INFORMATION SECURITY
CONTENTS
1 2
Information Security Systems (ISS) Competence Center
3
1.1 Main tasks of information security systems competence center
4
Our services
7
2.1 2.2 2.3 2.4 2.5 2.6 2.7
3
4
Information security audit and consulting Implementation of management systems based on ISO/IEC 27001:2005 Development of regulatory and organizational-administrative documentation Ensuring business continuity based on BS 25999/ISO 22301 Personal data protection Consulting of organizations on preparations concerning licensing procedures Organization of certification and attestation procedures for informatization facilities, special studies and special checks of equipment 2.8 Industrial control systems security 2.9 Service Center for Information Security Systems
9 13 16 18 21 23
Our Solutions
30
3.1 3.2 3.3 3.4 3.5 3.6
31 36 38 41 44 46
Network security and VPN solutions Data leak prevention Traffic control and filtering Security Operation Center (SOC) Identity and Access Management (IAM) DDoS detection and countering
Our partners
24 26 29
49
SERVICES
PARTNERS INFORMATION SECURITY SYSTEMS COMPETENCE CENTER
SOLUTIONS
1
In a modern company, information system
secure site for verification of the selected
constitutes an integral part of the business. It
solutions and technologies. Our specialists
always has unique features reflected in the
have professional certificates and significant
company's IT infrastructure. Approbation of
expertise in solving information security
implementation or update of the proposed
tasks of any class. In the lab of the
solutions usually calls for presence of test
Competence Center, we have deployed
zones
or
solutions of our partners in the sphere of
realization of pilot projects on separate
information security: Cisco Systems, Juniper
technological sites of business partners. To
Networks, ArcSight, Stonesoft, Symantec,
solve the above mentioned tasks, the LANIT
EMC,
Competence Center has been created.
Kaspersky Lab, Oracle, S-terra, Infotecs,
LANIT Competence Center concentrates
Positive Technologies, Imperva, Radware,
highly-skilled specialists and provides a
SafeLine, etc.
in
the
information
system
HP,
IBM, Websense,
Blue
Coat,
LANIT SPECIALISTS WILL HELP YOU TO EVALUATE THE FUNCTIONALITIES OF HARDWARE AND SOFTWARE FROM LEADING GLOBAL MANUFACTURERS AND TO DETERMINE THE RIGHT-SIZING FOR IMPLEMENTATION OF INTEGRATED INFORMATION SECURITY SYSTEMS.
INFORMATION SECURITY
3
INFORMATION SECURITY SYSTEMS (ISS) COMPETENCE CENTER
www.lanit.ru
information security systems [ISS] competence center
1.1 MAIN TASKS OF INFORMATION SECURITY SYSTEMS COMPETENCE CENTER WE SOLVE THE FOLLOWING TASKS WHILE PROVIDING TECHNICAL SUPPORT TO USERS OF IT EQUIPMENT AND SOLUTIONS:
Optimizing the customer’s current infrastructure using state-of-the-art technologies
Testing the selected solutions and approbation of the optimal implementation schemes during implementation stage
Main tasks of ISS Competence Center
Providing assistance in the selection of engineering solutions
Development and testing new solutions from leading global manufacturers
INFORMATION SECURITY SYSTEMS (ISS) COMPETENCE CENTER
BENEFITS FOR CUSTOMERS
Saving costs and resources while implementing business tasks Capability for testing solutions without the need to buy demo equipment Capability for involving specialists experienced in the implementation of several solutions in a particular field Cutting the Customer’s expenditures on scaling of the current solution or purchasing of a new one No need to construct or allocate a test zone in the Customer’s own information system
INFORMATION SECURITY
5
6
LANIT, with its staff of highly-skilled professionals, closely follows all changes on the contemporary market of information security products and offers its Customers only the most efficient
2
SERVICES PROVIDED BY LANIT IN THE INFORMATION SECURITY SPHERE: Audit and consulting in the field of information security
and reliable information security solutions.
Implementation of management systems based on ISO/IEC 27001:2005
We provide comprehensive support to those
Development of regulatory, organizational and administrative documentation
choosing the proper information security products. We offer simulation of the required operating conditions for security products and test the critical parameters of the systems used, which allows selecting the optimal solutions for individual Customers. Our experts will select the solution you need
Ensuring business continuity based on BS 25999/ISO 22301 Protection of Personally Identifiable Information (PII) Consulting for organizations preparing to licensing procedures
the operational reliability and convenience of
Organizing certification and attestation procedures for IT Systems, specialized studies and checks of hardware platforms
the selected solution using real infrastructure.
Industrial Control Systems Security
with the best price/quality ratio and will check
INFORMATION SECURITY
7
SERVICES
www.lanit.ru
Offering its services for creation of information
economic efficiency parameters. With our
security systems, LANIT is ready to provide a full
skilled personnel and powerful technical
range of project implementation process steps:
resources, LANIT offers assembly and debug-
we will supply information security software
ging of the information security system compo-
and hardware, provide commissioning and
nents according to the detailed design docu-
setup as well as technical support of the System.
mentation developed, and then provides the
In this process we prefer the manufacturers
Customer with an operational information
whose solutions fully meet not only the techni-
security system based on the results of the
cal requirements, but also conform to the
acceptance tests program.
LANIT HAS UNIQUE EXPERTISE IN IMPORTING, DISTRIBUTION AND TECHNICAL MAINTENANCE OF FOREIGNMADE ENCRYPTION TOOLS IN RUSSIA. LANIT EXECUTES ALL OF THE NECESSARY AUTHORIZATION DOCUMENTS FOR IMPORT OF ENCRYPTION TOOLS IN THE CUSTOMER’S INTERESTS. THIS SERVICE IS POPULAR WITH THE RUSSIAN COMPANIES WHICH NEED TO ORGANIZE EXCHANGE OF CONFIDENTIAL INFORMATION WITH FOREIGN SUBDIVISIONS.
8
2.1 INFORMATION SECURITY AUDIT AND CONSULTING
Transparency of investments and substantiation of the budget allocated for information security (IS) Efficient IS development strategy
LANIT’s fundamental approach to the organization of consulting services in the field of information security provides for active involvement of specialists from the Customer’s
BENEFITS FOR CUSTOMERS
business divisions in the processes of audit, identity the assets within scope of the ISMS, analyse and evaluate the risk and other types of
Seamless integration of IS mechanisms with the Customer’s information system
Information Security activities. As information Business resistance system threats
to
information
benefit to the business, the decisive role in the preparation and decision-making in various security aspects should be played by owners of the Customer's capital assets. To form such a team and prepare it for effective activity, LANIT provides the necessary methodological assistance and respective training for specialists.
Unique methodologies LANIT uses in IS projects offer efficient allocation of the available resources and let us achieve the required result within the shortest time Improved reputation and trust of business partners
INFORMATION SECURITY
SERVICES
security processes are implemented to gain
Information security audit aims at evaluating the efficiency of the information security methods and techniques applied by the Customer and checking compliance with the requirements established in the internal organizational and administrative documents on information security issues. The audit is a comprehensive inspection allowing to evaluate the current level of information security in the organization and to plan subsequent steps aimed at improvement the security level. The audit may be conducted both for the company in general and for specific critical
Analyzing the current organizational and administrative documents on information security issues (by-laws, policies, procedures, regulations, job descriptions, etc.) Evaluating compliance with the requirements set forth in the internal organizational and administrative documents on information security issues Developing a report based on the results of the inspection, including recommendations on enhancing the efficiency of the methods used 2 ANALYSIS OF THE CUSTOMER’S RESOURCE SECURITY AND DEFINITION OF THE MAIN PRINCIPLES OF INFORMATION SECURITY:
information systems or business processes.
Audit of information systems protection from various information security threats
THE FOLLOWING WORKS ARE CARRIED OUT AND TASKS ARE SOLVED DURING THE AUDIT:
Analyzing the possible scenarios for materialization of potential threats associated with the actions of both internal and external violators
1 COLLECTION AND ANALYSIS OF INITIAL DATA ABOUT THE CUSTOMER’S INFORMATION SYSTEMS: Compiling a list of the Customer’s functional subsystems (and information systems), determining their structure and boundaries Determining the information flows
Customer’s
current
Determining the content of the protected information processed in the existing information systems Determining the information security measures and techniques applied
10
Analyzing the efficiency of the information security products currently in use 3 RISK ASSESSMENT: Developing the risk assessment methodology that is suited to the ISMS Develop criteria for accepting risk and identify the acceptable levels of risk Determining the information risks
acceptable
Developing recommendations treatment of risk
level
of
for
the
4 PREPARATION OF REPORT ON THE INFORMATION SECURITY AUDIT, INCLUDING THE FOLLOWING MAIN PROVISIONS: Description (characteristics) of the security facilities, including technological and business parameters, preparation of the list of applicable organizational and administrative documents on information security and the procedures for their implementation Evaluation of the current information security level within the scope of the audit, including analysis of the efficiency of the information security measures applied Recommendations in case improvement of information security
abilities in the information system components which could be used by intruders to organize attacks on the Customer's IT infrastructure. The Customer’s IT infrastructure security audit is conducted by using two mechanisms: scanning vulnerabilities of the internal network using a network scanner and auditing the Customer’s network services accessible from the Internet. During the Customer’s IT infrastructure security audit specialized software products are used, i.e. security scanners. PROCEDURE OF WORKS: 1 Based on the information received about the
To obtain an objective evaluation of security condition in both the Company's overall information system and its specific nodes and applications, and to control Compliance with the standards, the Company should conduct regular systemic checks (Audit) using various penetration testing (Pentest) mechanisms in the existing information system. Active information security audit is usually conducted within the scope of General IS Audit at the stage of technical analysis of the Customer’s IT infrastructure security. The results of active IS audit allow identification of vulner-
facilities subject to vulnerability scanning process, a scanning schedule is prepared and the list of technical methods to be used for analyzing the Customer’s IT infrastructure is defined: Penetration testing allows to evaluate security from the intruder’s viewpoint using specialized current bases and intelligent vulnerability search mechanisms which are as close to real-time intruders as possible. Database security analysis allows obtaining an adequate evaluation of security for all of the popular database management systems (DBMS), including Microsoft SQL Server, MySQL, Oracle, etc. All of the possible DBMS security aspects are evaluated,
INFORMATION SECURITY
11
SERVICES
2.1.1 ACTIVE INFORMATION SECURITY AUDIT
including unauthorized escalation of DB user privileges, installation of false updates, mechanisms for controlling access isolation inside the DB, etc. Web application security analysis allows detecting vulnerabilities in web application development, which can result in materialization of various threat types, including SQL injection, Cross-Site Scripting, etc. System checks use the mechanism of deep inspection of the most common operating systems, such as Windows, Linux and Unix, as well as client applications installed on the above, which are unavailable for evaluation in the penetration testing mode Network scanner allows detecting all of the network nodes, open ports, operating systems and server applications with maximum operational efficiency.
2 Scanning the network perimeter according to the established policies and the schedule. 3
Expert reviews of technical scanning results.
4 Analysis of the information received, determining the possible vulnerabilities. 5 Developing recommendations on remediation of the faults detected. Based on the information obtained, the Customer will receive methodological guidelines and recommendations on the localization, elimination and control of the vulnerabilities detected, as well as the development or update of its organizational-administrative documentation. The recommendations concern both the use of the current products for protection of confidential information at the Customer's disposal and the implementation of additional products.
THE WORK RESULTS IN RECEIVING OBJECTIVE DATA ON THE TECHNICAL SECURITY LEVEL OF THE ANALYZED INFORMATION SYSTEMS, AS WELL AS ON THE VULNERABILITIES, BREACHES AND DEFECTS DETECTED IN THE SECURITY OF THE CUSTOMER'S IT INFRASTRUCTURE RESOURCES. THE DATA OBTAINED WILL ALLOW TO FORMULATE THE LEVELS OF RISKS DETECTED AND TO DETERMINE THE MOST JUSTIFIED SECURITY MEASURES FOR THE ABOVE.
12
2.2 IMPLEMENTATION THE MANAGEMENT SYSTEM BASED ON ISO/IEC 27001:2005 As a certified partner of the British Standards Institution (BSI), which develops international IS management standards, including ISO/IEC 27001:2005, LANIT provides services involving establishment of information security management systems and their preparation to certification audit. A BSI certificate obtained by a company not only serves as recognition of its high level of Information Security organization, but, other terms being equal, constitutes an undeniable competitive advantage over other companies, especially taking into account the
An
organization’s
Information
Security
Management System (ISMS) is based on the international standard ISO/IEC 27001:2005. While constructing its ISMS, an organization can clearly determine how the Information Security processes and subsystems are interrelated in the company, who is responsible for them, what labor and financial resources are required for their efficient implementation and operating, etc.
The main purpose the project of Implementation ISMS constitutes the formation and ongoing maintenance of the conditions in the Company where the risks associated with information assets security are continually controlled and are at the acceptable level of residual risk. In this case, the information assets security is evaluated based on the degree of confidentiality, integrity and accessibility of the information required to implement the primary and the supporting business processes in the Company.
INFORMATION SECURITY
13
SERVICES
present-day steady growth of security threats.
THIS AIM IS ACHIEVED BY SOLVING THE FOLLOWING TASKS: Detecting the key business process which becomes the basis for ISMS activity in the Company Detecting and classifying the Company's information assets Implementing the information security management and assurance processes Implemented the processes for analysis, assessment and handling of information security risks Determining and documenting the main information security requirements and procedures
Evaluating the current administrative measures, technical and physical information security products implemented in the Company Preparing the main organizational-administrative documents taking into account the requirements of ISO/IEC 27001:2005 Implementing programs
training
and
awareness
Compiling recommendations and determining subsequent measures on monitoring, analysis and maintain and improve the implemented ISMS processes in the Company according to the requirements set forth in ISO/IEC 27001:2005 Optimization of information security costs
LANIT PROVIDES FULL RANGE OF CONSULTING SERVICES CONCERNING THE FORMATION OF AN ORGANIZATION’S INFORMATION SECURITY MANAGEMENT SYSTEM, FROM AN IN-DEPTH INVESTIGATION OF THE ORGANIZATION WITH REGARD TO INFORMATION SECURITY TO CERTIFICATION IN THE SYSTEM OF THE BRITISH
STANDARDS
ORGANIZATION.
14
INSTITUTION
(BSI)
OR
ANOTHER
COMPETENT
WHILE CREATING AN EFFICIENT SECURITY SYSTEM, SPECIAL ATTENTION IS PAID TO INTEGRATED APPROACH CONCERNING INFORMATION SECURITY MANAGEMENT. THAT IS WHY MANAGEMENT ELEMENTS ARE NOT LIMITED SOLELY TO TECHNICAL OR SOFTWARE SECURITY PRODUCTS. THE EMPHASIS IS PLACED ON ORGANIZATIONAL PROCEDURES AND PROCESSES AS WELL AS THE OVERALL MANAGEMENT SYSTEM OF THE ORGANIZATION.
To build an integrated ISMS in a Company, attention should be paid to the most critical requirements to the information security management system listed in ISO/IEC 27000:2005:
Planning business continuity (providing protection of critical business processes from failures and disruptions)
Availability of a documented Information Security Policy
Development and support of system and application software (providing information security functions in operating systems and applications)
Compliance with documents and standards (providing compliance with the international and the internal guidelines and standards) Providing information security interaction with external parties
during
Identification and classification of the Company’s assets
Controlling user compliance with the rules set forth in the Information Security Policy Infrastructure management (reducing the risk of system failures, preventing damage to network equipment, control over confidentiality, integrity and accuracy of information during its transmission)
INFORMATION SECURITY
15
SERVICES
Control and monitoring of the possible breaches of the Information Security Policy
Controlling access to information resources and services provided
2.3 DEVELOPMENT OF REGULATORY AND ORGANIZATIONALADMINISTRATIVE DOCUMENTATION During its lifecycle, the Information Security System (ISS) undergoes material changes, developing with time, which requires ongoing
improvement of the organizational-administrative and regulatory documents.
WITH ITS VAST EXPERTISE IN DEVELOPMENT OF THE ABOVE MENTIONED DOCUMENTATION, LANIT IS READY TO OFFER THE SERVICES OF EXPERIENCED SPECIALISTS WHO WILL DEVELOP ORGANIZATIONAL-ADMINISTRATIVE DOCUMENTS, INCLUDING POLICIES ON SPECIFIC AREAS OF ACTIVITY, PROCEDURES, REGULATIONS AND INSTRUCTIONS WHICH, AS A WHOLE, CONSTITUTE A PACKAGE OF DOCUMENTS FOR THE INFORMATION PROTECTION SYSTEM. LANIT PROVIDES CONSULTING SERVICES INVOLVING DEVELOPMENT OF DOCUMENTATION FOR VARIOUS CUSTOMER NEEDS, INCLUDING PREPARATION TO CERTIFICATION AND LICENSING PROCEDURES. The documents are prepared according to the
documents provided by the Federal Service for
requirements set forth in the international standards on IS management and the guideline
Technical and Export Control of Russia and other regulators in the information security field.
16
2.3.1 INFORMATION SECURITY CONCEPT OF THE ORGANIZATION Development of an organization’s Information
2.3.3 INDIVIDUAL INFORMATION SECURITY POLICIES, PROCEDURES, AND INTERACTION REGULATIONS
Security Concept as a systematic description of
Development of individual policies and other
the information security goals and objectives,
documents of level 2 and lower, with a detailed
the main principles of IS system architecture,
description of the information security methods
the organizational, technological and proce-
and techniques, down to instructions for
dural aspects of information security assurance
administrators and users of specific applica-
in the organization’s information and computer
tions.
system. 2.3.2 INFORMATION SECURITY POLICY OF THE ORGANIZATION Development of organization’s Information Security Policy as a top-level document decla-
IS Concept of Organization
ring the main principles of the approach to Information Security Management System.
IS Policy of Organization
Individual IS policies
SERVICES
Procedures, regulations
Instructions
Development of regulatory and organizational-administrative documentation
INFORMATION SECURITY
17
2.4 ENSURING BUSINESS CONTINUITY BASED ON BS 25999/ISO 22301 Ensuring continuity of key business processes which directly affect the company’s ability to produce profit constitutes the most important task of any enterprise. Operational faults cannot be avoided, including in case of natural and technogenic disasters. To reduce the consequences of such faults to a minimum and to minimize the risk of such faults in information systems, various recommendations and methodologies have been developed. The British Standards Institution (BSI) has consolidated the best global recommendations into a single code of practices (Best Practice) in international standard ISO 22301. Business continuity management constitutes a process closely connected to the company’s primary business, in the course of which the strategic and operational system is formed according to the company’s goals aimed at:
18
Ongoing improvement of the organization’s capability for restoration of its primary activity Providing the Company with capabilities for risk management with regard to continuity of the main business processes and protection of the organization’s reputation Providing a practiced method for restoration of the organization’s capability to manufacture its main products or provide primary services BENEFITS FROM IMPLEMENTATION OF AN EFFICIENT BUSINESS CONTINUITY MANAGEMENT PROGRAM IN THE COMPANY: Ability to promptly determine the impact caused by disruptions in the normal course of operations Ability to manage risks A system for effective response to disruptions in the normal course of operation which enables to minimize the impact of such disruptions
Ability to take reliable incident response measures due to drills
Improvement of reputation and acquiring a competitive advantage due to the tested capability to ensure ongoing supply
Ongoing process improvement
Implementation of BCM in the organizational culture
Business Continuity Management System
Interested parties
Interested parties Understanding of the organization’s business
Establishment – PLAN
Development of BCM strategy
Management of BCM program Trainings, Establishinprogram gand impleupdate and menting the BCM monitoring response system
BCM requirements and expectations
Maintain and improve – ACT
Implementation – DO Monitoring and review– CHECK
Managed business continuity ВСМ
Business Continuity lifecycle and PDCA cycle
Within the scope of projects on building and implementation of a business continuity system based on BS 25999/ISO 22301, LANIT offers the following services: Designing fail-safe IT infrastructure functioning schemes and testing theme within the framework of pilot projects
Development of regulatory documentation for switching to backup capacity in case of failures in operation of IT infrastructure Testing the mechanism for switching to backup IT infrastructure capacity in terms of continuity of business processes Formalizing the process ensuring continuity of IT infrastructure operation and implementing the process system for Business Continuity Management (BCM) aimed at protecting the designated key business processes in the Company from unexpected emergencies
Implementation of fail-safe IT infrastructure functioning schemes
INFORMATION SECURITY
19
SERVICES
The Standard introduces the notion of Business Continuity Management System (BCMS). BCMS allows organizing, controlling and improving the overall business continuity management process in the Company.
Within the framework of the project for implementation of business continuity management systems, the following tasks are solved: Analyzing the impact of emergencies on the Company’s key business processes (Business Impact Analysis – BIA) Developing a strategy for continuity of business and IT services
Developing variants for protection of the Company’s information system from emergencies and approving the budget of a dedicated disaster-proof solution Developing incident management plans, Business Continuity Plans, and Disaster Recovery Plans
A formalized method for determining the impact of any disruption in the ordinary course of activities ensuring manufacture of basic products and services in the organization
DUE TO THE ABOVE MENTIONED PROJECTS, THE CUSTOMER ACQUIRES:
Realistic evaluations of the current recovery parameters (Recovery Time Objective - RTO, Recovery Point Objective - RPO) for specific subsystems, infrastructure elements and for the Customer’s inspected infrastructure in general
Identified risks associated with the architecture, implementation peculiarities and practical operation of infrastructure and services which support the key business processes and services of the Company Documented engineering solutions and organizational procedures in the form of a structured Emergency Recovery Plan which provides evaluation of an emergency, its correlation with a certain scenario defined in the above Plan, making decisions on activation of the Plan, control and chronometry of the emergency recovery procedures A ready Testing Program for business continuity management Identified capabilities for improving the current IT service continuity solutions (quick wins) Recommendations on the procedures, terms and man-hours required for training the personnel participating in the processes of implementation of the business continuity management system for the Customer’s organization in general
20
LANIT offers a full range of services to provide compliance with the Requirements of Federal Law of the Russian Federation №152-FZ "On personal data" as of July 27, 2006, which sets forth the main requirements to personal data processing and security procedures. Below are the key stages of works carried out by LANIT specialists while creating a personal data protection system and bringing the Customer's personal data information systems into compliance with the requirements of Federal Law №152-FZ "On personal data:" Stage 1 Audit of Personal Data (PD) handling processes and IT infrastructure: Collection and analysis of source data Separation of PD information flows Categorization of PD Determining the employees involved in PD processing Detecting Personal Data Information Systems (PDIS) Separation of documents regulating PD processing in the Company Determining the current PD protection mechanisms
Stage 2 Analysis of the information collected and preparation of reporting documentation: Agreement with the Customer upon PDIS composition, structure and classes Development of the Threat Model, classification acts, and PDIS Description Preparing a report based on the inspection conducted at the Customer’s facilities Stage 3 Development of organizational-administrative documents to ensure PD security. Stage 4 Creation of the PD protection system: selection of the optimal PDIS security products, development of the technical assignment, design assignment, etc. Stage 5 Supply and startup of PD protection system (including commissioning works). Stage 6 Preparation of PDIS to attestation (if necessary). Stage 7 Preparation to checks by Federal Supervision Agency for Information Technologies and Communications (Roskomnadzor), Federal Service for Technical and Export Control (FSTEC), and Federal Security Service (FSS) of the Russian Federation, conducted with regard to personal data operators.
INFORMATION SECURITY
21
SERVICES
2.5 PERSONAL DATA PROTECTION
In addition to that, LANIT offers the services involving urgent preparation of Customers to checks of PD processing compliance with the requirements of the Russian Federation personal data laws conducted by regulators. Within a period from one to four weeks, LANIT will inspect the Customer’s facilities, develop the necessary organizational-administrative docu-
Inspecting the personal data handling processes and IT infrastructure
ments, provide instruction for users, and will be present during the site inspection by regulators to protect the Customer’s interests. Following the implementation of a complete set of measures for creating the personal data protection system, LANIT will continue its cooperation with the Customer providing full technical support and consulting.
Development of personal data security threat models for each PDIS and PDIS classification
Development of a set of organizational-administrative documents for PD processing and protection
Supply and setup of information security products
Creating a PD protection system
Preparing a report on inspection
PDIS preparation for attestation (if necessary)
PDIS attestation for compliance with the information security requirements (if necessary) or compliance evaluation
Preparation of the Customer to checks by Roskomnadzor, FSTEC, FSS conducted with regard to personal data operators
Support of the personal data protection system
Stages of bringing the personal data information systems into compliance with the requirements of Federal Law № 152-FZ "On personal data"
22
2.6 CONSULTING OF ORGANIZATIONS ON PREPARATIONS CONCERNING LICENSING PROCEDURES According to the Russian laws, certain types of activities require that the company should have the appropriate license.
LANIT PROVIDES CONSULTING SERVICES FOR PREPARATION OF THE REGULATORY-PROCEDURAL AND ORGANIZATIONAL-ADMINISTRATIVE DOCUMENTATION AND CHECKS COMPLIANCE WITH OTHER REQUIREMENTS TO THE LICENSE ESTABLISHED BY INFORMATION SECURITY REGULATORS BASED ON THE LICENSE’S
A license from the FSS of Russia has to be obtained for development, manufacture, technical maintenance and distribution of encryption (cryptographic) tools. A license from the FSTEC of Russia has to be obtained for activities involving technical protection of confidential information. LANIT provides the following services in the course of preparatory works for organizations seeking FSS and FSTEC licenses: Preparation of regulatory-procedural and organizational-administrative documentation
required to pass the licensing procedures Preliminary expert review of the documents prepared to check their compliance with the requirements set forth by the licensing authorities Checking compliance with the requirements to a license applicant, based on its respective activity types, set forth by information security regulators Preparation of recommendations and taking steps aimed at prompt elimination of the detected non-conformities to the licensing requirements
INFORMATION SECURITY
23
SERVICES
RESPECTIVE TYPES OF ACTIVITY.
2.7 ORGANIZATION OF CERTIFICATION AND ATTESTATION PROCEDURES FOR INFORMATION INFRASTRUCTURE, SPECIAL STUDIES AND SPECIAL CHECKS OF EQUIPMENT LANIT provides services involving: Certification tests of information security products for compliance with Guideline Documents of the FSTEC of Russia
2.7.1 ATTESTATION OF INFORMATIZATION FACILITIES Attestation of informatization facilities constitutes a set of organizational and technical
Attestation tests of automated systems for compliance with the Guideline Documents of the FSTEC of Russia
measures which result in verification, by virtue
Special lab tests and equipment checks
forth in the information security standards or
of a special Compliance Certificate, of the facility’s compliance with the requirements set other regulatory and technical documents approved by FSTEC of Russia.
24
INFORMATIZATION FACILITY (IF) CONSTITUTES A SET OF INFORMATION RESOURCES, INFORMATION PROCESSING EQUIPMENT AND SYSTEMS USED ACCORDING TO THE SET INFORMATION TECHNOLOGY, INFORMATIZATION FACILITY UTILITIES, PREMISES OR FACILITIES (BUILDINGS, STRUCTURES, EQUIPMENT) WHERE THE ABOVE ARE INSTALLED, OR PREMISES AND FACILITIES DESIGNATED FOR CONFIDENTIAL NEGOTIATIONS.
An informatization facility with a valid Certifi-
tation with regard to information security
cate of Compliance is entitled to process
requirements includes the following actions:
information with the relevant confidentiality
Preparation to attestation (if necessary)
level within the time period specified in the processing information which constitutes state secrets or confidential information are subject to mandatory attestation.
Preliminary study of the facility subject to attestation Tests of non-certified information security products and systems used at the facility subject to attestation (if necessary)
Attestation provides for comprehensive check (attestation tests) of the protected informatization facility in real-time operating conditions
Developing a Program and Methodology of Attestation Tests
with a view to evaluating compliance of the set
Conducting attestation tests
of security measures and products currently in
Execution, registration and issue of the Certificate of Compliance
use with the required information security level. The procedure for informatization facility attes-
INFORMATION SECURITY
25
SERVICES
Certificate of Compliance. Information facilities
2.8 INDUSTRIAL CONTROL SYSTEMS SECURITY Cyber security of industrial control systems (ICS)
promote connectivity with corporate business
is becoming critical for ensuring efficiency,
systems. But still, most information security risks
continuity and safety of the ICS operation.
remain unaddressed.
Unauthorized access to ICS components,
In most cases, ICS do not provide necessary
network or data may result in serious financial
security mechanisms, such:
issues, loss of production, environmental impacts or direct danger to human life. Initially ICS were isolated, highly specialized systems developed for individual customers. With this approach in place, information security risks had lowest priority. Now ICS are
User, device and node authentication Verification of correct use of communication protocols Integrity of the information and control signals
adopting standard IT solutions such as Internet
Protection from unauthorized access to ICS nodes and communication channels
Protocol and widely used operating systems to
Integrity of ICS software and logic
26
For ICS that are already in-place security mecha-
A wide range of engineering solutions, stand-
nisms have to be integrated into the current
ards, protocols and technical approaches imple-
system as a separate hardware and software. For
mented in various ICS makes it tremendously
the security measures to be efficient, the
difficult to develop universal information
company have to develop a set of internal
security solutions. It also complicates integra-
policies and instructions that determine proper
tion of information security solutions into the
procedures for various security controls and
ICS without interruption of the production
corresponding responsible personnel.
cycle.
LANIT HAS NECESSARY SKILLS AND EXPIRIENCE TO IMPLEMENT WIDE RANGE OF INFORMATION SECURITY SOLUTIONS. LANIT WILL HELP YOU TO CHOOSE APPROPRIATE SOLUTIONS AND PROVIDE SEAMLESS INTEGRATION OF NECES-
We use an integral approach to ICS security,
Firewalls (FW)
providing the information security controls and
Intrusion prevention systems (IPS)
solutions on every level of ICS architecture. Security solution we use are integrated into a
Antivirus solutions and End-point protection systems
unified ICS security operations center. Solutions
Vulnerability management systems (VMS)
we are able to integrate into ICS include (but
Security Information and Event Management (SIEM)
not limited to):
Virtual Private Networks (VPN) Access Control Systems (ACS)
INFORMATION SECURITY
27
SERVICES
SARY SECURITY CONTROLS INTO ICS.
ICS security controls Due to significant consequences of ICS security
security. LANIT will help you evaluate relevant
breach authorized parties including govern-
legal regulatory requirements on ICS security
ment organizations have been developing
and
mandatory standards and requirements on ICS
efficiency.
28
to
implement
them
with
maximal
2.9 SERVICE CENTER FOR INFORMATION SECURITY SYSTEMS
24-hour registration of any Customer queries with regard to the solutions supplied by LANIT's NID Customer site visit services
LANIT Service Center for Information Security Systems offers its Customers a set of services including technical support of software and hardware solutions within the effective period of warranty garanties of information system and component manufacturers, as well as based on separate service agreements.
MAIN BENEFITS RESULTING FROM WORK WITH THE SERVICE CENTER FOR INFORMATION SECURITY SYSTEMS:
SERVICES
The Service Center for Information Security Systems operates based on LANIT's Network Integration Department (NID). The main mission of the Service Center is to support major IT systems or the Customer’s IT systems critical from the security viewpoint, as well as IT systems that are especially complex from service maintenance viewpoint.
Services involving replacement of the Customer’s equipment Providing training to the Customer’s personnel (both in the RF and abroad) Software updates Software testing on the test bench in the Service Center Development and testing of pilot projects Additional set of services ("Extended Support") for solutions that are especially complex from the implementation and support viewpoint
INFORMATION SECURITY
29
LANIT OFFERS A WIDE RANGE OF INFORMATION SECURITY SOLUTIONS: Network security and VPN solutions Data leak prevention Traffic control and filtering Security Operation Center (SOC) Identity and Access Management System (IAM) DDoS detection and countering
30
3.1 NETWORK SECURITY AND VPN SOLUTIONS
3
Solutions for perimeter security, i.e., the level
The above technology solutions are based on the
where the internal network comes into contact
functional basic information security Solutions
with the external public networks, and for data
such as firewalls, intrusion detection and preven-
transmission channels are designated for any
tion Systems, and VPN concentrators.
small, medium and large business organization.
THE ABOVE SECURITY PRODUCTS, PUT TO GOOD USE AND COMBINED WITH THE VAST EXPERTISE OF LANIT SPECIALISTS IN THE FIELD OF NETWORK SECURITY, AND INTERNAL THREATS.
Firewalling systems act as the first security frontier
rules. Such systems allow determining the correct
and are installed on the network boundary. They
structure of incoming packets at application level,
allow control of specific applications at a protocol
which enables them to stop attacks on internal
level, thus providing external information into the
resources.
internal network according to a predefined set of
INFORMATION SECURITY
31
SOLUTIONS
GUARANTEE A HIGH LEVEL PROTECTION OF IT INFRASTRUCTURE FROM EXTERNAL
Intrusion Detection and Prevention Solutions
from public networks, the intrusion detection and
are designed to filter the network traffic and
prevention systems are configured to fight specific
protect the internal network, i.e., servers, network
types of malicious activity critical for the organiza-
equipment and users, from external attacks,
tion, including through the internal network, to
parasitic traffic, etc. Using a combination of
protect the databases and the most important
various counter measures against attacks, includ-
segments of the Company’s IT infrastructure.
ing application signature and behavior analysis, they provide the highest level of malicious activity
Apart from classic firewalls and intrusion preven-
detection. Such systems are installed on commu-
tion systems, the current threats call for the use of
nication channels and operate based on the
specialized Web application and database security
gateway principle – the information that passes
systems. Such solutions enable to check traffic on
through them is "purified" and suitable for safe
the highest possible level, which allows a more
use. Unlike demilitarized zone security systems,
accurate detection and termination of security
which are designed mainly to withstand attacks
threats specific for the given traffic type.
SOLUTIONS OFFERED BY LANIT ALLOW DETECTING WHICH WEB APPLICATION USER MADE THIS OR THAT ALTERATION TO THE DATABASE, THUS ENABLING MUTUAL CORRELATION OF EVENTS. IN ADDITION, THE ABOVE SOLUTIONS BRING THE WEB APPLICATION AND DATABASE SECURITY LEVEL VIRTUALLY TO 100% DUE TO THE DYNAMIC PROFILING TECHNIQUE, WHEN THE SECURITY SYSTEM FORMS A STRICT OPERATIONAL PROFILE OF THE APPLICATION AND SUPPRESSES ANY SUBSEQUENT DEVIATIONS FROM THE NORMAL OPERATING MODE. THEREFORE, EVEN THE APPLICATIONS WHICH CANNOT BE OVERWRITTEN OR CORRECTED CAN BE SECURED.
32
TO IMPLEMENT VPN INFRASTRUCTURE, LANIT OFFERS ITS CUSTOMERS A WIDE RANGE OF DATA ENCRYPTION SOLUTIONS USING BOTH RUSSIAN AND FOREIGN
Wireless Network Security Solutions are also
technologies can be applied. To implement a
aimed at intrusion prevention and internal
secure branch data transmission network, IPSec
network protection. An important peculiarity of
VPN is used, while SSL VPN is used to provide
the above solutions is their objective of detecting
remote access of employees to internal resources.
and suppressing the operation of unauthorized
SSL VPN concentrator provides secure remote
access points - modems, laptops, etc. that consti-
access to the enterprise’s information resources
tute a powerful information leak channel as they
via the SSL VPN channels, which increases the
are usually equipped with independent Internet
overall security level during operation through
connections. As the coverage zone of wireless
open data transmission channels. The use of
access points often extends beyond the control-
national
led zone, cryptographic security methods should
additional assurance in the integrity of the
be used to protect confidential information.
information transmitted. The above solutions
Organization of secure data transmission chan-
operate through the user’s browser, providing
nels constitutes the basic objective of perimeter
convenient and transparent work with the appli-
security tools and is implemented by means of
cations required by the user, without the need to
Virtual Private Network (VPN) technology. In this
install special software on the workstation or
case, depending on objectives, various VPN
laptop.
encryption
algorithms
INFORMATION SECURITY
provides
33
SOLUTIONS
CRYPTOALGORITHMS.
Centralized Perimeter Security Control System
and control over the process of solving the above.
provides the administrator with a single interface
This system allows a material reduction in the
for interaction with the security system. It enables
administration costs of overall infrastructure
centralized collection of logs and security events,
security management.
input of incident data based on the above events
LANIT CUSTOMERS ACQUIRE:
An integrated system for protection of internal infrastructure against external threats Minimization of the probability for unauthorized access to the company’s information resources Increasing customer trust level by creating a trusted data transmission environment both within and beyond the company Providing the required accessibility level for internal resources combined with a high security level Saving financial resources and reduction of administrative expenses to maintain the relevant security level Increasing the overall efficiency of business processes due to high accessibility of resources and mobility of users
34
SOLUTIONS Diagram of perimeter and communication channels security
INFORMATION SECURITY
35
3.2 DATA LEAK PREVENTION ing more complex year by year. Internal informa-
The above mentioned solutions use two main technologies:
tion security policies do not limit the employees’
"Word form" technology which stipulates that
desire to share confidential information with work
critical information messages and confidential
colleagues, friends and employees from other
documents should be included in the data
companies. The growth of information technolo-
bank system using either key words associated
Control of confidential information leaks is grow-
gies contributes to the increase in the number of information leak channels (email, ICQ, Skype, Internet forums, etc.). To efficiently detect and prevent leaks of confidential information, organi-
with the business specifics or based on passport data, contract numbers, words like "confidential," etc.
zations require DLP class solutions (Data Leak
FingerPrint technology allowing to create
Prevention).
digital fingerprints which enable quick identifi-
The contemporary DLP systems allow detecting
cation of critical data banks based on "visual
and preventing data leaks via all technical chan-
resemblance" principle. The technology allows
nels, i.e., proxy servers, mail servers, messenger
processing of any document types, including
channels (including Skype), network printers and
graphical (drawings, images) and audio files
removable media.
(music).
36
THE MAIN BENEFIT OF USING DLP CLASS SOLUTIONS BY LANIT’S CUSTOMERS IS THE PREVENTION OF INFORMATION LEAKS WHICH OFTEN CAUSE DIRECT FINANCIAL LOSSES. THE COMPANY MANAGEMENT CAN OBTAIN INFORMATION ABOUT THE DATABASES EACH EMPLOYEE WORKS WITH. SUBSEQUENTLY, THIS WILL ENABLE ADJUSTMENT OF ACCESS RIGHTS TO THOSE DATABASES AND DETECT INSIDERS,
SOLUTIONS
THUS PREVENTING INFORMATION LEAKS.
Data leak prevention system
INFORMATION SECURITY
37
3.3 TRAFFIC CONTROL AND FILTERING Traffic filtering allows to make decisions regarding
There exists a whole range of methods for
traffic legitimacy based on the analysis of its
evaluating the content of mail traffic:
content and not on the sender’s or recipient’s address. The analysis is generally applied to mail and web traffic. The technique allows a much more flexible and accurate filtering, providing the Company with virtually complete control over employee and server traffic. The content analysis enables to efficiently deal with such corporate network security threats coming from outside as financial fraud ("fishing") and malware penetration, including Trojan horses, worms, rootkits, backdoors, adware, etc. 3.3.1 MAIL TRAFFIC FILTERING This filtering type is traditionally used to detect and block unwanted messages (spam) and penetration of malicious software; however, it can also be used to solve the tasks associated with data leak prevention.
38
Statistical analysis (Bayesian method, etc.) Blocking attachments of certain type Analysis based on the list of key words/phrases and regular expressions Analysis of message headers Heuristic analysis of text (searching for typical patterns of spam messages) Checking the message body and attachments for malicious code Taken as a whole, the above methods allow detection and prevention of unwanted traffic penetration into the organization’s network.
3.3.2 WEB TRAFFIC FILTERING
the process. Thus, not only can administrators ban
Web traffic filtering is designated to solve two
or allow a specific application to be run, but they
main tasks – controlling employee access to
can also allow limited running, i.e., ban access to
unwanted resources and preventing malware
the network or printer, allowing all other
penetration to user computers. Contemporary
functionalities. The dynamic structure of ‘white
filtering tools allow analyzing not only the open
lists’ of the permitted software makes the
protocols (HTTP, FTP, ICQ) but also encrypted ones
administrators’ tasks easier and allows material
(HTTPS and Skype). Web traffic filtering is based on
cutting of costs for list processing.
various criteria (key words, malicious code in bodies of web pages, HTML code anomalies, etc.). Web traffic filtering allows to protect the
3.3.4 INTEGRATED ANTIVIRUS PROTECTION
organization’s network from compromise, and,
The current antivirus systems consist of two
therefore, from financial and goodwill losses, and
components. The first one is the protection of
to save employees’ labor hours.
workstations and is implemented by installing antivirus agents on the users’ workstations. Presently, the agents are usually characterized by
3.3.3 APPLICATION USE CONTROL
multi-functionality: they include virus attack
Uncontrolled installation and startup of software
detection
by employees on their workstations constitutes a
environment controls and authorization tools.
problem for most companies and bears serious
The second component of an up-to-date antivirus
information security risks. In addition, it can result
system constitutes filtering on the level of
in additional problems if users install and use
gateway installed at external information access
illegal software without the knowledge of the
points in the organization’s IT system. This
employer. Application use control systems are
component can also be implemented using two
designed to solve the above problem.
types of solutions: either via a threaded antivirus
Up-to-date systems of the above class allow
gateway or by filtering the incoming information
forming a complete image of the software used in
flow at the application systems level, in the form of
the Company and providing flexible control over
firewalls installed on communication channels.
firewalls,
INFORMATION SECURITY
various
39
IT
SOLUTIONS
systems,
Integrated antivirus protection consists of the
major corporate nodes, such as mail, Web servers
above two components and is usually based on
and user workstations, as well as protection of IT
the whole range of various software and hardware
environment from its user in case the latter is
solutions. The system can provide protection of
infected with malware.
THE ANTIVIRUS PROTECTION SOLUTIONS OFFERED BY LANIT OFFERS THE CUSTOMER SIGNIFICANT SAVINGS OF EXPENSES ON IT INFRASTRUCTURE AS WELL AS ECONOMY OF PROFESSIONAL LABOR HOURS. First of all, the above effect is achieved by neutral-
This enables to reduce the load on users and their
izing a significant amount of virus threats at the
workstations and to eliminate incompatibilities
gateway level. Considering the fact that installa-
between the antivirus and the corporate software.
tion of antivirus agents takes up quite a lot of IT
It should be emphasized that protection of certain
resources (up to 30-40%), this variant of fighting
facilities, including servers, with antivirus agents is
viruses does not seem very efficient. Viruses can
not economically efficient, as it is very expensive
be stopped at the perimeter, on the gateway level.
from the operating viewpoint.
Malicious code
Fishing
Spam
Mail (SMTP, IMAP, POP3)
Internet
IM (ICQ, Skype, Jabber)
Antivirus protection
URLfiltering
MAILfiltering
WEB (HTTP, HTTPS, FTP)
Users
Data control and filtering diagram 40
ÂŤCleanÂť traffic
3.4 SECURITY OPERATION CENTER (SOC)
A Security Operation Center allows centralized information security management in the Customer’s company, which is achieved by regulating the information security threat neutralization mechanisms, a complete and accurate understanding of the condition of the corporate information system and comprehensive monitoring of the security condition of IT services. Organizing a reasonable balance of technologies, processes and human resources, a SOC offers the capability for continual monitoring of the corporate information system, tracking of the security incidents and fast implementation of countermeasures in response to threats.
A Security Operation Center consists of the following basic set of subsystems: Security incident and event management subsystem Security control subsystem Change control subsystem Update management subsystem Reporting subsystem Management subsystem Subsystem for control of regulatory compliance Storage subsystem The main component constitutes the Security Incident and Event Management (SIEM) system. This solution is designed to collect information from all security mechanisms, network devices, servers and employee workstations. The system provides an intelligent mechanism for correlation between events from various sources, which helps detect even the most complex types of attacks, including time-phased ones.
INFORMATION SECURITY
41
SOLUTIONS
Creation of Security Operation Centers is among the most relevant lines of development in the IT industry. Essentially, this is the center for security incidents management which constitutes a single segment for managing all of the security mechanisms as well as the IT infrastructure monitoring.
This is an automated system which enables real-time detection of an attack, determining how critical it is for the IT system at the network administrator’s workstation, and displaying the attack history: its origination, the nodes it affected,
and the damage caused. In this case, both the integrated and the customized event correlation rules can be used, thus providing capability for connection of even unique systems, including those developed by customers.
BENEFITS OF USING THE SOLUTION MANY INFORMATION SECURITY INCIDENTS CAN HARDLY BE ANALYZED "MANUALLY" ESPECIALLY WHEN THE ANALYSIS INVOLVES COMPARISON OF DATA FROM VARIOUS INFORMATION SECURITY SYSTEMS. LET US CONSIDER A VERY SIMPLE SITUATION: AN EMPLOYEE WHO ENTERED THE BUILDING WITHOUT HIS ACCESS PASS LOGS INTO THE IT SYSTEM USING HIS OWN PASSWORD. THIS SITUATION IMMEDIATELY CALLS FOR THE ATTENTION OF A DESIGNATED ADMINISTRATOR. FOR IT SYSTEMS WHICH INCLUDE HUNDREDS OF WORKSTATIONS AUTOMATION OF SIMILAR CONTROL PROCESSES IS VITAL – "MANUAL" CONTROL IN SUCH CASES IS NOT SIMPLY EXPENSIVE, IT IS OFTEN PHYSICALLY IMPOSSIBLE TO IMPLEMENT. Integrated solutions developed by LANIT in the sphere of Information Security and IT monitoring allow: Completing a full cycle of incident response due to integration of monitoring tools in the incident management process A timely response to a detected incident and elimination of its consequences Collection and analysis, within a single system, of all the signals received from the technical monitoring and information security systems Prompt detection of the causes for failures and determining the enterprise’s department responsible for elimination of the above
42
Reducing the time for elimination of defects and the downtime of IT infrastructure Providing capability for retrospective analysis of the security metrics and the information systems operation Long-term storage of information systems statistics Providing uniform reports on the condition of information systems Recording and analyzing failures in the operation of IT infrastructure with a view to its improvement and cost minimization Reducing business losses associated with IT infrastructure downtime
SOLUTIONS Schematic diagram of Security Operation Center (SOC)
INFORMATION SECURITY
43
3.5 IDENTITY AND ACCESS MANAGEMENT (IAM) Identity and Access Management Systems (IAM)
An IAM system enables, based on the developed
are generally popular with organizations with a
role model, to unify the employee access rights to
large number of applied IT products and an
all (including self-designed) information resources
extensive system of user authorization.
in the organization as well as to automate the
The construction of similar systems includes two tasks: Development of a role model according to which access rights for system users will be defined Building an IAM system according to the developed role model
44
processes for granting/revocation of information resource access rights of employees depending on their roles.
SOLUTIONS Identity and Access Management Structure
INFORMATION SECURITY
45
3.6 DDOS DETECTION AND COUNTERING DDoS attacks have long overgrown the ruffian,
them not only to protect their own resources,
often absurd, category and turned into a powerful
providing the required service level and conform-
tool of competitive struggle. Few would be
ing to the Service Level Agreement (SLA), but also
surprised at the fact that a DDoS attack can be
to provide security services for their clients. The
ordered on Ebay for USD 300. In this case, an
advantages of operator-class solutions include
attack can aim either at a separate business
simple integration into the existing IT infrastruc-
resource (Web server, internet portal, virtual shop,
ture due to the capability for "out-of-band" mode
etc.) or at overall data transmission channels – in
installation. In this case, the cleansing system
order to limit or totally block access to the facility
receives only the traffic from the object under
being attacked.
attack, without the need to make prompt changes in traffic routing.
LANIT offers two types of solutions for counter-
2 The second solution involves systems for
ing DDoS attacks:
corporate Customers wishing to protect their IT
1 The first solution includes systems designed
infrastructure from DDoS attacks. These systems
for communications operators. They are the ones
are especially relevant for the business types
suffering most from DDoS attacks, even if their
where a denial of service for clients caused by a
own services are not the object of the attack.
DDoS attack immediately results in significant
Implementation of such solutions will enable
financial losses, i.e., for banks or online shops.
46
TO COUNTER DDOS ATTACKS, LANIT OFFERS SOLUTIONS BASED ON PRODUCTS BY LEADING VENDORS, SUCH AS RADWARE AND ARBOR, WHICH ALLOW SIMULATION OF IT SYSTEM’S OPERATIONAL PROFILES IN THE STANDARD MODE AND, IN CASE OF SERIOUS DEVIATIONS, AUTOMATICALLY DETECT MASS NONSTANDARD REQUESTS AND
SOLUTIONS
REJECT THEM, AS WELL AS OTHER REQUESTS FROM SUSPICIOUS ADDRESSES.
Diagram of DDoS attacks detection and countering
INFORMATION SECURITY
47
48
partners
http://www.symantec.com/
Symantec specializes in security, data storage and system management solutions which help corporate clients and end users to provide security and manage information. Symantec is among the leading suppliers of antivirus solutions, vulnerability control products, software for filtering Internet information resources and solutions for data loss prevention in the process of their storage or use, as well as information security services for enterprises all over the world. The company’s ability to successfully integrate its products enables Symantec to offer best-in-class solutions for millions of corporate and individual customers in more than 50 countries, holding leading positions on the market.
http://www.bsi-russia.ru/
4
http://www.cisco.com/
BSI Management Systems (BSI – British Standards Institution) is a recognized leader in the sphere of management systems certification and a founder of the International Organization for Standardization (ISO), as well as other international organizations and associations. BSI Management Systems offers independent assessment of second and third parties, certification of management systems, and personnel training. All of the above enables its clients to implement the best global methods, technologies and standards in their business, which, in turn, makes them confident competitors under any circumstances. In its work, BSI uses best global practices that add value to the company assisting it in developing its tactics and winning strategy intrinsic to global-level organizations.
Cisco Systems is a recognized leader in network solutions, offering a wide range of information security products from firewalls and attack prevention systems to content supervision, application security tools and personal security systems for servers and workstations. The innovations of Cisco Systems in the security field provide protection of network computers, web and email services. Cisco Systems acquired leading positions and is among leaders not only on the global market, but in Russia and CIS as well, offering email and Internet access security products, Secure Access Control and security management solutions.
INFORMATION SECURITY
49
PARTNERS
www.lanit.ru
our
http://www.headtechnology.com/
Headtechnology is a specialized distributor of information security solutions. Founded in early 2005, headtechnology RU is now a leader on the information security solutions distribution market. The main lines of activity include protection of corporate data from theft and leaks, control of all ports and external devices on the corporate level, protection against unwanted and malicious software, cryptographic protection of laptops, servers, PDA, specific folders and files, corporate email, filtering of web traffic, protection of corporate email from spam and viruses, content filtering of email messages; virtualization of data for management and storage of the continually growing information volumes, profound audit and control of administrators’ work at all levels; real-time network control, NAC; centralized password management; strict authentication systems and tools.
http://www.ptsecurity.ru/ Positive Technologies is a leading Russian company in the sphere of information security. The main line of activity constitutes the development of systems for security control and compliance with MaxPatrol standards, as well as XSpider security scanner. XSpider security analysis system has been a recognized leader among network IS audit products for over 10 years in Russia and is used to analyze and control security of corporate resources. MaxPatrol information security monitoring system allows objective evaluation of the security condition for both the information system in general and its separate subdivisions, nodes and applications. The mechanisms for penetration testing (Pentest), system checks (Audit) and compliance control (Compliance), combined with the capability for analysis of various operating systems, database management systems and web applications, enable MaxPatrol to provide ongoing technical security audit at all levels of the information system.
Protecting the Data That Drives BusinessÂŽ
http://www.imperva.com/
Imperva is a unique developer and manufacturer of products for security of web applications and database management systems (DBMS). A great number of large businesses and state institutions around the world rely on automated, scalable and modern business process-oriented solutions provided by Imperva which are aimed at preventing information theft, data substitution and modification. Imperva’s products allow to solve many pressing problems in the field of information security, to implement the requirements set forth in international standards SOX, PCI and HIPAA, conduct database audit without reducing the efficiency of business tasks performance.
50
http://www.netwell.ru/ Netwell was created in 2003 to distribute on the Russian market the telecommunication equipment and technologies of leading manufacturers, including Juniper Networks, Extreme Networks, NetApp, Imperva, PineApp, Davolink, Aruba Networks, Siemens Enterprise Communications, Riverbed Technology, etc. Currently, the products and solutions of vendors which actively cooperate with Netwell have been selected by leading industrial, financial and telecommunication companies as well as a range of large state structures. Thorough vendor selection allowed Netwell to form an integrated package of solutions in the field of data storage, network infrastructures and information security structures, optimized with consideration for the Russian market realities.
Radware is an acknowledged leader in the field of integrated solutions for software deployment, a member of RAD Group, which provides complete accessibility, maximum productivity and absolute safety of business applications for over 10000 enterprises all communication service providers all over the world. A complete software package of APSolute Radware includes applications which combine developed access and security tools and a logical customer interface. Users from any sphere can enhance business efficiency, increase profit and reduce network maintenance and infrastructure costs, making their networks intelligent from the business viewpoint.
http://www.stonesoft.com/
Stonesoft Corporation develops innovative solutions in the sphere of network security and business continuity. Stonesoft offers its clients integrated network security solutions: StoneGate firewall, VPN (Virtual Private Network), IPS (Intrusion Prevention System), SSL VPN, UTM with centralized and unified management system. StoneGate Management Center provides centralized management of all the StoneGate devices as well as collection and management of security events from various network and IT infrastructure devices for subsequent analysis of security incidents. The production of the above solutions is certified by the national state and industrial regulators, such as FSTEC, FSS, etc.
http://www.safe-line.ru/ SafeLine (SC "Informzashchita") is a leading multivendor distributor of integrated information security and information technology solutions in Russia and the CIS. SafeLine offers a full range of information security products for companies at any level, from small enterprises and remote offices to major companies, service providers and communications operators. Using the products and technologies of key market players, SafeLine offers their unique combination aimed at solving real information security problems. Solutions from SafeLine have are widely applied in the finance, telecommunications and gas industries, as well as in educational and healthcare institutions.
http://www.s-terra.com/ S-terra CSP is a Russian developer and manufacturer of network information security products. The company’s solutions for virtual private networks (VPN) provide protection of internetworking, wireless and multiservice networks, as well as operational security of remote and mobile users. S-terra CSP is a technology partner of Cisco Systems. The company aims at supplying VPN solutions to the Russian market. The CSP VPN network security product family allows implementing any scenarios of VPN construction. Flexibility is provided due to the use of multiple information security scenarios and the development of individual security policies. The company’s solutions are designed, primarily, for organizations that require reliable protection of VPN connections using Russian cryptography, in particular, for protection of confidential information and personal data.
INFORMATION SECURITY
51
PARTNERS
http://www.radware.com/
http://www.websense.com/ Websense is an acknowledged leader in the sphere of integrated security solutions (web, data and email) as well as solutions providing protection of crucial information in more than 50000 organizations around the world. Websense information security solutions will help organizations to block malicious code, prevent losses of confidential information and provide appropriate use of Internet according to each specific security policy. Websense solutions are based on the innovative ThreatSeeker technology which provides preventive protection from web threats, closing the security gaps that exist despite the installed antivirus solutions and firewalls. ThreatSeeker uses over 100 unique processes for detecting new comprehensive web threats. ThreatSeeker technology forms the basis for all of the Websense security solutions and provides clients with automatic updates with the intervals not exceeding several minutes.
http://www.drweb.com/ Doctor Web is one of the few antivirus vendors in the world that has its own unique technology for malware detection and treatment, along with its own virus monitoring service and analytical lab. This results in a high speed of response to new virus threats by the company specialists and enables them to provide assistance to clients in solving problems of any complexity within hours. Dr.Web antivirus products have been developed since 1992 and have continually demonstrated excellent results in malware detection, conforming to the global security standards.
52
http://www.kaspersky.ru/ Kaspersky Lab is one of the most dynamically growing companies in the field of information security. Years of hard work allowed Kaspersky Lab to become a leader in the development of antivirus products. Antivirus software modules from Kaspersky Lab provide reliable protection of all the potential targets of virus attacks, i.e., workstations, laptops, file and web servers, mail gateways, firewalls, pocket PCs and smartphones. Convenient control tools allow maximum automation of the antivirus protection for computers and corporate networks. Kaspersky Lab offers a wide range of solutions to provide reliable protection against viruses, spam and hacker attacks, taking into account the needs of all the client categories. Kaspersky Lab designs, implements and supports corporate antivirus complexes and information security systems conforming to any specific business requirements of the customers.
http://www.arcsight.com/ ArcSight is a leading provider of solutions in the spheres of security and regulatory compliance management which intelligently identify and mitigate business risks for enterprises, communications operators and government institutions. Developed in compliance with the requirements set forth by geographically distributed and heterogeneous companies and technology infrastructures, ArcSight offers a unified industrial vendor-independent solution for intelligent identification and blocking of most attack types.
LANIT’S NETWORK INTEGRATION DEPARTMENT The Network Integration Department (NID) began
SERVICES OFFERED BY THE DEPARTMENT:
to operate in 1990. Currently, over 300 certified
Information security
specialists are developing this line of activity. An
Corporate infrastructure
ongoing system of professional development and trainings in the vendors’ training centers all us to maintain the highest professional level of our staff. The Network Integration Department has successfully implemented over 2000 large-scale projects. It
Data processing centers (DPC) Engineering infrastructure Management of IT services Software licensing
sectors of economy. A developed service network
Standard architecture systems
represented in all regions of the RF contributes to
Network solutions
PARTNERS
oil and gas, banking, industrial and other leading
Systems of telephone communication, videoconferencing and multimedia systems
boasts over a hundred of industrial solutions for the
the success of NID projects. KEY CLIENTS: Sberbank of Russia, Central Bank of the Russian Federation, Military Insurance Company, Master Bank, JSC "NK ROSNEFT," "LUKOIL-INFORM" LLC, JSC "TNK-BP Management," Russian Association of Motor Insurers, JSC "ZhaASO," the Pension Fund of RF, the Federal Treasury, the Supreme Arbitration Court of RF, the Ministry of Agriculture of RF, the Federal State Statistics Service, Roskosmos, the Ministry of Transport of RF, NIC GLONASS, Rosgidromet, etc.
INFORMATION SECURITY
53
ABOUT LANIT LANIT – "LAboratory of New Information Techno-
Presently, LANIT is the largest systems integrator in
logies" – is the leading multidisciplinary group of IT
Russia and a leading partner of over 200 of major
companies in Russia and the CIS, which has
global high-tech equipment and software solutions
celebrated its 20th anniversary in 2009. The group
manufacturers. LANIT enterprises boast a steady
companies offer a full range of IT services, their
and highly professional team totaling more than
number growing continually due to deployment of
5000 people. Many of our employees have
state-of-the-art and the most popular technologies
academic degrees. Over 1200 specialists have been
and solutions.
certified by the leading global vendors supplying high-tech equipment and software.
105066, Moscow, 5 Dobroslobodskaya St., build. 1 tel.: +7 (495) 967-66-50 fax: +7 (499) 261-57-81 еmail: lanit@lanit.ru
www.lanit.ru
54
105066, Moscow, 5 Dobroslobodskaya St., build. 1 tel.: +7 (495) 967 66 50 fax: +7 (499) 261 57 81 Email: lanit@lanit.ru
www.lanit.ru