Category:
Management Systems, Intrusion Detection System (IDS)
Modification:
Software
Operating system/
platform:
Linux

ViPNet TIAS (Threat Intelligence Analytics System) is a software appliance for automatic detection of incidents based on information security event analysis.

Of the tens of thousands of events that the intrusion detection sensors register, only a few are actual information security incidents.

ViPNet TIAS automatically analyzes all the events that are received from sensors, determines the event correlation, and identifies the actual relevant threats that form the information security incidents.

ViPNet TIAS automatically detects the information security incidents with a combination of two methods:

  • Signature analysis based on incident detection metarules.
  • A mathematical decision-making model based on statistical threat analysis using machine-learning methods.

Advanced Monitoring experts develop and update the metarule database and the mathematical decision-making model according to the threat data obtained with the attack tool and method analysis — Threat Intelligence.

ViPNet TIAS workflow

  1. ViPNet IDS NS/HS (network and host sensors) collect data from various network devcies and then generate information security events based on this data.
  2. ViPNet TIAS automatically collects event data from network sensors and ViPNet IDS HS servers.
  3. ViPNet TIAS analyzes events using a trained mathematical model and metarules.
  4. As a result of the analysis, the system detects unwanted or unexpected events that have a high probability of causing network failures or posing a security threat, which are then identified as an information security incident.
  5. When detecting an incident, ViPNet TIAS registers it, identifies its related events, supplements them with information from additional sources, and provides mitigation recommendations.
  6. ViPNet TIAS notifies the concerned parties about the incident via Web Access or by email.
  7. The information security specialist investigates incidents and eliminates their causes and consequences in the network.

Advantages

  • Reduction of the average incident detection time from 30 to 2 minutes (x15) as compared to the manual approach.
  • Reduction of IDS operation costs due to reduced load on the maintenance personnel and lower qualification requirements.
  • Simplified response to information security threats due to automatically generated recommendations and automated collection of incident-related events.
  • The ability of remote investigation of information security incidents by qualified analysts from Infotecs.
  • Methodological support and consulting services by Infotecs experts.

ViPNet TIAS helps you to monitor information security threats and promptly react to them in the following cases:

  • A lack of skilled personnel.
  • A lack of time to process each message related to information security events.
  • No available tools to automate the event analysis and threat cause investigation.

With ViPNet TIAS, you can also do the following:

  • Create reports on events and incidents.
  • Download data about incidents involving external systems.
  • Connect additional sources to supplement the event information during the investigation.

Performance

ViPNet TIAS performs the following tasks:

  • Automatically collects event data from the intrusion detection systems (ViPNet IDS).
  • Analyzes incoming events and automatically identifies information security incidents.
  • Notifies the concerned parties about incidents via Web Access and by email.
  • Supplements incident and event information with data from additional sources.
  • Provides a graphical interface for real-time monitoring of information security threats.
  • Provides a graphical interface for the incident investigation analysis.
  • Provides tools for analyzing events and detecting incidents manually.
  • Allows the creation of reports on events and detected incidents.

Models

Specification

ViPNet TIAS 100
  • VMware vSphere 5.0 and later.
  • Oracle VM VirtualBox 4.3 and later.
  • Microsoft Hyper-V 2008 R2 and later.
Maximum Capacities Value
Analyzed events (per second) 300
Analyzed events (per day) 10 million
Quantity of ViPNet IDS NS that can be connected to TIAS 1
Quantity of ViPNet IDS HS that can be connected to TIAS 100
Quantity of ViPNet IDS HS Server that can be connected to TIAS 1
ViPNet TIAS 1000
  • VMware vSphere 5.0 and later.
  • Oracle VM VirtualBox 4.3 and later.
  • Microsoft Hyper-V 2008 R2 and later.
Maximum Capacities Value
Analyzed events (per second) 1 000
Analyzed events (per day) 30 million
Quantity of ViPNet IDS NS that can be connected to TIAS 10
Quantity of ViPNet IDS HS that can be connected to TIAS 1 000
Quantity of ViPNet IDS HS Server that can be connected to TIAS 1
ViPNet TIAS 2000
Maximum Capacities Value
Analyzed events (per second) 2 000
Analyzed events (per day) 62 million
Quantity of ViPNet IDS NS that can be connected to TIAS 20
Quantity of ViPNet IDS HS that can be connected to TIAS 2 000
Quantity of ViPNet IDS HS Server that can be connected to TIAS 2
ViPNet TIAS 5000
  • VMware vSphere 5.0 and later.
  • Oracle VM VirtualBox 4.3 and later.
  • Microsoft Hyper-V 2008 R2 and later.
Maximum Capacities Value
Analyzed events (per second) 5 000
Analyzed events (per day) 104 million
Quantity of ViPNet IDS NS that can be connected to TIAS 50
Quantity of ViPNet IDS HS that can be connected to TIAS 5 000
Quantity of ViPNet IDS HS Server that can be connected to TIAS 5

Product Name

Analyzed events quantity (in 1 second)

Analyzed events performance in GB/s

(per day)

ViPNet IDS NS maximum quantity

ViPNet IDS

HS Server maximum quantity

ViPNet IDS HS maximum quantity

Cisco ASA maximum quantity

Firepower maximum quantity

ViPNet TIAS VA100

300

5

3

1

100

-

-

ViPNet TIAS VA1000

1,000

15

10

1

1,000

10

10

ViPNet TIAS VA2000

2,000

30

20

2

2,000

20

20

ViPNet TIAS VA5000

5,000

30

50

5

5,000

50

50