| Developers: | Infotecs |
| Date of the premiere of the system: | 2020/09/29 |
| Last Release Date: | 2023/04/06 |
| Technology: | Information Security - Firewalls, Information Security Information and Event Management (SIEM) |
Content |
The main articles are:
2023: Completion of Certification
On April 6, 2023, InfoTeCS announced the completion of certification of the ViPNet EndPoint Protection multifunctional protection tool for workstations and servers. Certificate of FSTEC of Russia dated 22.03.2023 No. 4666 confirms the compliance of ViPNet EndPoint Protection with the requirements for firewalls "Type B Firewall Protection Profile of the Fourth Protection Class," requirements for intrusion detection systems "Security Profile of Intrusion Detection Systems of the Fourth Protection Class," as well as "Information Security Requirements Establishing Confidence Levels for Information Security Tools and Information Technology Security Tools" according to Level 4 Trust.
According to the company, ViPNet EndPoint Protection is a system of comprehensive protection of workstations and servers, designed to prevent "file," "file-free" and network attacks, detection malicious actions and reactions to these actions.
ViPNet EndPoint Protection is a multi-module product:
- The intrusion detection and prevention system allows you to continuously observe all activity on the host (events OS and applications, network traffic) and block suspicious activity using the embedded mechanisms of signature and heuristic analysis;
- The personal firewall allows you to filter incoming and outgoing traffic according to the created filtering rules;
- The application control module provides the ability for users to work with the software in accordance with the selected policy of "white and black" lists of software;
- The behavioral analysis module, which is based on the model of normal activity of the protected host, built using machine learning, allows you to identify various kinds of anomalies associated with the launch of system utilities, applications and the behavior of the user himself;
- The heuristic Anti-malware module allows you to detect signs of malware in executable files, libraries, etc. The module is based on a model built using machine learning.
Each of these five modules can function separately from the rest, but their integrated work creates additional protective mechanisms that can strengthen the host's protective loop. To protect end devices, ViPNet EndPoint Protection uses both classical signature-based protection methods (rules) and modern heuristic-based protection techniques (behavioral analysis, use of artificial intelligence). ViPNet EndPoint Protection collects and processes a huge number of information security events that can be transmitted to ViPNet TIAS or a third-party SIEM system.
A feature of the intrusion detection and prevention module is the use of domestic bases of decisive rules (BRP). The bases are created by specialists of the company Perspective Monitoring (InfoTeCS Group of Companies), specializing in monitoring and preventing computer attacks, and do not have borrowings from foreign sources. BRPs are regularly updated and can be delivered as part of a subscription. In addition, "Perspective Monitoring" forms a "white list" of software and trains the Anti-Malware module model. It is worth noting that ViPNet EndPoint Protection is a client-server application, where the server part generates security policies and sends the PDP to hosts, and the "client" receives the PDP and protects the host in accordance with the selected protection modes.
 | ViPNet EndPoint Protection is one of the key products of the line for protecting workstations and servers. This product combines both classic approaches to host protection and modern technologies. I would especially note the use of mathematical models developed by our company, built using machine learning. After completing the ViPNet EndPoint Protection certification, we can provide our customers with a complete set of certified endpoint security tools: a bundle of ViPNet SafeBoot, ViPNet SafePoint, and ViPNet EndPoint Protection allows you to provide protection at all levels (stages) of host operation. noted the head of the product direction Ivan Kadykov, the head of the product direction |  |
2022: ViPNet EndPoint Protection v1.5 compatible with Red OS
On August 11, 2022, InfoTeCS announced that, together with RED SOFT, it had completed testing the compatibility of a number of ViPNet information protection products with the RED OS operating system. The ViPNet EndPoint Protection version 1.5 RED OS has been confirmed to work together correctly. Read more here.
2020: ViPNet EndPoint Protection Announcement
On September 28, 2020, InfoTeCS announced the release of ViPNet EndPoint Protection, a software complex (PC) designed to ensure the information security of end devices, which has become the logical development of the ViPNet Endpoint Security line.
According to the company, ViPNet EndPoint Protection has combined the functionality of the ViPNet IDS HS intrusion detection system and the ViPNet Personal Firewall software firewall, complementing it with capabilities for centralized management, detection and prevention of attacks and application control.
ViPNet EndPoint Protection can be used separately or in conjunction with other products of the line. For example, the ViPNet SafePoint software complex, which protects information from unauthorized access to the kernel level of the operating system, or the UEFI BIOS ViPNet SafeBoot software module, as well as other products.
ViPNet EndPoint Protection is a multi-module product. The first version of the software includes:
- Intrusion detection and prevention module
- Personal firewall
- application monitoring module.
The software complex with a full set of modules solves the following tasks: monitoring the counteraction of suspicious activity on the host, protecting against network attacks, controlling the launch of applications and distinguishing the access of applications to files and objects of the operating system.
The ViPNet EndPoint Protection modular structure allows you to choose the optimal configuration for protecting the hosts of the target information system, and the use of a client-server architecture ensures easy implementation of the product into any network and its further scaling to user requirements.
An important feature of the intrusion detection and prevention module is the use of domestic decision rule bases (BRPs). The bases are created by specialists from Perspective Monitoring (InfoTeCS Group of Companies). BRPs are regularly updated and can be delivered as part of a subscription.
By providing comprehensive host protection, ViPNet EndPoint Protection can become a data source for identifying unknown attacks. To do this, you need to connect the software package to the ViPNet TIAS analytical system, which can automatically detect information security incidents using methods. The machine learning system will be transferred collected data by ViPNet EndPoint Protection from hosts, thereby enriching it with information security events. Product sharing will make it easier for an information security specialist to investigate, help build a complete picture (chain) of an attack, while reducing the average time to detect and respond to an incident.
| | With a total security perimeter blur, even the most secure corporate infrastructure is at risk, especially if employees connect to it from personal devices. Understanding this fact stimulates interest in end-device security from users and the development of Endpoint Security products from our side. commented Dmitry Gusev, Deputy General Director of InfoTeCS | |
As of September 2020, the product was submitted for certification according to the requirements of the FSTEC of Russia, established in the documents:
- Security profile of intrusion detection systems of protection class IV node level (IT.SOV.U4.PP).
- Protection profile of firewalls of type "B" of protection class IV (IT.ME.В4.ПЗ).
- Information security requirements establishing levels of trust in information security tools and information technology security tools (FSTEC of Russia, 2018) according to the IV level of trust.
After passing ViPNet certification, EndPoint Protection can be used to protect personal data information systems ISDn (), state information systems (GIS), automated process control systems () APCS and () critical information infrastructure CUES in accordance with the requirements of FSTEC guidelines. Russia
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |