ViPNet TIAS
-
Category:
- Management Systems, Intrusion Detection System (IDS)
-
MODIFICATION:
- Software
-
OPERATING SYSTEM/
PLATFORM: - Windows
ViPNet TIAS (Threat Intelligence Analytics System) is a software appliance for automatic detection of incidents based on information security event analysis.
Of the tens of thousands of events that the intrusion detection sensors register, only a few are actual information security incidents.
ViPNet TIAS automatically analyzes all the events that are received from sensors, determines the event correlation, and identifies the actual relevant threats that form the information security incidents.
ViPNet TIAS automatically detects the information security incidents with a combination of two methods:
- Signature analysis based on incident detection metarules.
- A mathematical decision-making model based on statistical threat analysis using machine-learning methods.
Advanced Monitoring experts develop and update the metarule database and the mathematical decision-making model according to the threat data obtained with the attack tool and method analysis — Threat Intelligence.
ViPNet TIAS workflow
- ViPNet IDS NS/HS (network and host sensors) collect data from various network devcies and then generate information security events based on this data.
- ViPNet TIAS automatically collects event data from network sensors and ViPNet IDS HS servers.
- ViPNet TIAS analyzes events using a trained mathematical model and metarules.
- As a result of the analysis, the system detects unwanted or unexpected events that have a high probability of causing network failures or posing a security threat, which are then identified as an information security incident.
- When detecting an incident, ViPNet TIAS registers it, identifies its related events, supplements them with information from additional sources, and provides mitigation recommendations.
- ViPNet TIAS notifies the concerned parties about the incident via Web Access or by email.
- The information security specialist investigates incidents and eliminates their causes and consequences in the network.
Advantages
- Reduction of the average incident detection time from 30 to 2 minutes (x15) as compared to the manual approach.
- Reduction of IDS operation costs due to reduced load on the maintenance personnel and lower qualification requirements.
- Simplified response to information security threats due to automatically generated recommendations and automated collection of incident-related events.
- The ability of remote investigation of information security incidents by qualified analysts from Infotecs.
- Methodological support and consulting services by Infotecs experts.
ViPNet TIAS helps you to monitor information security threats and promptly react to them in the following cases:
- A lack of skilled personnel.
- A lack of time to process each message related to information security events.
- No available tools to automate the event analysis and threat cause investigation.
With ViPNet TIAS, you can also do the following:
- Create reports on events and incidents.
- Download data about incidents involving external systems.
- Connect additional sources to supplement the event information during the investigation.
Performance
ViPNet TIAS performs the following tasks:
- Automatically collects event data from the intrusion detection systems (ViPNet IDS).
- Analyzes incoming events and automatically identifies information security incidents.
- Notifies the concerned parties about incidents via Web Access and by email.
- Supplements incident and event information with data from additional sources.
- Provides a graphical interface for real-time monitoring of information security threats.
- Provides a graphical interface for the incident investigation analysis.
- Provides tools for analyzing events and detecting incidents manually.
- Allows the creation of reports on events and detected incidents.
|
Models |
Specification |
|
| ViPNet TIAS 100 |
|
|
| Maximum Capacities | Value | |
| Analyzed events (per second) | 300 | |
| Analyzed events (per day) | 10 million | |
| Quantity of ViPNet IDS NS that can be connected to TIAS | 1 | |
| Quantity of ViPNet IDS HS that can be connected to TIAS | 100 | |
| Quantity of ViPNet IDS HS Server that can be connected to TIAS | 1 | |
| ViPNet TIAS 1000 |
|
|
| Maximum Capacities | Value | |
| Analyzed events (per second) | 1 000 | |
| Analyzed events (per day) | 30 million | |
| Quantity of ViPNet IDS NS that can be connected to TIAS | 10 | |
| Quantity of ViPNet IDS HS that can be connected to TIAS | 1 000 | |
| Quantity of ViPNet IDS HS Server that can be connected to TIAS | 1 | |
| ViPNet TIAS 2000 |
|
|
| Maximum Capacities | Value | |
| Analyzed events (per second) | 2 000 | |
| Analyzed events (per day) | 62 million | |
| Quantity of ViPNet IDS NS that can be connected to TIAS | 20 | |
| Quantity of ViPNet IDS HS that can be connected to TIAS | 2 000 | |
| Quantity of ViPNet IDS HS Server that can be connected to TIAS | 2 | |
| ViPNet TIAS 5000 |
|
|
| Maximum Capacities | Value | |
| Analyzed events (per second) | 5 000 | |
| Analyzed events (per day) | 104 million | |
| Quantity of ViPNet IDS NS that can be connected to TIAS | 50 | |
| Quantity of ViPNet IDS HS that can be connected to TIAS | 5 000 | |
| Quantity of ViPNet IDS HS Server that can be connected to TIAS | 5 | |
|
Product Name |
Analyzed events quantity (in 1 second) |
Analyzed events performance in GB/s (per day) |
ViPNet IDS NS maximum quantity |
ViPNet IDS HS Server maximum quantity |
ViPNet IDS HS maximum quantity |
Cisco ASA maximum quantity |
Firepower maximum quantity |
|
ViPNet TIAS VA100 |
300 |
5 |
3 |
1 |
100 |
- |
- |
|
ViPNet TIAS VA1000 |
1,000 |
15 |
10 |
1 |
1,000 |
10 |
10 |
|
ViPNet TIAS VA2000 |
2,000 |
30 |
20 |
2 |
2,000 |
20 |
20 |
|
ViPNet TIAS VA5000 |
5,000 |
30 |
50 |
5 |
5,000 |
50 |
50 |