Date post: | 19-Mar-2016 |
Category: |
Documents |
Upload: | mila-roshchina |
View: | 213 times |
Download: | 0 times |
INFORMATION SECURITY
1.1 Main tasks of information security systems competence center1 Information Security Systems (ISS) Competence Center
CONTENTS
3
30
2 Our services 7
4
2.1 Information security audit and consulting2.2 Implementation of management systems based on ISO/IEC 27001:20052.3 Development of regulatory and organizational-administrative documentation2.4 Ensuring business continuity based on BS 25999/ISO 223012.5 Personal data protection2.6 Consulting of organizations on preparations concerning licensing procedures2.7 Organization of certification and attestation procedures for informatization facilities, special studies and special checks of equipment2.8 Industrial control systems security2.9 Service Center for Information Security Systems
91316182123
242629
3 Our Solutions
4 Our partners 49
3.1 Network security and VPN solutions 3.2 Data leak prevention3.3 Traffic control and filtering3.4 Security Operation Center (SOC)3.5 Identity and Access Management (IAM)3.6 DDoS detection and countering
313638414446
INFORMATION SECURITY SYSTEMS COMPETENCE CENTER
SERV
ICES
SOLUTIONSPART
NER
S
INFO
RMAT
ION
SEC
URI
TY S
YSTE
MS
(ISS)
CO
MPE
TEN
CE C
ENTE
R 1
3
www.lanit.ru
LANIT SPECIALISTS WILL HELP YOU TO EVALUATE THE FUNCTIONALITIES OF
HARDWARE AND SOFTWARE FROM LEADING GLOBAL MANUFACTURERS AND
TO DETERMINE THE RIGHT-SIZING FOR IMPLEMENTATION OF INTEGRATED
INFORMATION SECURITY SYSTEMS.
In a modern company, information system
constitutes an integral part of the business. It
always has unique features reflected in the
company's IT infrastructure. Approbation of
implementation or update of the proposed
solutions usually calls for presence of test
zones in the information system or
realization of pilot projects on separate
technological sites of business partners. To
solve the above mentioned tasks, the LANIT
Competence Center has been created.
LANIT Competence Center concentrates
highly-skilled specialists and provides a
secure site for verification of the selected
solutions and technologies. Our specialists
have professional certificates and significant
expertise in solving information security
tasks of any class. In the lab of the
Competence Center, we have deployed
solutions of our partners in the sphere of
information security: Cisco Systems, Juniper
Networks, ArcSight, Stonesoft, Symantec,
EMC, HP, IBM, Websense, Blue Coat,
Kaspersky Lab, Oracle, S-terra, Infotecs,
Positive Technologies, Imperva, Radware,
SafeLine, etc.
3INFORMATION SECURITY
informationsecurity systems [ISS] competence center
1.1 MAIN TASKS OF INFORMATION SECURITY SYSTEMS COMPETENCE CENTER
WE SOLVE THE FOLLOWING TASKS WHILE PROVIDING TECHNICAL SUPPORT TO USERSOF IT EQUIPMENT AND SOLUTIONS:
Optimizing the customer’scurrent infrastructure using
state-of-the-art technologies
Providing assistancein the selection
of engineering solutions
Testing the selected solutionsand approbation of the
optimal implementation schemesduring implementation stage
Development and testingnew solutions from leading
global manufacturers
Main tasksof ISS Competence Center
BENEFITS FOR CUSTOMERS
Saving costs and resources while implementing business tasks
Capability for testing solutions without the need to buy demo equipment
Capability for involving specialists experienced in the implementation of several solutions in a particular field
Cutting the Customer’s expenditures on scaling of the current solution or purchasing of a new one
No need to construct or allocate a test zone in the Customer’s own information system
INFORMATION SECURITY 5
INFO
RMAT
ION
SEC
URI
TY S
YSTE
MS
(ISS)
CO
MPE
TEN
CE C
ENTE
R
6
INFORMATION SECURITY
SERV
ICES
2Audit and consulting in the field of infor-mation security
Implementation of management systems based on ISO/IEC 27001:2005
Development of regulatory, organizational and administrative documentation
Ensuring business continuity based onBS 25999/ISO 22301
Protection of Personally Identifiable Information (PII)
Consulting for organizations preparingto licensing procedures
Organizing certification and attestation procedures for IT Systems, specialized studies and checks of hardware platforms
Industrial Control Systems Security
LANIT, with its staff of highly-skilled profession-
als, closely follows all changes on the contem-
porary market of information security products
and offers its Customers only the most efficient
and reliable information security solutions.
We provide comprehensive support to those
choosing the proper information security prod-
ucts. We offer simulation of the required operat-
ing conditions for security products and test the
critical parameters of the systems used, which
allows selecting the optimal solutions for
individual Customers.
Our experts will select the solution you need
with the best price/quality ratio and will check
the operational reliability and convenience of
the selected solution using real infrastructure.
SERVICES PROVIDED BY LANIT IN THE INFOR-MATION SECURITY SPHERE:
7
www.lanit.ru
LANIT HAS UNIQUE EXPERTISE IN
IMPORTING, DISTRIBUTION AND TECH-
NICAL MAINTENANCE OF FOREIGN-
MADE ENCRYPTION TOOLS IN RUSSIA.
LANIT EXECUTES ALL OF THE NECES-
SARY AUTHORIZATION DOCUMENTS
FOR IMPORT OF ENCRYPTION TOOLS
IN THE CUSTOMER’S INTERESTS. THIS
SERVICE IS POPULAR WITH THE RUS-
SIAN COMPANIES WHICH NEED TO
ORGANIZE EXCHANGE OF CONFIDEN-
TIAL INFORMATION WITH FOREIGN
SUBDIVISIONS.
Offering its services for creation of information
security systems, LANIT is ready to provide a full
range of project implementation process steps:
we will supply information security software
and hardware, provide commissioning and
setup as well as technical support of the System.
In this process we prefer the manufacturers
whose solutions fully meet not only the techni-
cal requirements, but also conform to the
economic efficiency parameters. With our
skilled personnel and powerful technical
resources, LANIT offers assembly and debug-
ging of the information security system compo-
nents according to the detailed design docu-
mentation developed, and then provides the
Customer with an operational information
security system based on the results of the
acceptance tests program.
8
INFORMATION SECURITY
LANIT’s fundamental approach to the organiza-
tion of consulting services in the field of
information security provides for active involve-
ment of specialists from the Customer’s
business divisions in the processes of audit,
identity the assets within scope of the ISMS,
analyse and evaluate the risk and other types of
Information Security activities. As information
security processes are implemented to gain
benefit to the business, the decisive role in the
preparation and decision-making in various
security aspects should be played by owners of
the Customer's capital assets. To form such a
team and prepare it for effective activity, LANIT
provides the necessary methodological assist-
ance and respective training for specialists.
2.1 INFORMATION SECURITY AUDIT AND CONSULTING
BENEFITS FOR CUSTOMERS
SERV
ICES
Transparency of investments and substantiation of the budget allocated for information security (IS)
Efficient IS development strategy
Seamless integration of IS mechanisms with the Customer’s information system
Business resistance to information system threats
Unique methodologies LANIT uses in IS projects offer efficient allocation of the available resources and let us achieve the required result within the shortest time
Improved reputation and trust of business partners
Information security audit aims at evaluating
the efficiency of the information security meth-
ods and techniques applied by the Customer
and checking compliance with the require-
ments established in the internal organizational
and administrative documents on information
security issues.
The audit is a comprehensive inspection allow-
ing to evaluate the current level of information
security in the organization and to plan subse-
quent steps aimed at improvement the security
level. The audit may be conducted both for the
company in general and for specific critical
information systems or business processes.
THE FOLLOWING WORKS ARE CARRIED OUT AND TASKS ARE SOLVED DURING THE AUDIT:
1 COLLECTION AND ANALYSIS OF INITIAL DATA ABOUT THE CUSTOMER’S INFORMATION SYSTEMS:
Compiling a list of the Customer’s functional subsystems (and information systems), determining their structure and boundaries
Determining the Customer’s current information flows
Determining the content of the protected information processed in the existing information systems
Determining the information security meas-ures and techniques applied
Analyzing the current organizational and administrative documents on information security issues (by-laws, policies, proce-dures, regulations, job descriptions, etc.)
Evaluating compliance with the require-ments set forth in the internal organiza-tional and administrative documents on information security issues
Developing a report based on the results of the inspection, including recommendations on enhancing the efficiency of the methods used
ANALYSIS OF THE CUSTOMER’S RESOURCE SECURITY AND DEFINITION OF THE MAIN PRINCIPLES OF INFORMATION SECURITY:
Audit of information systems protection from various information security threats
Analyzing the possible scenarios for materi-alization of potential threats associated with the actions of both internal and external violators
Analyzing the efficiency of the information security products currently in use
RISK ASSESSMENT:
Developing the risk assessment methodo-logy that is suited to the ISMS
Develop criteria for accepting risk and identify the acceptable levels of risk
Determining the acceptable level of information risks
Developing recommendations for the treatment of risk
2
3
10
INFORMATION SECURITY 11
PREPARATION OF REPORT ON THE INFOR- MATION SECURITY AUDIT, INCLUDING THE FOLLOWING MAIN PROVISIONS:
Description (characteristics) of the security facilities, including technological and business parameters, preparation of the list of applicable organizational and administra-tive documents on information security and the procedures for their implementation
Evaluation of the current information security level within the scope of the audit, including analysis of the efficiency of the information security measures applied
Recommendations in case improvement of information security
2.1.1 ACTIVE INFORMATION SECURITY AUDIT
To obtain an objective evaluation of security
condition in both the Company's overall
information system and its specific nodes and
applications, and to control Compliance with
the standards, the Company should conduct
regular systemic checks (Audit) using various
penetration testing (Pentest) mechanisms in
the existing information system.
Active information security audit is usually
conducted within the scope of General IS Audit
at the stage of technical analysis of the
Customer’s IT infrastructure security. The results
of active IS audit allow identification of vulner-
abilities in the information system components
which could be used by intruders to organize
attacks on the Customer's IT infrastructure.
The Customer’s IT infrastructure security audit is
conducted by using two mechanisms: scanning
vulnerabilities of the internal network using a
network scanner and auditing the Customer’s
network services accessible from the Internet.
During the Customer’s IT infrastructure security
audit specialized software products are used,
i.e. security scanners.
PROCEDURE OF WORKS:
Based on the information received about the
facilities subject to vulnerability scanning
process, a scanning schedule is prepared and
the list of technical methods to be used for
analyzing the Customer’s IT infrastructure is
defined:
Penetration testing allows to evaluate security from the intruder’s viewpoint using specialized current bases and intelligent vulnerability search mechanisms which are as close to real-time intruders as possible.
Database security analysis allows obtain-ing an adequate evaluation of security for all of the popular database management systems (DBMS), including Microsoft SQL Server, MySQL, Oracle, etc. All of the possi-ble DBMS security aspects are evaluated,
4
1
SERV
ICES
12
2
3
4
5
including unauthorized escalation of DB user privileges, installation of false updates, mechanisms for controlling access isolation inside the DB, etc.
Web application security analysis allows detecting vulnerabilities in web application development, which can result in materiali-zation of various threat types, including SQL injection, Cross-Site Scripting, etc.
System checks use the mechanism of deep inspection of the most common operating systems, such as Windows, Linux and Unix, as well as client applications installed on the above, which are unavailable for evaluation in the penetration testing mode
Network scanner allows detecting all of the network nodes, open ports, operating systems and server applications with maxi-mum operational efficiency.
Scanning the network perimeter according to the established policies and the schedule.
Expert reviews of technical scanning results.
Analysis of the information received, deter-mining the possible vulnerabilities.
Developing recommendations on remedia-tion of the faults detected.
Based on the information obtained, the Custo-
mer will receive methodological guidelines and
recommendations on the localization, elimina-
tion and control of the vulnerabilities detected,
as well as the development or update of its
organizational-administrative documentation.
The recommendations concern both the use of
the current products for protection of confiden-
tial information at the Customer's disposal and
the implementation of additional products.
THE WORK RESULTS IN RECEIVING OBJECTIVE DATA ON THE TECHNICAL SECURITY
LEVEL OF THE ANALYZED INFORMATION SYSTEMS, AS WELL AS ON THE
VULNERABILITIES, BREACHES AND DEFECTS DETECTED IN THE SECURITY OF THE
CUSTOMER'S IT INFRASTRUCTURE RESOURCES. THE DATA OBTAINED WILL ALLOW
TO FORMULATE THE LEVELS OF RISKS DETECTED AND TO DETERMINE THE MOST
JUSTIFIED SECURITY MEASURES FOR THE ABOVE.
INFORMATION SECURITY 13
SERV
ICES
2.2 IMPLEMENTATION THE MANAGEMENT SYSTEM BASED ON ISO/IEC 27001:2005
As a certified partner of the British Standards Institution (BSI), which develops international IS
management standards, including ISO/IEC 27001:2005, LANIT provides services involving
establishment of information security management systems and their preparation to
certification audit. A BSI certificate obtained by a company not only serves as recognition of its
high level of Information Security organization, but, other terms being equal, constitutes an
undeniable competitive advantage over other companies, especially taking into account the
present-day steady growth of security threats.
An organization’s Information Security
Management System (ISMS) is based on the
international standard ISO/IEC 27001:2005.
While constructing its ISMS, an organization
can clearly determine how the Information
Security processes and subsystems are inter-
related in the company, who is responsible for
them, what labor and financial resources are
required for their efficient implementation and
operating, etc.
The main purpose the project of Implementa-tion ISMS constitutes the formation and ongo-ing maintenance of the conditions in the Company where the risks associated with infor-mation assets security are continually control-led and are at the acceptable level of residual risk. In this case, the information assets security is evaluated based on the degree of confidenti-ality, integrity and accessibility of the informa-tion required to implement the primary and the supporting business processes in the Company.
14
THIS AIM IS ACHIEVED BY SOLVING THE FOLLOWING TASKS:
Detecting the key business process which becomes the basis for ISMS activity in the Company
Detecting and classifying the Company's information assets
Implementing the information security management and assurance processes
Implemented the processes for analysis, assessment and handling of information security risks
Determining and documenting the main information security requirements and procedures
Evaluating the current administrative meas-ures, technical and physical information security products implemented in the Company
Preparing the main organizational-admi-nistrative documents taking into account the requirements of ISO/IEC 27001:2005
Implementing training and awareness programs
Compiling recommendations and determin-ing subsequent measures on monitoring, analysis and maintain and improve the implemented ISMS processes in the Company according to the requirements set forth in ISO/IEC 27001:2005
Optimization of information security costs
LANIT PROVIDES FULL RANGE OF CONSULTING SERVICES CONCERNING THE
FORMATION OF AN ORGANIZATION’S INFORMATION SECURITY MANAGEMENT
SYSTEM, FROM AN IN-DEPTH INVESTIGATION OF THE ORGANIZATION WITH
REGARD TO INFORMATION SECURITY TO CERTIFICATION IN THE SYSTEM OF THE
BRITISH STANDARDS INSTITUTION (BSI) OR ANOTHER COMPETENT
ORGANIZATION.
INFORMATION SECURITY 15
SERV
ICES
WHILE CREATING AN EFFICIENT SECURITY SYSTEM, SPECIAL ATTENTION IS PAID
TO INTEGRATED APPROACH CONCERNING INFORMATION SECURITY MANAGE-
MENT. THAT IS WHY MANAGEMENT ELEMENTS ARE NOT LIMITED SOLELY TO TECH-
NICAL OR SOFTWARE SECURITY PRODUCTS. THE EMPHASIS IS PLACED ON
ORGANIZATIONAL PROCEDURES AND PROCESSES AS WELL AS THE OVERALL
MANAGEMENT SYSTEM OF THE ORGANIZATION.
To build an integrated ISMS in a Company, attention should be paid to the most critical requirements to the information security management system listed in ISO/IEC 27000:2005:
Availability of a documented Information Security Policy
Control and monitoring of the possible breaches of the Information Security Policy
Compliance with documents and standards (providing compliance with the international and the internal guidelines and standards)
Providing information security during interaction with external parties
Identification and classification of the Company’s assets
Planning business continuity (providing protection of critical business processes from failures and disruptions)
Controlling access to information resources and services provided
Development and support of system and application software (providing information security functions in operating systems and applications)
Controlling user compliance with the rules set forth in the Information Security Policy
Infrastructure management (reducing the risk of system failures, preventing damage to network equipment, control over confi-dentiality, integrity and accuracy of informa-tion during its transmission)
16
WITH ITS VAST EXPERTISE IN DEVELOPMENT OF THE ABOVE MENTIONED DOCU-
MENTATION, LANIT IS READY TO OFFER THE SERVICES OF EXPERIENCED
SPECIALISTS WHO WILL DEVELOP ORGANIZATIONAL-ADMINISTRATIVE DOCU-
MENTS, INCLUDING POLICIES ON SPECIFIC AREAS OF ACTIVITY, PROCEDURES,
REGULATIONS AND INSTRUCTIONS WHICH, AS A WHOLE, CONSTITUTE A PACKAGE
OF DOCUMENTS FOR THE INFORMATION PROTECTION SYSTEM. LANIT PROVIDES
CONSULTING SERVICES INVOLVING DEVELOPMENT OF DOCUMENTATION FOR
VARIOUS CUSTOMER NEEDS, INCLUDING PREPARATION TO CERTIFICATION AND
LICENSING PROCEDURES.
During its lifecycle, the Information Security System (ISS) undergoes material changes, developing with time, which requires ongoing
improvement of the organizational-admini-strative and regulatory documents.
The documents are prepared according to the requirements set forth in the international standards on IS management and the guideline
documents provided by the Federal Service for Technical and Export Control of Russia and other regulators in the information security field.
2.3 DEVELOPMENT OF REGULATORY AND ORGANIZATIONAL- ADMINISTRATIVE DOCUMENTATION
INFORMATION SECURITY 17
SERV
ICES
IS Conceptof Organization
IS Policy of Organization
Individual IS policies
Procedures, regulations
Instructions
Development of regulatory andorganizational-administrative documentation
2.3.1 INFORMATION SECURITY CONCEPT OF THE ORGANIZATION
Development of an organization’s Information
Security Concept as a systematic description of
the information security goals and objectives,
the main principles of IS system architecture,
the organizational, technological and proce-
dural aspects of information security assurance
in the organization’s information and computer
system.
2.3.2 INFORMATION SECURITY POLICY OF THE ORGANIZATION
Development of organization’s Information
Security Policy as a top-level document decla-
ring the main principles of the approach to
Information Security Management System.
2.3.3 INDIVIDUAL INFORMATION SECURITY POLICIES, PROCEDURES, AND INTERACTION REGULATIONS
Development of individual policies and other
documents of level 2 and lower, with a detailed
description of the information security methods
and techniques, down to instructions for
administrators and users of specific applica-
tions.
IS ConceptIS Conceptof Organizationof Organization
IS Policy of OrganizationIS Policy of Organization
Individual IS policiesIndividual IS policies
Procedures, regulationsProcedures, regulations
InstructionsInstructions
Ensuring continuity of key business processes which directly affect the company’s ability to produce profit constitutes the most important task of any enterprise. Operational faults cannot be avoided, including in case of natural and technogenic disasters.
To reduce the consequences of such faults to a minimum and to minimize the risk of such faults in information systems, various recommenda-tions and methodologies have been developed. The British Standards Institution (BSI) has consolidated the best global recommendations into a single code of practices (Best Practice) in international standard ISO 22301.
Business continuity management constitutes a process closely connected to the company’s primary business, in the course of which the strategic and operational system is formed according to the company’s goals aimed at:
Ongoing improvement of the organization’s capability for restoration of its primary activity
Providing the Company with capabilities for risk management with regard to continuity of the main business processes and protec-tion of the organization’s reputation
Providing a practiced method for restora-tion of the organization’s capability to manufacture its main products or provide primary services
BENEFITS FROM IMPLEMENTATION OF AN EFFICIENT BUSINESS CONTINUITY MANAGE-MENT PROGRAM IN THE COMPANY:
Ability to promptly determine the impact caused by disruptions in the normal course of operations
Ability to manage risks
A system for effective response to disrup-tions in the normal course of operation which enables to minimize the impact of such disruptions
2.4 ENSURING BUSINESS CONTINUITY BASED ON BS 25999/ISO 22301
18
Ongoing process improvementBusiness Continuity Management System
Interested parties
Managed businesscontinuity ВСМ
Establishment –
PLAN
Maintainand
improve –
ACT
Monitoringand review–
CHECK
Implemen-tation –
DO
Ability to take reliable incident response measures due to drills
Improvement of reputation and acquiring a competitive advantage due to the tested capability to ensure ongoing supply
The Standard introduces the notion of Business Continuity Management System (BCMS). BCMS allows organizing, controlling and improving the overall business continuity management process in the Company.
Within the scope of projects on building and implementation of a business continuity system based on BS 25999/ISO 22301, LANIT offers the following services:
Designing fail-safe IT infrastructure functioning schemes and testing theme within the framework of pilot projects
Implementation of fail-safe IT infrastructure functioning schemes
Development of regulatory documentation for switching to backup capacity in case of failures in operation of IT infrastructure
Testing the mechanism for switching to backup IT infrastructure capacity in terms of continuity of business processes
Formalizing the process ensuring continuity of IT infrastructure operation and imple-menting the process system for Business Continuity Management (BCM) aimed at protecting the designated key business processes in the Company from unexpected emergencies
Implementation of BCMin the organizational culture
Interested parties
BCM requirementsand expectations
Understan- ding of the organization’sbusiness
Managementof BCM program
Trainings, program update and monitoring
Establishin- gand imple-
menting the BCM response system
Develop-mentof BCM strategy
Business Continuity lifecycle and PDCA cycle
INFORMATION SECURITY 19
SERV
ICES
Within the framework of the project for imple-mentation of business continuity management systems, the following tasks are solved:
Analyzing the impact of emergencies on the Company’s key business processes (Business Impact Analysis – BIA)Developing a strategy for continuity of business and IT services
Developing variants for protection of the Company’s information system from emer-gencies and approving the budget of a dedicated disaster-proof solution
Developing incident management plans, Business Continuity Plans, and Disaster Recovery Plans
A formalized method for determining the impact of any disruption in the ordinary course of activities ensuring manufacture of basic products and services in the organization
Realistic evaluations of the current recovery parameters (Recovery Time Objective - RTO, Recovery Point Objective - RPO) for specific subsystems, infrastructure elements and for the Customer’s inspected infrastructure in general
Identified risks associated with the architecture, implementation peculiarities and practical operation of infrastructure and services which support the key business processes and services of the Company
Documented engineering solutions and organizational procedures in the form of a structured Emergency Recovery Plan which provides evaluation of an emer-gency, its correlation with a certain scenario defined in the above Plan, making decisions on activation of the Plan, control and chronometry of the emergency recovery procedures
A ready Testing Program for business continuity management
Identified capabilities for improving the current IT service continuity solutions (quick wins)
Recommendations on the procedures, terms and man-hours required for trai- ning the personnel participating in the processes of implementation of the busi- ness continuity management system for the Customer’s organization in general
DUE TO THE ABOVEMENTIONED PROJECTS, THE CUSTOMER ACQUIRES:
20
SERV
ICES
INFORMATION SECURITY 21
2.5 PERSONAL DATA PROTECTIONLANIT offers a full range of services to provide compliance with the Requirements of Federal Law of the Russian Federation №152-FZ "On personal data" as of July 27, 2006, which sets forth the main requirements to personal data processing and security procedures.
Below are the key stages of works carried out by LANIT specialists while creating a personal data protection system and bringing the Customer's personal data information systems into compli-ance with the requirements of Federal Law №152-FZ "On personal data:"
Stage 1 Audit of Personal Data (PD) handling processes and IT infrastructure:
Collection and analysis of source data Separation of PD information flowsCategorization of PDDetermining the employees involved in PD processingDetecting Personal Data Information Systems (PDIS) Separation of documents regulating PD processing in the CompanyDetermining the current PD protection mechanisms
Stage 2 Analysis of the information collected and preparation of reporting documentation:
Agreement with the Customer upon PDIS composition, structure and classesDevelopment of the Threat Model, classifi-cation acts, and PDIS DescriptionPreparing a report based on the inspection conducted at the Customer’s facilities
Stage 3 Development of organizational-admi- nistrative documents to ensure PD security.
Stage 4 Creation of the PD protection system: selection of the optimal PDIS security products, development of the technical assignment, design assignment, etc.
Stage 5 Supply and startup of PD protection system (including commissioning works).
Stage 6 Preparation of PDIS to attestation (if necessary).
Preparation to checks by Federal Su- pervision Agency for Information Technologies and Communications (Roskomnadzor), Federal Service for Technical and Export Control (FSTEC), and Federal Security Service (FSS) of the Russian Federation, conducted with regard to personal data operators.
Stage 7
In addition to that, LANIT offers the services
involving urgent preparation of Customers to
checks of PD processing compliance with the
requirements of the Russian Federation perso-
nal data laws conducted by regulators. Within a
period from one to four weeks, LANIT will
inspect the Customer’s facilities, develop the
necessary organizational-administrative docu-
ments, provide instruction for users, and will be present during the site inspection by regulators to protect the Customer’s interests.
Following the implementation of a complete set of measures for creating the personal data protection system, LANIT will continue its coope-ration with the Customer providing full techni-cal support and consulting.
Inspecting the personal data handling processes and IT infrastructure
Preparing a report on inspection
PDIS preparation for attestation(if necessary)
PDIS attestation for compliance with the information security requirements(if necessary) or compliance evaluation
Preparation of the Customer to checksby Roskomnadzor, FSTEC, FSS conducted with regard to personal data operators
Stages of bringing the personal data information systems into compliance with the requirements of Federal Law № 152-FZ "On personal data"
Development of personal data security threat models for each PDIS and PDIS classification
Development of a set of organizational-admini-strative documents for PD processing and protection
Supply and setup of infor- mation security products
Creating a PD protection system
22
Support of the personal data protection system
SERV
ICES
INFORMATION SECURITY 23
LANIT PROVIDES CONSULTING SERVICES FOR PREPARATION OF THE REGULA-
TORY-PROCEDURAL AND ORGANIZATIONAL-ADMINISTRATIVE DOCUMENTATION
AND CHECKS COMPLIANCE WITH OTHER REQUIREMENTS TO THE LICENSE ESTAB-
LISHED BY INFORMATION SECURITY REGULATORS BASED ON THE LICENSE’S
RESPECTIVE TYPES OF ACTIVITY.
2.6 CONSULTING OF ORGANIZATIONS ON PREPARATIONS CONCERNING LICENSING PROCEDURES According to the Russian laws, certain types of activities require that the company should have the appropriate license.
A license from the FSS of Russia has to be obtained for development, manufacture, tech-nical maintenance and distribution of encryp-tion (cryptographic) tools.
A license from the FSTEC of Russia has to be obtained for activities involving technical protection of confidential information.
LANIT provides the following services in the course of preparatory works for organizations seeking FSS and FSTEC licenses:
Preparation of regulatory-procedural and or- ganizational-administrative documentation
required to pass the licensing proceduresPreliminary expert review of the documents prepared to check their compliance with the requirements set forth by the licensing authoritiesChecking compliance with the require-ments to a license applicant, based on its respective activity types, set forth by information security regulatorsPreparation of recommendations and taking steps aimed at prompt elimination of the detected non-conformities to the licens-ing requirements
LANIT provides services involving:
Certification tests of information security products for compliance with Guideline Documents of the FSTEC of Russia
Attestation tests of automated systems for compliance with the Guideline Documents of the FSTEC of Russia
Special lab tests and equipment checks
2.7.1 ATTESTATION OF INFORMATIZATION FACILITIES
Attestation of informatization facilities consti-
tutes a set of organizational and technical
measures which result in verification, by virtue
of a special Compliance Certificate, of the
facility’s compliance with the requirements set
forth in the information security standards or
other regulatory and technical documents
approved by FSTEC of Russia.
2.7 ORGANIZATION OF CERTIFICATION AND ATTESTATION PROCEDURES FOR INFORMATION INFRASTRUCTURE, SPECIAL STUDIES AND SPECIAL CHECKS OF EQUIPMENT
24
INFORMATIZATION FACILITY (IF) CONSTITUTES A SET OF INFORMATION
RESOURCES, INFORMATION PROCESSING EQUIPMENT AND SYSTEMS USED
ACCORDING TO THE SET INFORMATION TECHNOLOGY, INFORMATIZATION FACIL-
ITY UTILITIES, PREMISES OR FACILITIES (BUILDINGS, STRUCTURES, EQUIPMENT)
WHERE THE ABOVE ARE INSTALLED, OR PREMISES AND FACILITIES DESIGNATED
FOR CONFIDENTIAL NEGOTIATIONS.
An informatization facility with a valid Certifi-
cate of Compliance is entitled to process
information with the relevant confidentiality
level within the time period specified in the
Certificate of Compliance. Information facilities
processing information which constitutes state
secrets or confidential information are subject
to mandatory attestation.
Attestation provides for comprehensive check
(attestation tests) of the protected informatiza-
tion facility in real-time operating conditions
with a view to evaluating compliance of the set
of security measures and products currently in
use with the required information security level.
The procedure for informatization facility attes-
tation with regard to information security
requirements includes the following actions:
Preparation to attestation (if necessary)
Preliminary study of the facility subject to attestation
Tests of non-certified information security products and systems used at the facility subject to attestation (if necessary)
Developing a Program and Methodology of Attestation Tests
Conducting attestation tests
Execution, registration and issue of the Certificate of Compliance
INFORMATION SECURITY 25
SERV
ICES
Cyber security of industrial control systems (ICS)
is becoming critical for ensuring efficiency,
continuity and safety of the ICS operation.
Unauthorized access to ICS components,
network or data may result in serious financial
issues, loss of production, environmental
impacts or direct danger to human life.
Initially ICS were isolated, highly specialized
systems developed for individual customers.
With this approach in place, information
security risks had lowest priority. Now ICS are
adopting standard IT solutions such as Internet
Protocol and widely used operating systems to
promote connectivity with corporate business
systems. But still, most information security risks
remain unaddressed.
In most cases, ICS do not provide necessary
security mechanisms, such:
User, device and node authentication
Verification of correct use of communication protocols
Integrity of the information and control signals
Protection from unauthorized access to ICS nodes and communication channels
Integrity of ICS software and logic
2.8 INDUSTRIAL CONTROL SYSTEMS SECURITY
26
LANIT HAS NECESSARY SKILLS AND EXPIRIENCE TO IMPLEMENT WIDE RANGE OF
INFORMATION SECURITY SOLUTIONS. LANIT WILL HELP YOU TO CHOOSE
APPROPRIATE SOLUTIONS AND PROVIDE SEAMLESS INTEGRATION OF NECES-
SARY SECURITY CONTROLS INTO ICS.
For ICS that are already in-place security mecha-
nisms have to be integrated into the current
system as a separate hardware and software. For
the security measures to be efficient, the
company have to develop a set of internal
policies and instructions that determine proper
procedures for various security controls and
corresponding responsible personnel.
A wide range of engineering solutions, stand-
ards, protocols and technical approaches imple-
mented in various ICS makes it tremendously
difficult to develop universal information
security solutions. It also complicates integra-
tion of information security solutions into the
ICS without interruption of the production
cycle.
We use an integral approach to ICS security,
providing the information security controls and
solutions on every level of ICS architecture.
Security solution we use are integrated into a
unified ICS security operations center. Solutions
we are able to integrate into ICS include (but
not limited to):
Firewalls (FW)
Intrusion prevention systems (IPS)
Antivirus solutions and End-point protec-tion systems
Vulnerability management systems (VMS)
Security Information and Event Manage-ment (SIEM)
Virtual Private Networks (VPN)
Access Control Systems (ACS)
INFORMATION SECURITY 27
SERV
ICES
28
Due to significant consequences of ICS security
breach authorized parties including govern-
ment organizations have been developing
mandatory standards and requirements on ICS
security. LANIT will help you evaluate relevant
legal regulatory requirements on ICS security
and to implement them with maximal
efficiency.
ICS security controls
24-hour registration of any Cus- tomer queries with regard to the solutions supplied by LANIT's NID
Customer site visit services
Services involving replacement of the Customer’s equipment
Providing training to the Customer’s personnel (both in the RF and abroad)
Software updates
Software testing on the test bench in the Service Center
Development and testing of pilot projects
Additional set of services ("Extended Support") for solutions that are especially complex from the implementation and support viewpoint
SERV
ICES
INFORMATION SECURITY 29
2.9 SERVICE CENTER FOR INFORMATION SECURITY SYSTEMS The Service Center for Information Security Systems operates based on LANIT's Network Integration Department (NID). The main mission of the Service Center is to support major IT systems or the Customer’s IT systems critical from the security viewpoint, as well as IT systems that are especially complex from service maintenance viewpoint.
LANIT Service Center for Information Security Systems offers its Customers a set of services including technical support of software and hardware solutions within the effective period of warranty garanties of information system and component manufacturers, as well as based on separate service agreements.
MAIN BENEFITS RESULTING FROM WORKWITH THE SERVICE CENTER
FOR INFORMATION SECURITY SYSTEMS:
Network security and VPN solutions
Data leak prevention
Traffic control and filtering
Security Operation Center (SOC)
Identity and Access Management System (IAM)
DDoS detection and countering
LANIT OFFERS A WIDE RANGE OF INFORMATION SECURITY SOLUTIONS:
30
INFORMATION SECURITY 31SO
LUTI
ON
S
Solutions for perimeter security, i.e., the level
where the internal network comes into contact
with the external public networks, and for data
transmission channels are designated for any
small, medium and large business organization.
The above technology solutions are based on the
functional basic information security Solutions
such as firewalls, intrusion detection and preven-
tion Systems, and VPN concentrators.
Firewalling systems act as the first security frontier
and are installed on the network boundary. They
allow control of specific applications at a protocol
level, thus providing external information into the
internal network according to a predefined set of
rules. Such systems allow determining the correct
structure of incoming packets at application level,
which enables them to stop attacks on internal
resources.
3.1 NETWORK SECURITY AND VPN SOLUTIONS
THE ABOVE SECURITY PRODUCTS, PUT TO GOOD USE AND COMBINED WITH THE
VAST EXPERTISE OF LANIT SPECIALISTS IN THE FIELD OF NETWORK SECURITY,
GUARANTEE A HIGH LEVEL PROTECTION OF IT INFRASTRUCTURE FROM EXTERNAL
AND INTERNAL THREATS.
3
Intrusion Detection and Prevention Solutions
are designed to filter the network traffic and
protect the internal network, i.e., servers, network
equipment and users, from external attacks,
parasitic traffic, etc. Using a combination of
various counter measures against attacks, includ-
ing application signature and behavior analysis,
they provide the highest level of malicious activity
detection. Such systems are installed on commu-
nication channels and operate based on the
gateway principle – the information that passes
through them is "purified" and suitable for safe
use. Unlike demilitarized zone security systems,
which are designed mainly to withstand attacks
from public networks, the intrusion detection and
prevention systems are configured to fight specific
types of malicious activity critical for the organiza-
tion, including through the internal network, to
protect the databases and the most important
segments of the Company’s IT infrastructure.
Apart from classic firewalls and intrusion preven-
tion systems, the current threats call for the use of
specialized Web application and database security
systems. Such solutions enable to check traffic on
the highest possible level, which allows a more
accurate detection and termination of security
threats specific for the given traffic type.
SOLUTIONS OFFERED BY LANIT ALLOW DETECTING WHICH WEB APPLICATION USER
MADE THIS OR THAT ALTERATION TO THE DATABASE, THUS ENABLING MUTUAL COR-
RELATION OF EVENTS. IN ADDITION, THE ABOVE SOLUTIONS BRING THE WEB APPLI-
CATION AND DATABASE SECURITY LEVEL VIRTUALLY TO 100% DUE TO THE DYNAMIC
PROFILING TECHNIQUE, WHEN THE SECURITY SYSTEM FORMS A STRICT OPERA-
TIONAL PROFILE OF THE APPLICATION AND SUPPRESSES ANY SUBSEQUENT DEVIA-
TIONS FROM THE NORMAL OPERATING MODE. THEREFORE, EVEN THE APPLICATIONS
WHICH CANNOT BE OVERWRITTEN OR CORRECTED CAN BE SECURED.
32
Wireless Network Security Solutions are also
aimed at intrusion prevention and internal
network protection. An important peculiarity of
the above solutions is their objective of detecting
and suppressing the operation of unauthorized
access points - modems, laptops, etc. that consti-
tute a powerful information leak channel as they
are usually equipped with independent Internet
connections. As the coverage zone of wireless
access points often extends beyond the control-
led zone, cryptographic security methods should
be used to protect confidential information.
Organization of secure data transmission chan-
nels constitutes the basic objective of perimeter
security tools and is implemented by means of
Virtual Private Network (VPN) technology. In this
case, depending on objectives, various VPN
technologies can be applied. To implement a
secure branch data transmission network, IPSec
VPN is used, while SSL VPN is used to provide
remote access of employees to internal resources.
SSL VPN concentrator provides secure remote
access to the enterprise’s information resources
via the SSL VPN channels, which increases the
overall security level during operation through
open data transmission channels. The use of
national encryption algorithms provides
additional assurance in the integrity of the
information transmitted. The above solutions
operate through the user’s browser, providing
convenient and transparent work with the appli-
cations required by the user, without the need to
install special software on the workstation or
laptop.
TO IMPLEMENT VPN INFRASTRUCTURE, LANIT OFFERS ITS CUSTOMERS A WIDE
RANGE OF DATA ENCRYPTION SOLUTIONS USING BOTH RUSSIAN AND FOREIGN
CRYPTOALGORITHMS.
INFORMATION SECURITY 33SO
LUTI
ON
S
Centralized Perimeter Security Control System
provides the administrator with a single interface
for interaction with the security system. It enables
centralized collection of logs and security events,
input of incident data based on the above events
and control over the process of solving the above.
This system allows a material reduction in the
administration costs of overall infrastructure
security management.
LANIT CUSTOMERS ACQUIRE:
An integrated system for protection of internal infrastructure against external threats
Minimization of the probability for unauthorized access to the company’s information resources
Increasing customer trust level by creating a trusted data transmission environment both within and beyond the company
Providing the required accessibility level for internal resources combined with a high security level
Saving financial resources and reduction of administrative expenses to maintain the relevant security level
Increasing the overall efficiency of business processes due to high accessibility of resources and mobility of users
34
INFORMATION SECURITY 35SO
LUTIONS
Diagram of perimeter and communication channels security
36
Control of confidential information leaks is grow-
ing more complex year by year. Internal informa-
tion security policies do not limit the employees’
desire to share confidential information with work
colleagues, friends and employees from other
companies. The growth of information technolo-
gies contributes to the increase in the number of
information leak channels (email, ICQ, Skype,
Internet forums, etc.). To efficiently detect and
prevent leaks of confidential information, organi-
zations require DLP class solutions (Data Leak
Prevention).
The contemporary DLP systems allow detecting
and preventing data leaks via all technical chan-
nels, i.e., proxy servers, mail servers, messenger
channels (including Skype), network printers and
removable media.
The above mentioned solutions use two main technologies:
"Word form" technology which stipulates that
critical information messages and confidential
documents should be included in the data
bank system using either key words associated
with the business specifics or based on
passport data, contract numbers, words like
"confidential," etc.
FingerPrint technology allowing to create
digital fingerprints which enable quick identifi-
cation of critical data banks based on "visual
resemblance" principle. The technology allows
processing of any document types, including
graphical (drawings, images) and audio files
(music).
3.2 DATA LEAK PREVENTION
THE MAIN BENEFIT OF USING DLP CLASS SOLUTIONS BY LANIT’S CUSTOMERS IS THE
PREVENTION OF INFORMATION LEAKS WHICH OFTEN CAUSE DIRECT FINANCIAL
LOSSES. THE COMPANY MANAGEMENT CAN OBTAIN INFORMATION ABOUT THE
DATABASES EACH EMPLOYEE WORKS WITH. SUBSEQUENTLY, THIS WILL ENABLE
ADJUSTMENT OF ACCESS RIGHTS TO THOSE DATABASES AND DETECT INSIDERS,
THUS PREVENTING INFORMATION LEAKS.
INFORMATION SECURITY 37SO
LUTIONS
Data leak prevention system
38
3.3 TRAFFIC CONTROL AND FILTERINGTraffic filtering allows to make decisions regarding
traffic legitimacy based on the analysis of its
content and not on the sender’s or recipient’s
address. The analysis is generally applied to mail
and web traffic. The technique allows a much
more flexible and accurate filtering, providing the
Company with virtually complete control over
employee and server traffic. The content analysis
enables to efficiently deal with such corporate
network security threats coming from outside as
financial fraud ("fishing") and malware pene-
tration, including Trojan horses, worms, rootkits,
backdoors, adware, etc.
3.3.1 MAIL TRAFFIC FILTERING
This filtering type is traditionally used to detect
and block unwanted messages (spam) and
penetration of malicious software; however, it can
also be used to solve the tasks associated with
data leak prevention.
There exists a whole range of methods for
evaluating the content of mail traffic:
Statistical analysis (Bayesian method, etc.)
Blocking attachments of certain type
Analysis based on the list of key words/phrases and regular expressions
Analysis of message headers
Heuristic analysis of text (searching for typical patterns of spam messages)
Checking the message body and attachments for malicious code
Taken as a whole, the above methods allow
detection and prevention of unwanted traffic
penetration into the organization’s network.
INFORMATION SECURITY 39SO
LUTI
ON
S
3.3.2 WEB TRAFFIC FILTERING
Web traffic filtering is designated to solve two
main tasks – controlling employee access to
unwanted resources and preventing malware
penetration to user computers. Contemporary
filtering tools allow analyzing not only the open
protocols (HTTP, FTP, ICQ) but also encrypted ones
(HTTPS and Skype). Web traffic filtering is based on
various criteria (key words, malicious code in
bodies of web pages, HTML code anomalies, etc.).
Web traffic filtering allows to protect the
organization’s network from compromise, and,
therefore, from financial and goodwill losses, and
to save employees’ labor hours.
3.3.3 APPLICATION USE CONTROL
Uncontrolled installation and startup of software
by employees on their workstations constitutes a
problem for most companies and bears serious
information security risks. In addition, it can result
in additional problems if users install and use
illegal software without the knowledge of the
employer. Application use control systems are
designed to solve the above problem.
Up-to-date systems of the above class allow
forming a complete image of the software used in
the Company and providing flexible control over
the process. Thus, not only can administrators ban
or allow a specific application to be run, but they
can also allow limited running, i.e., ban access to
the network or printer, allowing all other
functionalities. The dynamic structure of ‘white
lists’ of the permitted software makes the
administrators’ tasks easier and allows material
cutting of costs for list processing.
3.3.4 INTEGRATED ANTIVIRUS PROTECTION
The current antivirus systems consist of two
components. The first one is the protection of
workstations and is implemented by installing
antivirus agents on the users’ workstations.
Presently, the agents are usually characterized by
multi-functionality: they include virus attack
detection systems, firewalls, various IT
environment controls and authorization tools.
The second component of an up-to-date antivirus
system constitutes filtering on the level of
gateway installed at external information access
points in the organization’s IT system. This
component can also be implemented using two
types of solutions: either via a threaded antivirus
gateway or by filtering the incoming information
flow at the application systems level, in the form of
firewalls installed on communication channels.
40
Integrated antivirus protection consists of the
above two components and is usually based on
the whole range of various software and hardware
solutions. The system can provide protection of
major corporate nodes, such as mail, Web servers
and user workstations, as well as protection of IT
environment from its user in case the latter is
infected with malware.
First of all, the above effect is achieved by neutral-
izing a significant amount of virus threats at the
gateway level. Considering the fact that installa-
tion of antivirus agents takes up quite a lot of IT
resources (up to 30-40%), this variant of fighting
viruses does not seem very efficient. Viruses can
be stopped at the perimeter, on the gateway level.
This enables to reduce the load on users and their
workstations and to eliminate incompatibilities
between the antivirus and the corporate software.
It should be emphasized that protection of certain
facilities, including servers, with antivirus agents is
not economically efficient, as it is very expensive
from the operating viewpoint.
Data control and filtering diagram
Users
Mail(SMTP, IMAP,
POP3)
WEB (HTTP, HTTPS, FTP)
IM (ICQ,Skype, Jabber)
Antivirusprotection
Internet URL-filtering
MAIL-filtering
«Clean»traffic
Malicious code Fishing Spam
THE ANTIVIRUS PROTECTION SOLUTIONS OFFERED BY LANIT OFFERS THE CUSTOMER
SIGNIFICANT SAVINGS OF EXPENSES ON IT INFRASTRUCTURE AS WELL AS ECONOMY
OF PROFESSIONAL LABOR HOURS.
Creation of Security Operation Centers is among the most relevant lines of development in the IT industry. Essentially, this is the center for security incidents management which constitutes a single segment for managing all of the security mecha-nisms as well as the IT infrastructure monitoring.
A Security Operation Center allows centralized information security management in the Customer’s company, which is achieved by regulating the information security threat neutralization mechanisms, a complete and accurate understanding of the condition of the corporate information system and comprehensive monitoring of the security condition of IT services. Organizing a reasonable balance of technologies, processes and human resources, a SOC offers the capability for continual monitoring of the corpo-rate information system, tracking of the security incidents and fast implementation of counter-measures in response to threats.
A Security Operation Center consists of the following basic set of subsystems:
Security incident and event management subsystem
Security control subsystem
Change control subsystem
Update management subsystem
Reporting subsystem
Management subsystem
Subsystem for control of regulatory compliance
Storage subsystem
The main component constitutes the Security Incident and Event Management (SIEM) system. This solution is designed to collect information from all security mechanisms, network devices, servers and employee workstations. The system provides an intelligent mechanism for correlation between events from various sources, which helps detect even the most complex types of attacks, including time-phased ones.
3.4 SECURITY OPERATION CENTER (SOC)
INFORMATION SECURITY 41SO
LUTI
ON
S
42
BENEFITS OF USING THE SOLUTION
MANY INFORMATION SECURITY INCIDENTS CAN HARDLY BE ANALYZED "MANUALLY"
ESPECIALLY WHEN THE ANALYSIS INVOLVES COMPARISON OF DATA FROM VARIOUS
INFORMATION SECURITY SYSTEMS. LET US CONSIDER A VERY SIMPLE SITUATION: AN
EMPLOYEE WHO ENTERED THE BUILDING WITHOUT HIS ACCESS PASS LOGS INTO THE
IT SYSTEM USING HIS OWN PASSWORD. THIS SITUATION IMMEDIATELY CALLS FOR
THE ATTENTION OF A DESIGNATED ADMINISTRATOR. FOR IT SYSTEMS WHICH
INCLUDE HUNDREDS OF WORKSTATIONS AUTOMATION OF SIMILAR CONTROL PROC-
ESSES IS VITAL – "MANUAL" CONTROL IN SUCH CASES IS NOT SIMPLY EXPENSIVE, IT IS
OFTEN PHYSICALLY IMPOSSIBLE TO IMPLEMENT.
This is an automated system which enables real-time detection of an attack, determining how critical it is for the IT system at the network administrator’s workstation, and displaying the attack history: its origination, the nodes it affected,
and the damage caused. In this case, both the integrated and the customized event correlation rules can be used, thus providing capability for connection of even unique systems, including those developed by customers.
Integrated solutions developed by LANIT in the sphere of Information Security and IT monitoring allow:
Completing a full cycle of incident response due to integration of monitoring tools in the incident management processA timely response to a detected incident and elimination of its consequences
Collection and analysis, within a single system, of all the signals received from the technical monitoring and information security systems
Prompt detection of the causes for failures and determining the enterprise’s department responsible for elimination of the above
Reducing the time for elimination of defects and the downtime of IT infrastructure
Providing capability for retrospective analysis of the security metrics and the information systems operation
Long-term storage of information systems statistics
Providing uniform reports on the condition of information systems
Recording and analyzing failures in the opera-tion of IT infrastructure with a view to its improvement and cost minimization
Reducing business losses associated with IT infrastructure downtime
INFORMATION SECURITY 43SO
LUTIONS
Schematic diagram of Security Operation Center (SOC)
44
3.5 IDENTITY AND ACCESS MANAGEMENT (IAM)Identity and Access Management Systems (IAM)
are generally popular with organizations with a
large number of applied IT products and an
extensive system of user authorization.
The construction of similar systems includes two
tasks:
Development of a role model according to which access rights for system users will be defined
Building an IAM system according to the developed role model
An IAM system enables, based on the developed
role model, to unify the employee access rights to
all (including self-designed) information resources
in the organization as well as to automate the
processes for granting/revocation of information
resource access rights of employees depending
on their roles.
INFORMATION SECURITY 45SO
LUTIONS
Identity and Access Management Structure
46
3.6 DDOS DETECTION AND COUNTERINGDDoS attacks have long overgrown the ruffian,
often absurd, category and turned into a powerful
tool of competitive struggle. Few would be
surprised at the fact that a DDoS attack can be
ordered on Ebay for USD 300. In this case, an
attack can aim either at a separate business
resource (Web server, internet portal, virtual shop,
etc.) or at overall data transmission channels – in
order to limit or totally block access to the facility
being attacked.
LANIT offers two types of solutions for counter-
ing DDoS attacks:
The first solution includes systems designed
for communications operators. They are the ones
suffering most from DDoS attacks, even if their
own services are not the object of the attack.
Implementation of such solutions will enable
them not only to protect their own resources,
providing the required service level and conform-
ing to the Service Level Agreement (SLA), but also
to provide security services for their clients. The
advantages of operator-class solutions include
simple integration into the existing IT infrastruc-
ture due to the capability for "out-of-band" mode
installation. In this case, the cleansing system
receives only the traffic from the object under
attack, without the need to make prompt changes
in traffic routing.
The second solution involves systems for
corporate Customers wishing to protect their IT
infrastructure from DDoS attacks. These systems
are especially relevant for the business types
where a denial of service for clients caused by a
DDoS attack immediately results in significant
financial losses, i.e., for banks or online shops.
1
2
INFORMATION SECURITY 47SO
LUTIONS
Diagram of DDoS attacks detection and countering
TO COUNTER DDOS ATTACKS, LANIT OFFERS SOLUTIONS BASED ON PRODUCTS BY
LEADING VENDORS, SUCH AS RADWARE AND ARBOR, WHICH ALLOW SIMULATION OF
IT SYSTEM’S OPERATIONAL PROFILES IN THE STANDARD MODE AND, IN CASE OF SERI-
OUS DEVIATIONS, AUTOMATICALLY DETECT MASS NONSTANDARD REQUESTS AND
REJECT THEM, AS WELL AS OTHER REQUESTS FROM SUSPICIOUS ADDRESSES.
48
PART
NER
S
Symantec specializes in security, data storage and system management solutions which help corporate clients and end users to provide security and manage informa-tion. Symantec is among the leading suppliers of antivirus solutions, vulnerabil-ity control products, software for filtering Internet information resources and solutions for data loss prevention in the process of their storage or use, as well as information security services for enterprises all over the world. The company’s ability to successfully integrate its products enables Symantec to offer best-in-class solutions for millions of corporate and individual customers in more than 50 countries, holding leading positions on the market.
BSI Management Systems (BSI – British Standards Institution) is a recognized leader in the sphere of management systems certification and a founder of the Interna-tional Organization for Standardization (ISO), as well as other international organi-zations and associations. BSI Management Systems offers independent assessment of second and third parties, certification of management systems, and personnel training. All of the above enables its clients to implement the best global methods, technologies and standards in their business, which, in turn, makes them confident competitors under any circum-stances. In its work, BSI uses best global practices that add value to the company assisting it in developing its tactics and winning strategy intrinsic to global-level organizations.
Cisco Systems is a recognized leader in network solutions, offering a wide range of information security products from firewalls and attack prevention systems to content supervision, application security tools and personal security systems for servers and workstations. The innovations of Cisco Systems in the security field provide protection of network computers, web and email services. Cisco Systems acquired leading positions and is among leaders not only on the global market, but in Russia and CIS as well, offering email and Internet access security products, Secure Access Control and security management solutions.
http://www.bsi-russia.ru/ http://www.cisco.com/http://www.symantec.com/
4www.lanit.ru
ourpartners
INFORMATION SECURITY 49
Protecting the Data That Drives Business®
Headtechnology is a specialized distributor of information security solutions. Founded in early 2005, headtechnology RU is now a leader on the information security solutions distribution market. The main lines of activity include protection of corporate data from theft and leaks, control of all ports and external devices on the corporate level, protection against unwanted and malicious software, cryptographic protection of laptops, servers, PDA, specific folders and files, corporate email, filtering of web traffic, protection of corporate email from spam and viruses, content filtering of email messages; virtualization of data for management and storage of the continually growing information volumes, profound audit and control of administrators’ work at all levels; real-time network control, NAC; centralized password management; strict authentication systems and tools.
Imperva is a unique developer and manufacturer of products for security of web applications and database management systems (DBMS). A great number of large businesses and state institutions around the world rely on automated, scalable and modern business process-oriented solutions provided by Imperva which are aimed at preventing information theft, data substitution and modification. Imperva’s products allow to solve many pressing problems in the field of information security, to implement the requirements set forth in international standards SOX, PCI and HIPAA, conduct database audit without reducing the efficiency of business tasks performance.
Netwell was created in 2003 to distribute on the Russian market the telecommunication equipment and technologies of leading manufacturers, including Juniper Networks, Extreme Networks, NetApp, Imperva, PineApp, Davolink, Aruba Networks, Siemens Enterprise Communications, Riverbed Technology, etc. Currently, the products and solutions of vendors which actively cooperate with Netwell have been selected by leading industrial, financial and telecommunication companies as well as a range of large state structures. Thorough vendor selection allowed Netwell to form an integrated package of solutions in the field of data sto- rage, network infrastructures and information security structures, optimized with consideration for the Russian market realities.
http://www.headtechnology.com/
Positive Technologies is a leading Russian company in the sphere of information security. The main line of activity constitutes the development of systems for security control and compliance with MaxPatrol standards, as well as XSpider security scanner. XSpider security analysis system has been a recognized leader among network IS audit products for over 10 years in Russia and is used to analyze and control security of corporate resources. MaxPatrol information security monitoring system allows objective evalua-tion of the security condition for both the information system in general and its separate subdivisions, nodes and applications. The mechanisms for penetration testing (Pentest), system checks (Audit) and compliance control (Compliance), combined with the capability for analysis of various operating systems, database management systems and web applications, enable MaxPatrol to provide ongoing technical security audit at all levels of the information system.
http://www.ptsecurity.ru/
http://www.netwell.ru/http://www.imperva.com/
50
PART
NER
SINFORMATION SECURITY 51
Radware is an acknowledged leader in the field of integrated solutions for software deployment, a member of RAD Group, which provides complete accessibility, maximum productivity and absolute safety of business applications for over 10000 enterprises all communication service providers all over the world. A complete software package of APSolute Radware includes applications which combine developed access and security tools and a logical customer interface. Users from any sphere can enhance business efficiency, increase profit and reduce network maintenance and infrastructure costs, making their networks intelligent from the business viewpoint.
SafeLine (SC "Informzashchita") is a leading multivendor distributor of integrated information security and information technology solutions in Russia and the CIS. SafeLine offers a full range of information security products for companies at any level, from small enterprises and remote offices to major companies, service providers and communications operators. Using the products and technologies of key market players, SafeLine offers their unique combination aimed at solving real information security problems. Solutions from SafeLine have are widely applied in the finance, telecommunications and gas industries, as well as in educational and healthcare institutions.
Stonesoft Corporation develops innovative solutions in the sphere of network security and business continuity. Stonesoft offers its clients integrated network security solutions: StoneGate firewall, VPN (Virtual Private Network), IPS (Intrusion Prevention System), SSL VPN, UTM with centralized and unified management system. StoneGate Management Center provides centralized management of all the StoneGate devices as well as collection and management of security events from various network and IT infrastructure devices for subsequent analysis of security incidents. The produc-tion of the above solutions is certified by the national state and industrial regulators, such as FSTEC, FSS, etc.
S-terra CSP is a Russian developer and manufacturer of network information security products. The company’s solutions for virtual private networks (VPN) provide protection of internetworking, wireless and multiservice networks, as well as operational security of remote and mobile users. S-terra CSP is a technology partner of Cisco Systems. The company aims at supplying VPN solutions to the Russian market. The CSP VPN network security product family allows implementing any scenarios of VPN construction. Flexibility is provided due to the use of multiple information security scenarios and the development of individual security policies. The company’s solutions are designed, primarily, for organizations that require reliable protection of VPN connections using Russian cryptography, in particular, for protection of confidential information and personal data.
http://www.radware.com/ http://www.safe-line.ru/
http://www.stonesoft.com/ http://www.s-terra.com/
52
Websense is an acknowledged leader in the sphere of integrated security solutions (web, data and email) as well as solutions providing protection of crucial information in more than 50000 organizations around the world. Websense information security solutions will help organizations to block malicious code, prevent losses of confidential information and provide appropriate use of Internet according to each specific security policy. Websense solutions are based on the innovative ThreatSeeker technology which provides preventive protection from web threats, closing the security gaps that exist despite the installed antivirus solutions and firewalls. ThreatSeeker uses over 100 unique processes for detecting new comprehensive web threats. ThreatSeeker technology forms the basis for all of the Websense security solutions and provides clients with automatic updates with the intervals not exceeding several minutes.
Doctor Web is one of the few antivirus vendors in the world that has its own unique technology for malware detection and treatment, along with its own virus monitoring service and analytical lab. This results in a high speed of response to new virus threats by the company specialists and enables them to provide assistance to clients in solving problems of any complexity within hours. Dr.Web antivirus products have been developed since 1992 and have continually demonstrated excellent results in malware detection, conforming to the global security standards.
ArcSight is a leading provider of solutions in the spheres of security and regulatory compliance management which intelligently identify and mitigate business risks for enterprises, communications operators and government institutions. Developed in compliance with the requirements set forth by geographically distributed and heterogeneous companies and technology infrastructures, ArcSight offers a unified industrial vendor-independent solution for intelligent identification and blocking of most attack types.
Kaspersky Lab is one of the most dynamically growing companies in the field of information security. Years of hard work allowed Kaspersky Lab to become a leader in the development of antivirus products. Antivirus software modules from Kaspersky Lab provide reliable protection of all the potential targets of virus attacks, i.e., workstations, laptops, file and web servers, mail gateways, firewalls, pocket PCs and smartphones. Convenient control tools allow maximum automation of the antivirus protection for computers and corporate networks. Kaspersky Lab offers a wide range of solutions to provide reliable protection against viruses, spam and hacker attacks, taking into account the needs of all the client categories. Kaspersky Lab designs, implements and supports corporate antivirus complexes and information security systems conforming to any specific business requirements of the customers.
http://www.websense.com/ http://www.kaspersky.ru/
http://www.drweb.com/ http://www.arcsight.com/
PART
NER
SINFORMATION SECURITY 53
The Network Integration Department (NID) began
to operate in 1990. Currently, over 300 certified
specialists are developing this line of activity. An
ongoing system of professional development and
trainings in the vendors’ training centers all us to
maintain the highest professional level of our staff.
The Network Integration Department has success-
fully implemented over 2000 large-scale projects. It
boasts over a hundred of industrial solutions for the
oil and gas, banking, industrial and other leading
sectors of economy. A developed service network
represented in all regions of the RF contributes to
the success of NID projects.
SERVICES OFFERED BY THE DEPARTMENT:
Information security
Corporate infrastructure
Data processing centers (DPC)
Engineering infrastructure
Management of IT services
Software licensing
Systems of telephone communication, videoconferencing and multimedia systems
Standard architecture systems
Network solutions
LANIT’S NETWORK INTEGRATION DEPARTMENT
KEY CLIENTS:
Sberbank of Russia, Central Bank of the Russian Federation, Military Insurance Company, Master Bank, JSC "NK
ROSNEFT," "LUKOIL-INFORM" LLC, JSC "TNK-BP Management," Russian Association of Motor Insurers, JSC
"ZhaASO," the Pension Fund of RF, the Federal Treasury, the Supreme Arbitration Court of RF, the Ministry of
Agriculture of RF, the Federal State Statistics Service, Roskosmos, the Ministry of Transport of RF, NIC GLONASS,
Rosgidromet, etc.
54
LANIT – "LAboratory of New Information Techno-
logies" – is the leading multidisciplinary group of IT
companies in Russia and the CIS, which has
celebrated its 20th anniversary in 2009. The group
companies offer a full range of IT services, their
number growing continually due to deployment of
state-of-the-art and the most popular technologies
and solutions.
Presently, LANIT is the largest systems integrator in
Russia and a leading partner of over 200 of major
global high-tech equipment and software solutions
manufacturers. LANIT enterprises boast a steady
and highly professional team totaling more than
5000 people. Many of our employees have
academic degrees. Over 1200 specialists have been
certified by the leading global vendors supplying
high-tech equipment and software.
ABOUT LANIT
105066, Moscow, 5 Dobroslobodskaya St., build. 1tel.: +7 (495) 967-66-50fax: +7 (499) 261-57-81еmail: [email protected]
www.lanit.ru
105066, Moscow, 5 Dobroslobodskaya St., build. 1tel.: +7 (495) 967 66 50fax: +7 (499) 261 57 81
Email: [email protected]
www.lanit.ru