Sau Viettel và Bkav, Bộ TT&TT công nhận giải pháp chống mã độc của CMC, Veramine đáp ứng yêu cầu kỹ thuật
10 Sep

The list of anti-malware products meeting the technical requirements under the Prime Minister's Directive 14 has just been added with two solutions of CMC and Veramine. Previously, there were two solutions of Bkav and Viettel that were evaluated and recognized by the Ministry of Information and Communications.

Centralized anti-malware solution CMC Malware Detection and Defense is one of two new products added to the List of anti-malware products that meet the technical requirements under Directive 14 (Artwork: cmc.com.vn)

The Ministry of Information and Communications has just updated the List of anti-malware products that meet the technical requirements under the Prime Minister's Directive 14 May 25, 2018, to improve the capacity to prevent and fight against malicious software ( referred to as malicious code).

Accordingly, there are 2 anti-malware products of 2 businesses that have been evaluated and added to the above list by the Ministry of Information and Communications, including: centralized anti-malware solution CMC Malware Detection and Defense (CMDD) of CMC Cyber Security and Security Limited (CMC Cyber Security) and Veramine Advanced Endpoint Security Suite (VAESS), an active detection, response and defense suite of threats on points end in the network system (including servers, workstations) of Veramine Company.

Earlier this year, the Ministry of Information and Communications assessed and recognized two anti-malware products to meet technical requirements under the Prime Minister's Directive 14, including: overall solutions to prevent viruses for human Bkav Endpoint AI of Bkav antivirus software joint stock company; solutions to detect and prevent intentional attacks Endpoint (Viettel Endpoint Detection & Response - VEDR) of Viettel Network Security Company of Viettel Group.

The anti-malware products of Viettel, Bkav, CMC and Veramine have been assessed and certified by the Ministry of Information and Communications to meet the technical requirements under Directive 14, which are products and solutions that meet the specified criteria. at the Prime Minister's Directive 14 on improving malware prevention and control capabilities, which are: having a function to allow centralized management; 24/7 technical support and solutions, able to react promptly in detecting, analyzing and removing malware; can share malware information and statistical data with the technical system of competent authorities, comply with standards, technical regulations and professional guidance of the Ministry of Information and Communications.

With CMC Malware Detection and Defense, one of the two new anti-malware products added to the List, CMC said that this solution was developed on the basis of CMC Internet Security Enterprise (CISE) and is a solution. support agencies and organizations to detect and defend against the threat of malicious code deployed on workstations with centralized monitoring system. Specifically, the solution has outstanding features such as: shielding the protection of personal computers safely from the risk of attacks from malicious code; monitor abnormal activities that may cause harm on computers; detect vulnerabilities, malware and dangerous connections.

At the same time, the active monitoring system from CMC Cyber Security allows to identify and immediately identify risks to customers; support and rescue services to minimize risks to customers when attacks occur; provide information security status reports to customers quickly, promptly and completely.

As for Veramine Advanced Endpoint Security Suite (VAESS) from Veramine, information from Cyberlab - the distributor of this solution in Vietnam, says VAESS has the ability to collect diverse information from the core level. The operating system reaches user sessions to identify any suspicious behavior on endpoints.

The suite of solutions also uses a variety of flexible mechanisms to respond to detected abnormal behavior such as interrupting, pausing processes, sessions or quarantining an endpoint, a process from a connection. network; carry out active defense by creating a trap system for malicious code and hackers on endpoints in order to monitor and prevent the activities of hackers and malicious code on these endpoints.

In addition, VAESS ensures the ability to provide sufficient evidence during the forensics process, as well as adds other advanced features to combat internal threats such as people management. user, data and peripherals.

In particular, VAESS supports a variety of platforms including Windows versions, Linux distributions and will soon be supported on MacOS.

Giải bài toán xây dựng Trung tâm điều hành An ninh mạng cho khối Ngân hàng
10 Sep

Network Security Operations Center (SOC) is a "not strange but still new" concept to agencies and organizations in Vietnam, especially the banking sector. So what is the approach to build an effective SOC, consistent with the process of digital development of Vietnamese Banks?
Network Security Control Center (SOC) - "not strange but still new"

In developed countries in the region such as Japan, Singapore, Hong Kong ... the construction and operation of SOC in order to comprehensively control and improve the defenses of IT systems of organizations have been paid much attention. Since 2004, SOC has now become an integral part of all activities of government organizations, multinational corporations and large banks. According to Gartner's report, by the end of 2019, there will be about 50% of large Asian corporations to implement security management activities through SOC.

Grasping this trend and indispensable demand, from the last 2 years, Vietnamese banks have planned to develop SOC. However, the "not strange" with the concept of SOC can not confirm that the bank is "used to" and knows how to operate a complete SOC. In fact, banks have encountered a number of problems.

Firstly, in terms of technology, some banks have initially invested in network security monitoring systems (SIEM) and purchased equipment and technologies from many different companies, leading to decentralized SOC operation and management. and asynchronous. Continuously updating new attack methods and technologies is also a challenge for non-specialized security units. Secondly, in terms of human resources, banks have begun to focus on full-time personnel, however, encountering difficulties in training and keeping high-quality human resources. Third, the investment budget is too great. It is estimated that the investment costs include SIEM, Forensis, Log / Backup solutions, hardware and monitoring equipment for digital surveys at about US $ 1,300,000. This cost does not include annual operating, troubleshooting and management costs.

Outsourcing SOC services - Effective time, cost savings, optimal resources

According to Mr. Ha The Phuong, Deputy General Director of CMC InfoSec - the construction and development unit of CMC NextGen SOC, when analyzing the development level of SOC, experts will be divided into 6 levels. Specifically: Level 1 - with IT department personnel or software to monitor the security status; Level 2 - partially integrated in Network Operations Center (NOC); Level 3 - there was SOC, technology and reporting operations were separated from the IT department; Level 4 - solve problems on resources (development, analysis, troubleshooting); Level 5 - take control of identified threats; Level 6 - combination of prevention, surveillance, detection, quick response and continuous improvement.

In Vietnam, reaching level 5 existing CMC NextGen SOC. In addition to controlling the identified threats, this center of CMC also integrates artificial intelligence (AI), the first Automation technology in Vietnam and has partners to assist in combating threats. new danger; DevOps team and consultants meet the special needs from organizations and banks.

Therefore, the most reasonable plan for banks at this time is to outsource the SOC service package (SOC-As-a-Service) or if they already have SIEM system, they should cooperate with a service provider. Other SOC (Consultancy) cases - provide advice on management manpower and process instead of developing an internal SOC (In-house SOC). In the case of (Hybrid), when the bank has invested in a technology system, SOC service providers can integrate their own solutions into ensuring compatible operation, offering handling procedures. incidents and providing resources ... However, the best is still the choice to outsource the SOC service package. At that time, the bank would choose the most comprehensive and appropriate service provider, available technology, experts, specialized personnel ... and solve the problem of investment cost when reducing from 6 to 12 times the cost of self-developing the system and minimizing risks when system administration is more centralized.

Based on the reality of consulting and deploying outsourcing SOC services to banks, Mr. Phuong said: “The outsourcing of SOC services is completely consistent with the trend of moving from investment costs to transportation costs. Bankers want to build a sustainable defense system. Not only that, banks will not have difficulty in securing resources when only need a focal point in combination with service provider's reporting, troubleshooting and can still monitor 24/7 ”.