Configuration Vulnerability Management Spacebit X- Config ÉÑÞÑ¡¿Ñ

2024

Compatibility with Atlant OS

Spacebit has confirmed the compatibility of the X-Config IT product with the Russian Atlant operating system manufactured by Applite Group of Companies. Spacebit announced this on April 2, 2024.

In collaboration with Applite, Spacebit developed a secure configuration standard for the Atlant operating system. The standard has passed a full test cycle that confirmed the correctness of product collaboration, and is available to users of the X-Config software configuration control system as part of the basic version.

The joint use of the X-Config product and the Atlant operating system will help Russian companies not only solve the problems of import substitution and technological independence, but also significantly increase the level of practical information security.

We continue to expand cooperation with Russian software manufacturers to confirm compatibility with our products. The partnership with Apple was an important step in this direction. Thanks to the support of the Atlant operating system in X-Config, we can offer the business a comprehensive solution for ensuring information security based on domestic solutions, - commented Valery Ledovskoy, X- Config company Spacebit Product Development Manager.

As of April 2024, there is a high demand for IT solutions for the security and protection of system and user data. In order to ensure the required level of security in working with the user's environment, we are constantly expanding the composition of the domestic software compatible with Atlant OS to implement such protection. The set of solutions formed with colleagues from Spacebit will enable companies to quickly receive information about effective settings of the software environment and strengthen the protection of their IT infrastructure when implementing such recommendations, said Artem Stytsenko, Director of Strategic Development of Applite Group of Companies.

Enhanced authentication capabilities

Spacebit has updated the X-Config software configuration vulnerability management system. In this version, the possibilities for authentication in serviced resources have expanded and the convenience of working with reports has increased. Spacebit announced this on February 27, 2024.

Significant changes have affected the implementation of authentication in the resources controlled by X-Config. You can now access protected resources based on Linux without using a password using an SSH key. As part of projects to implement the system, depending on the customer's needs, other authentication methods are supported, which will be available out of the box in future releases.

Multiple authentication is implemented to access application software settings. In the X-Config interface, when configuring the properties of a connection to served resources, various types of bindings ON (to, to, etc.) are now available, operating system databases which made it more convenient to organize checks of application software that requires its own authentication, other than authentication on the platform. The vendor plans to expand this functionality. In particular, the validation of a group of entities of the same type located on the same resource, for example, several instances of databases, will be optimized. data

Analysis of reports on identified vulnerabilities in this version of X-Config has become more accessible and more convenient for information security specialists. Uploading reports in Microsoft Word format is now carried out not into a single file, but into an archive that contains general validation statistics and individual files with detailed reports for each scanned resource. In the future, users will have access to new types of reporting, for example, on the delta of changes between reports, and they can be uploaded in CSV format. For greater information and clarity, it is planned to develop a dashboard with the ability to retrospectively analyze statistics.

Spacebit is actively working to automate additional elements of the software configuration security control process. At the inventory stage of the IT infrastructure, X-Config began to automatically determine the type of resource being served (Windows/Linux), which significantly reduces the number of manual actions of responsible information security specialists. In the next step, the developer plans to automate the application of secure settings, as well as add a number of filters to form dynamic resource groups.

Security monitoring of Angie PRO configurations

Spacebit has added the Angie PRO web server to the list of software, the security of the settings of which is provided by X-Config. Spacebit announced this on February 8, 2024. Read more here.

2023

Ready for Astra X-Config Certification

and "Astra Group" Russian developer INFORMATION SECURITY-products Spacebit On December 22, 2023, the company announced the certification vulnerabilities of the X-Config software configuration management system as part of the Ready for Astra technology partnership program. The certificate issued by the vendor confirms that the health tests of the joint solution were successful, all its functionality is available to users, and X-Config is able to operate in a protected software environment. Astra Linux Special Edition

The multi-platform X-Config system was created taking into account the world practices of safe configuration and current requirements of the FSTEC of Russia and other regulators. The use of X-Config allows you to build a continuous process of managing system and application software configurations and reduce the risks associated with their incorrect configuration.

The product is aimed at owners of large-scale information systems, optimized for use in extensive infrastructures, and, like Astra, Linux is compatible with the base in demand on the market DBMS. PostgreSQL The use of X-Config in conjunction with Astra Linux Special Edition will allow Russian organizations not only to reduce dependence on foreign technologies, but also to significantly increase the level. information security

"During the period of strengthening information security requirements, we are pleased that we were able to provide the market with a comprehensive X-Config solution with Astra Linux, which combines advanced technologies, meets high standards of data protection and meets the strict security requirements of customers and regulators for software used in key infrastructures of the country," said Dmitry Tarakanov, Director of the Department for the Development of Technological Cooperation "Astra Group."

"Thanks to the productive interaction of the two vendor commands, it was possible to confirm the correct operation of X-Config with the Astra Linux operating system as soon as possible, both at the level of X-Config running this OS and at the level of support in the form of a safe configuration standard. We plan to expand cooperation with Astra Group and support other products of the manufacturer at X-Config, "said Valery Ledovskoy, X-Config Product Development Manager at Spacebit.

Support up to 10,000 resources per installation

Spacebit released an updated release of the X-Config software configuration vulnerability management system on November 2, 2023. The product can now serve up to 10 thousand resources of the organization within one installation and supports Russian operational systems RED OS and Astra Linux.

X-Config allows you to build an effective security management process for system and application software configurations: create internal policies, check the IT infrastructure according to the selected schedule, prioritize inconsistencies by severity, monitor the actual closure of identified vulnerabilities and generate reports in various views. The system monitors the compliance of the entire IT infrastructure with mandatory regulatory requirements, as well as the best generally recognized practices for safe configuration.

The updated version of X-Config is optimized for use in large, extensive infrastructures. Now, within one installation, the product supports up to 10 thousand resources, and within one security check of software configurations - up to 2 thousand resources. At the same time, it is possible to increase these indicators.

The system provides management of a network of collectors designed to collect information current configurations from serviced resources. The added functionality allows you to group collectors to work on a specific subnet or on multiple subnets, and the collector hierarchy and their current status are displayed in the X-Config web console. Secure routing data between served resources and collectors eliminates the transmission of critical software configuration information between subnets.

In this version of X-Config, a mechanism for importing resources from CSV files has appeared, allowing you to add resources to entire lists. Now it is possible to upload resource data from another infrastructure system and load this list into the X-Config managed resource registry.

The concluded technological cooperation with manufacturers of Russian certified operating systems made it possible to implement the compatibility of X-Config with RED OS and Astra Linux. X-Config components can now run on these operating systems, and the solution itself is configured to support standards for safe configuration of software products. The developer plans to significantly expand the list of supported Russian software.

Red OS Compatibility

RED SOFT and Spacebit have confirmed the compatibility of the Russian operating system RED OS and the solution for managing vulnerabilities in X-Config configurations. Red Soft announced this on August 8, 2023.

The X-Config system allows you to automate the processes of managing resource configuration vulnerabilities, ensure their compliance with Russian and international standards and reduce information security risks associated with unsafe software configuration.

Spacebit developers and information security auditors have created a standard for safe configuration of X-Config for the Russian operating system of the Linux family for servers and workstations RED OS. The testing confirmed the correct maintenance of RED OS-controlled stations in the X-Config system and the availability of full product functionality. According to the test results, the parties signed a two-sided certificate of compatibility. The technology partnership will help users of both products implement processes related to the import independence of infrastructure software and information security systems in their IT infrastructures.

Many Russian companies and state organizations have already switched to domestic certified operating systems and in the long term this trend will continue. RED OS is one of the most popular Russian operating system among customers, so we implemented its support in X-Config in priority mode. Cooperation with RED SOFTWARE helps us to respond to the most pressing requests of the information protection market, "said Hiyas Aydemirov, Executive Director of Spacebit.

We are developing the RED OS ecosystem based on the needs of the market. As of August 2023, the demand for information security solutions is large. The X-Config system in the RED OS environment will allow the client not only to reduce the risks associated with configuring the software, but to do this in accordance with the requirements of the law, using domestic independent products, "added Rustam Rustamov, Deputy General Director of RED SOFT.