platform SCALA-R version 1.20 has been implemented.
Also in this version of vGate, the list of supported personal identifiers is supplemented with JaCarta-2.
As of May 2019, vGate 4.2 and vGate-S 4.2 products are aimed at passing certification tests by the FSTEC of Russia in confirmation of previously issued certificates of conformity No. 2308 of 28.03.2011 and No. 2383 of 12.07.2011. After completing this procedure, the updated version of vGate will go on sale.
The main goal of the vGate 4.2 release is to support the vSphere 6.7 virtualization platform. Also, an important advantage of this version of vGate is the ability to control access to the infrastructure from the AWS to the Alt 8 SP OS. Ivan Kolegov, Security Code Product Manager |
FSTEC Certification and vGate 4.1 Launch
On March 4, 2019, Security Code announced the completion of certification tests and the launch of the vGate 4.1 product, designed to protect against virtual infrastructure-specific threats and control privileged users. The key functionality of the product is to provide filtering of network traffic without the need to install an agent using the vNetwork module. This component enables you to create filtering rules both at the single virtual machine level and at the virtual machine group level.
As of March 4, 2019, the passage of certification tests in FSTEC Russia support of previously issued certificates of conformity was completed. The vGate 4.1 product can be used to protect confidential information in class 5 of SVT, level 4 of PVA control, for protection ISDn up to level 1 inclusive, up to GIS class 1 inclusive and NP up to class 1G inclusive. And the product vGate-S 4.1 can be used for containing information protection information constituting state a secret, it meets the requirements of guiding documents for the absence of undeclared capabilities in level 2 control and can be used in NPP up to and including class 1B.
Compared to previous versions, vGate 4.1 implements completely different mechanisms for managing safety and working with the infrastructure.
In vGate version 4.1, we continued to expand the functionality of the product, as well as improve the usability of the interface. I am sure that users will appreciate the updated principle of assigning security policies and an improved web interface. |
2018: vGate 4.1
On November 1, 2018, Security Code announced the release of vGate 4.1. According to the company, the updated security tool includes a component - an agentless virtual firewall.
The main functional change of vGate 4.1 is the inclusion of the vNetwork module in the product. This component provides network protection at the hypervisor level and allows you to create filtering rules both at the single virtual machine level and at the virtual machine group level.
The main properties of vNetwork that allow it to be used in almost any infrastructure:
- does not require the installation of additional agents;
- Create filtering rules at the virtual machine/virtual machine group level
- does not require additional components such as VMware NSX/;vShield
- operates on any version of vSphere;
- does not require the creation of additional virtual machines.
According to company representatives, vNetwork is not a critical point of failure that can serve as an attack target, unlike a hardware counterpart or a separate virtual gateway. With vNetwork, you can perform a microsegmentation task that allows you to split a virtual infrastructure into many logical segments independent of the physical topology of the network, and limit the horizontal spread of the attack without reconfiguring the network itself. The network protection module is available to vGate 4.1 Enterprise Plus users on VMware vSphere. The Enterprise Plus edition has the ability to use the updated web interface to manage all components.
vGate 4.1 implements the following security management and infrastructure management mechanisms:
- The ability to create object groups, assign labels and security policies to groups, and automatically add objects to groups when you create a label assignment based on specified settings, making it easier to work with vGate in large and dynamic infrastructures.
- Added Cross operations control vCenter vMotion to ensure virtual machine migration security, and expanded the total number of monitored operations in the virtual infrastructure
- Provides support for the vCenter SRM disaster recovery component
- A protection agent has been developed for the VMware VCSA management server that allows you to configure access rules as well as improve stability in the event of infrastructure failures.
- The hypervisor services status control Hyper-V with the agent installed has been implemented, the mechanisms for monitoring Hyper-V 2016 operations and server management virtualizations using System Center Virtual Machine Manager 2016 have been improved.
Also, vGate 4.1 has expanded the list of standards that can be automatically configured to comply with using built-in security policies:
- Ensuring the security of financial institutions in accordance with GOST R 57580.1-2017 "Security financial of (banking) transactions. Information protection financial organizations. Basic composition of organizational and technical measures. "
- Ensuring the safety of CII facilities.
For the convenience of users and in order to improve performance, the size and performance of the vGate agent on ESXi has been reduced, the vGate server synchronization mechanism has been redesigned and its speed has been increased, and the vGate settings import and export mechanism has been redesigned.
Additionally, vGate 4.1 provides support for Rutoken hardware identifiers.
Functional differences of vGate 4.1 editions are given in the table below:
Functionality | Standard | Enterprise | Enterprise Plus |
---|---|---|---|
Number of vGate Authorization Servers | 1 | Beyond all bounds | Beyond all bounds |
Access delimitation (vAccess): | |||
Selected Administrator Roles | • | • | • |
Mandate and discretionary access delimitation | • | • | • |
Segmenting Virtual Infrastructure | • | • | • |
Управление перемещением virtual machines and the data processed on them | • | • | • |
Integrity Monitoring and Trusted VM Loading | • | • | • |
Security Event Logging (Audit) | • | • | • |
Automate labels and policies, grouping new objects | • | • | • |
vCompliance: | |||
Шаблон безопасность CII new | • | • | • |
Template GOST R 57580.1-2017 new | • | • | • |
Template GOST R 56938-2016 | • | • | • |
CIS Benchmarks Security Templates | • | • | • |
VMware Hardware Guide Security Templates | • | • | • |
GIS Security Templates | • | • | • |
Personal Digital Data System Security Templates | • | • | • |
NPP RD safety templates | • | • | • |
Шаблоны безопасности STO BR IBBS | • | • | • |
Шаблоны безопасности PCI DSS | • | • | • |
vNetwork | |||
Firewall at hypervisor level new | - | - | • |
vMonitor | |||
Correlation of Virtualization Security Events | - | - | • |
vReport | |||
Creating Security Reports | - | - | • |
Fault tolerance: | |||
Backup vGate configuration (BackUp authorization server) | • | • | • |
Archive Audit Logs | • | • | • |
Горячее backup vGate servers (cluster) | - | • | • |
Connecting Authorization Agent to Multiple vGate Authorization Servers | - | • | • |
Create authorization server farm (synchronize settings between vGate servers) | - | • | • |
Compatibility with virtualization components: | |||
Совместимость с VMware [[VMware vCenter|vCenter SRM new]] | • | • | • |
Совместимость с VMware View (Horizon) | • | • | • |
VMware vCloud Director Compatibility | • | • | • |
Support for vCenter Linked Mode management servers | - | • | • |
VMware Auto-Deploy Support | - | • | • |
vCenter High Availability Support | - | • | • |
Контроль управления серверами [[Microsoft Hyper-V|Hyper-V через System Center Virtual Machine Manager]] | - | • | • |
Control Monitoring via Failover Cluster Manager | - | • | • |
As of November 2018, vGate R2 4.1 and vGate-S R2 4.1 products are aimed at passing certification tests at the FSTEC of Russia in confirmation of previously issued certificates of conformity No. 2308 of 28.03.2011 and No. 2383 of 12.07.2011. After completing this procedure, the product version will go on sale.
2017: vGate R2 v4.0 Launch
In early December 2017, Security Code announced the launch of vGate 4.0, a product designed to protect against virtual infrastructure-specific threats and control privileged users. Version 4.0 replaced the previous version of vGate 3.0, which is being discontinued.
The updated security tool provides full functionality virtualizations VMware vSphere with platforms 6.5 Windows Server 2016Microsoft Hyper-V Server and/2016, as well as with their included management components.
Versions of the DBMS, libraries and modules used in the solution have been updated to improve security and stability. The mechanisms for data replication, backup and synchronization of settings between servers have been improved.
The list of security policies has expanded. In vGate R2 4.0, two more templates are available - compliance with GOST R 56938-2016 "Information Protection. Protect information with virtualization technologies. General "and compliance with the VMware vSphere 6.5 Security Configuration Guide.
One of the main functional changes in vGate R2 4.0 is the emergence of a security event monitoring system. The product implements the function of collecting, filtering and processing events from virtual infrastructure objects. Built-in correlation rule templates take into account the main threats specific to the virtual infrastructure, and a multifunctional configuration wizard is provided to create custom rules. The necessary information can be displayed on dashboards. As a result, the user gets a convenient and flexible tool for monitoring the security status of the virtual infrastructure in real time.
According to the "Security Code," with the release of vGate R2 version 4.0, the transition to a simplified licensing system is completed. Enterprise Plus has been added to the existing Standard and Enterprise editions, which includes additional functionality - a monitoring system and a reporting module. The host protection license is now the same for all platforms, it includes licenses for the vGate authorization server (one instance for the Standard edition and in unlimited quantities with redundancy - for Enterprise and Enterprise Plus).
Functional differences of revisions are given in Table:
To protect VMware vSphere-based information systems that handle state secrets to the top secret level, there is a modification of vGate-S that can be used in automated systems up to and including 1B class.
2016: vGate 3.0 with advanced enterprise infrastructure capabilities
"Security Code" announced in May 2016 the launch of updated versions of vGate R2 and vGate-S R2 products to protect virtualization environments based on VMware vSphere and MS Hyper-V. The product is characterized by enhanced capabilities in distributed infrastructures and a change in the licensing scheme. As a result, vGate customers will be able to get the product functionality that best meets the goals and objectives of the organization.
The updated version of vGate (vGate R2 and vGate-S R2, release 3.0) supports an advanced set of tools for working with VMware vSphere and Hyper-V virtualization platforms Microsoft.
vGate 3.0 is fully functional on the VMware vSphere 6 platform. The virtualization infrastructure management server can now be vCenter Server Appliance (VCSA), and ESXi hosts can be managed through the ESXi Embedded Host Client.
The updated product supports Microsoft Hyper-V infrastructure management through System Center Virtual Machine Manager, and Hyper-V cluster management is implemented through Failover Cluster Manager. A role-based access model is used to quickly configure user privileges. When you create an account, you can restrict access by object type by providing it, for example, only to virtual machines or network objects.
The product has a number of functions for working in enterprise infrastructures. For example, support for hot standby mode and auto-switching of the authorization server (High-Availability cluster) are implemented. In case of failure of the main server in automatic mode, switching to the standby server, replacing the IP address and notifying the administrator occurs.
The updated version of the product allows you to work with multiple virtualization sites at the same time. The mechanism for connecting the authentication agent to multiple vGate authorization servers makes it possible to communicate with the entire geographically distributed virtual infrastructure. Building a forest of authorization servers allows you to set group security policies, and support for Cross vCenter vMotion ensures that virtual machines migrate between servers in the event of a disaster while maintaining security policies.
In addition, vGate version 3.0 updated sets of security policies that ensure compliance with orders FSTEC Russia No. 17 and No. 21, standards STO BR IBBS, PCI DSS etc.
vGate R2 and vGate-S R2 are applicable to protect confidential information and government secrets. The products passed the inspection control of the FSTEC of Russia in confirmation of the previously issued certificates of conformity dated 28.03.2011 No. 2308 and dated 12.07.2011 No. 2383.
vGate 3.0 can be purchased in one of two editions: Standard or Enterprise (for which all the functions of working in large infrastructures are available).
2015
vGate R2 and vGate-S R2 have been certified by the FSTEC of Russia
On July 9, 2015, the Security Code company announced the completion of inspection control at the FSTEC of Russia and the release of updated versions of vGate R2 and vGate-S R2 products (to protect state secrets).
Versions 2.8 vGate R2 and vGate-S R2 (to protect information constituting a state secret) passed inspection control in the FSTEC of Russia in confirmation of previously issued certificates of conformity dated 28.03.2011 No. 2308 and dated 12.07.2011 No. 2383.
vGate R2 release 2.8 adds security mechanisms and system administration functions.
- The following operating modes are introduced:
- test and emergency,
- supports the deployment of Web Client Server and vCenter Server management tools on the same server,
- added support for user authentication using JaCarta GOST electronic identifiers.
- The integrity control mechanism has been improved - the possibility of granular adjustment of monitored parameters has appeared, the ability to control the integrity of the BIOS and the snapshot list of the virtual machine has been added.
- In version 2.8, the sets of security policies have been modified to comply with the orders of the FSTEC of Russia No. 17 and No. 21, the standards of STO BR IBBS, PCI DSS, CIS security benchmarks 5.5, which will help simplify the process of bringing the virtualization infrastructure into compliance with regulatory requirements. The ability to report on security policies assigned to infrastructure objects has been added, and the capabilities of the management console have been significantly expanded, including the function of uploading configuration and notifying administrators of blocking actions by vGate.
- The settings for authorization access delimitation have been enhanced, adding the ability to delimit access labels to the virtual machine console and disabling authorization access control for certain objects.
In addition, the vGate release 2.8 for Microsoft Hyper-V adds a mechanism for monitoring the integrity of the VM and notifying the information security administrator about the change in the properties of the VM and a mandatory access delimitation principle with the ability to assign labels to storages and network interfaces.
vGate R2 v.28 Technical Release Released
On April 7, 2015, Security Code announced the release of the technical release of vGate, created for VMware vSphere and Microsoft Hyper-V platforms.
vGate R2 (release 2.8) includes system administration functions and a number of security mechanisms. In particular, functioning modes have been introduced: test and emergency.
By default, after installing the product, test mode is turned on. In this mode, the information security administrator can configure and debug the system without blocking the operation of the virtual infrastructure (VI). When the configuration is complete, the protection system is put into normal operation. In the event of critical events in the virtualization infrastructure, the security administrator can enable an emergency mode in which vGate operation is completely transparent and does not affect the virtual infrastructure.
vGate R2 Virtual Infrastructure Architecture, 2015
This release of vGate supports the deployment of Web Client Server and vCenter Server management tools on the same server. Added support for user authentication using JaCarta GOST electronic identifiers.
To align the virtualization infrastructure with regulatory requirements, vGate v2.8:
- updated the sets of security policies in accordance with the orders of the FSTEC of Russia No. 17 and No. 21,
- standards STO BR IBBS,
- PCI DSS,
- CIS security benchmarks 5.5;
- added the ability to report security policies assigned to infrastructure objects.
In release 2.8, the capabilities of the management console have been expanded and added, in particular:
- A new mechanism for notifying the administrator when the vGate product blocks user actions.
- a mechanism for distinguishing access to the virtual machine (VM) console by confidentiality marks;
- displaying audit events on the selected object;
- Ability to export/import a vGate configuration
- The ability to disable authorization access control by object type
- automatic update of audit events, etc.
New security mechanisms have been added to this edition of vGate for Microsoft Hyper-V:
- mechanism for monitoring the integrity of the VM and notifying the information security administrator about the change in the properties of the VM;
- Access delimitation mandate principle with the ability to label stores and network interfaces.
New versions of vGate R2 and vGate-S R2 (to protect information constituting a state secret) have been submitted to the FSTEC of Russia for inspection control and confirmation of previously issued certificates of conformity.
The vGate R2 2.8 demo is available for download and testing on the vendor's website.
2014
vGate R2 goes on sale
On August 13, 2014, the Security Code company announced the passage of inspection control at the FSTEC of Russia and the launch of a new version of the IPS from NSD vGate R2 to protect Microsoft Hyper-V virtual infrastructures.
The new version of vGate R2 passed inspection control at the FSTEC of Russia in confirmation of the previously issued certificate of conformity dated March 28, 2011 No. 2308.
vGate R2 functionality
The vGate R2 version has improved administration functions, it implements integration with Active Directory and the ability to deploy vGate without reconfiguring the network topology, the developer's press service said on August 1, 2013.
Along with the release of new versions of a number of its developments, the Security Code company announced the transition to the method of iterative development of information protection software, which, according to the company, will allow to completely update the product line and release a number of new solutions by the end of 2013.
vGate R2 supports Microsoft Hyper-V platform
vGate R2 for Hyper-V protects information from unauthorized access by controlling the actions of administrators in managing the virtual infrastructure. vGate R2 for Hyper-V performs the following functions:
- Enhanced authentication of Virtual Infrastructure Administrators (VIs) and Information Security Administrators (IIBs)
- control of access to virtual infrastructure objects according to discretionary and mandate principles;
- audit and monitoring of information security events;
- Back up your own configuration.
The new version of the IPS from NSD vGate R2 for Hyper-V also ensures the implementation of most of the measures to protect the virtualization environment, defined in the orders of the FSTEC of Russia dated 11.02.2013 No. 17 and dated 18.02.2013 No. 21, which makes it possible to ensure the necessary level of security of personal data information systems and the class of security of state information systems.
Technical Release of vGate R2 2.7
On June 26, 2014, the Security Code company announced the release of a technical release of an updated version of the IPS from NSD vGate R2 to protect VMware vSphere virtual infrastructures.
The updated software version implements the following functions:
- vSphere 5.5 Webclient is supported;
- added a configuration template for the new VMware Security Hardening Guide 5.5 standard.
For ease of installation and use, added:
- The ability to install the vCenter security component from the vGate management console
- Supports the Authorization Server deployment script in the virtual machine.
New versions of vGate R2 and vGateS R2 (to protect information constituting a state secret) were transferred to the FSTEC of Russia for inspection control and confirmation of previously issued certificates of conformity dated 28.03.2011 No. 2308 and dated 12.07.2011 No. 2383.
The demo version of vGate R2 2.7 is available for download and testing on the developer's website.
vGate R2 with VMware vSphere 5.5 support goes on sale
The updated version of vGate R2 (release 2.6) provides support for modern VMware vSphere 5.5, VMware View 5.1, VMware Horizon View 5.2 platforms, and adds a new system deployment mode that does not require network topology reconfiguration (see Figure "Simplified vGate Deployment Diagram).
In addition, integration with Active Directory has been added to the new version of vGate R2, which provides the ability to authenticate users in the vGate system under a domain account.
The new version of vGate R2 features an improved mechanism for monitoring the integrity of virtual machines in a VMware View environment and machines with snapshots, as well as advanced administration functions, in particular, the ability to send mail notifications about audit events using the SMTP protocol, remote deployment through the terminal session of the vCenter security component, administration from various subnets and others.
The new version of vGate R2 version 2.6 passed inspection control FSTEC Russia in support of the previously issued certificate of conformity No. 2308 dated 28.03.2011.
vGate R2 2.6 to protect VMware virtual infrastructures
Version 2.6 of vGate R2 implements integration with Active Directory, which provides the ability to authenticate in the vGate system under a domain account.
In addition, this version of vGate R2 allows you to deploy the system without reconfiguring the network topology. In this deployment mode, traffic to protected servers is filtered by an existing firewall (router) rather than by a vGate server. Thus, to implement the system, you do not need to rebuild the network topology and install two network adapters on the vGate server.
In the new version of vGate R2, virtual machine integrity monitoring will be available in VMware View.
Also, the new features implemented in vGate 2.6 provide the administrator with additional tools for managing the security system. The following administration features have been added to the new version of vGate R2:
- The ability to manage multiple vGate locations from one workstation at once, allowing you to administer multiple independent data centers at the same time.
- Remote deployment through a vCenter security component terminal session
- The ability to administer from different subnets, allowing administrators to authenticate to a vGate server even if their workstations are on different subnets.
- The ability to send email notifications about audit events over SMTP
- Added Information Security Administrator (IIB) role for account management.
Version 2.6 of vGate R2 has been transferred to inspection control FSTEC Russia in to confirm the previously issued certificates of conformity.
FSTEC requirements for the protection of personal data in vGate R2
- Identification and authentication of users who are employees of the operator
- Identification and authentication of devices, including stationary, mobile and portable
- Identity management, including creation, assignment, destruction of identifiers
- Management of authentication tools, including storage, issuance, initialization, blocking of authentication tools and taking measures in case of loss and/or compromise of authentication tools
- Authentication Input Feedback Protection
- Manage (establish, activate, block and destroy) user accounts, including external users
- Implementation of required methods (discretionary, mandate, role or other method), types (read, write, execute, or other type), and access delimitation rules
- Management (filtering, routing, connection control, unidirectional transmission and other control methods) of information flows between devices, segments of the information system, as well as between information systems
- Separation of powers (roles) of users, administrators and persons ensuring the functioning of the information system
- Limitation of failed attempts to log into the information system (access to the information system)
- Allow (deny) user actions allowed prior to identification and authentication
- Support and retention of security attributes (security labels) associated with information during its storage and processing
- Ensuring the trusted loading of computer equipment
- Manage the launch (cases) of software components, including the definition of components to be launched, configuration of component startup parameters, control over the launch of software components
- Determination of safety events subject to registration and their storage periods
- Collect, record, and store security event information for a specified retention time
- Responding to failures in the recording of security events, including hardware and software errors, failures in information collection mechanisms and reaching a limit or overflow of memory capacity
- Monitoring (viewing, analysis) of the results of recording security events and responding to them
- Security Event Information Protection
- Monitoring of operability, settings and correct functioning of software and information protection tools
- Control of rules for generation and change of user passwords, establishment and deletion of user accounts, implementation of access delimitation rules, user permissions in the information system
- Monitoring of software integrity, including information security software
- Control of integrity of personal data contained in information system databases
- Enabling recovery of software, including information security software, in case of abnormal situations
- Redundancy of hardware, software, information transmission channels, means of information system functioning
- Identify and authenticate access subjects and access objects in virtual infrastructure, including virtualization management administrators
- Control access of access subjects to access objects in the virtual infrastructure, including within virtual machines
- Log security events in a virtual infrastructure
- Manage (filtering, routing, connection control, unidirectional transfer) the flows of information between virtual infrastructure components as well as around the perimeter of the virtual infrastructure
- Trusted loading of virtualization servers, virtual machine (container), virtualization management servers
- Control the movement of virtual machines (containers) and data processed on them
- Monitor the integrity of the virtual infrastructure and its configurations
- Partitioning virtual infrastructure into segments (segmenting virtual infrastructure) for the processing of personal data by an individual user and/or a group of users
- Provision of trusted channel, route between administrator, user and information protection means (information protection means security functions)
- Authenticate network connections (communication sessions), including protection against network devices and services being spoofed
- Process Isolation (Program Execution) in Allocated Memory
vGate R2
The company "Security Code," a Russian developer of information protection tools, announces the launch of a new version of the IPS from NSD vGate R2 with advanced capabilities and support for the virtualization platform VMware vSphere 5.1.
The new certified version of vGate R2, designed to secure virtual and cloud infrastructure, has expanded the list of supported VMware products. vGate R2 now supports VMware ESXi 5.1 and VMware vSphere 5.1 platforms, as well as VMware View desktop virtualization system of versions 4.5 and 5.
As part of the extension of the functionality of trusted loading of virtual machines, the integrity of files of guest systems of virtual machines is checked immediately before their start. The new version of vGate R2 allows the use of hardware identifiers for enhanced authentication of information security administrators and virtual infrastructure.
New product support for distributed infrastructures made it easier to import and export the vGate configuration to backup data centers. vGate R2 also has a number of innovations that expand the ability to manage and control infrastructure:
- Support for multiple vCenter servers combined with VMware vCenter Linked Mode
- Provide enhanced information about changes in virtual machine configurations
- Generate new types of reports, including compliance with safety standards.
The vGate R2 version has successfully passed inspection control in the FSTEC of Russia for compliance with previously issued certificates No. 2308 and 2383, confirming the possibility of using this product to protect confidential information, including personal data, as well as information constituting a state secret. It is worth noting that the new capabilities of vGate R2 make it possible to more fully implement the measures to protect the virtualization environment defined in the draft documents of the FSTEC of Russia on the protection of information in state information systems and on ensuring security in personal data information systems.
2011
vGate 2.5
vGate 2.5 provides support for VMware View 5, which allows you to most fully protect the virtual desktops provided to users, as well as monitor the integrity of virtual machine guest files immediately before they are launched.
In addition to the existing information security methods, vGate 2.5 implements the ability to use hardware keys to authenticate the information security administrator and virtual infrastructure administrator, as well as added support for distributed infrastructures and new management and control capabilities:
- The ability to quickly import and export a vGate configuration to backup data centers (data centers)
- Support for multiple vCenter servers combined with VMware vCenter Linked Mode
- Provide enhanced information about changes in virtual machine configurations
- Generate new types of reports, including compliance with safety standards.
vGate 2.0
- vGate is fully technologically compatible with the VMware vSphere 4.1 platform, which was released in July 2010.
- out-of-the-box security policy templates to align systems with PCI DSS, CIS VMware ESX Server 3.5 Benchmark and VMware Security Hardening Best Practice,
- mandatory access control using security labels,
- Protect information through specific channels in the virtualization environment.
In June 2011, a new version of vGate R2 was announced with support for VMware ESXi Server 4.1 to protect virtual infrastructures based on VMware Infrastructure 3 and VMware vSphere 4 platforms.
The key features of the vGate R2 product are: support for VMware ESXi Server 4.1 and new security templates according to the FSTEC requirements for automated systems of the public sector of Russia, according to the FSTEC requirements for personal data information systems and according to the requirements of the industry standard STO BR IBBS (RS BR IBBS 2.3-2010). vGate R2 makes it much easier to bring VMware virtual infrastructure, which processes restricted access information that does not contain state secrets, into compliance with the requirements of domestic and international industry standards and regulatory bodies of Russia.
In July 2011, it was reported that the new version of vGate R2 was successfully passed with support for VMware ESXi Server 4.1 inspection control and confirmation of the previously issued certificate of the FSTEC of Russia (No. 2308) for compliance with the requirements for the 4th level of control of the absence of NDV and the 5th class of protection against unauthorized access.
vGate R2, designed to protect virtual infrastructures based on VMware Infrastructure 3 and VMware vSphere 4 platforms, successfully passed an examination of the independent information and analytical center Anti-Malware in July 2011 and received an Approved by Anti-Malware certificate confirming the high level of product quality.
During the examination, Anti-Malware specialists considered: the application of the vGate R2 product, the compliance of the product with Russian and international standards in the field of information protection, as well as the procedure for deploying and initial configuration of the product. As part of the examination, a test bench was deployed on four PCs, which was used to study the capabilities of vGate R2. Anti-Malware experts have installed, deployed and configured the main vGate components (authorization server, ESX and ESXi security modules, vCenter security module, virtual infrastructure administrator authentication agent and information security administrator management console). According to the results of the examination, a review was published, where Anti-Malware experts noted the unconditional "need to use the vGate R2 product, which allows you to supplement the system of protection against unauthorized access and control over the implementation of information security policies, taking into account the specifics of the virtual environment." On the Anti-Malware rating scale, vGate R2 received 9 out of 10 points, which is certainly a confirmation of the high level of development quality of this product.
As of July 2011, in the second version of vGate, in addition to the main function - authentication and delimitation of access to virtualized servers and virtual infrastructure management tools, it became possible to more closely monitor the actions of the virtual infrastructure administrator. In this version of vGate, the security administrator can label virtual infrastructure elements with privacy labels and assign specific security policies to them. The product supports centralized management and monitoring functions.
Key characteristics
- Automates the security configuration and operation of administrators.
- Helps counter errors and abuses in managing virtual infrastructure.
- Makes it easier to align virtual infrastructure with legislation, industry standards, and global best practices.
- Protect information from leaks through specific channels in the virtualization environment.
- Division of infrastructure objects into logical groups and areas of administration through mandate and role access control.
- Enhanced authentication, role separation, and delegation of authority.
- Manage and control security configuration.
- Automatically align infrastructure with requirements and continuously monitor compliance
Certificate of FSTEC of Russia
In March 2011, the Security Code company received a certificate from the FSTEC of Russia confirming that the vGate software solution for protecting virtual infrastructures meets the requirements of guiding documents for the 5th class of SVT and the 4th level of control for the absence of undeclared capabilities (NDV). According to the Certificate of FSTEC of Russia No. 2308, the software tool for protecting information developed by the company "Security Code" vGate 2 is designed to protect against unauthorized access to information that does not contain information constituting a state secret, and can be used in automated systems of the security level up to and including class 1G and personal data information systems (ISDS) up to and including class K1.