Continent. Comprehensive network security

HSEC Continent 3.9 by Security Code is a hardware and software encryption system for protecting corporate network infrastructure and generating VPN networks using domestic cryptographic algorithms as per GOST standard. The solution has a wide range of functionality, high reliability and performance, combines easy deployment and maintenance in a single control loop, and minimizes information security risks.

The complex main components

  • Crypto Switch, software-hardware complex (SHC) designed for cryptographic protection of traffic during its transmission at the data link level (makes it possible to create L2 VPN networks);
  • Crypto Gateway, SHC for routing network traffic, firewalling and cryptographic protection of traffic during its transmission at the network level (creation of L3 VPN networks);
  • Attack Detector, SHC for analyzing network traffic, detecting and preventing network attacks;
  • Network Control Center, SHC designed to manage and monitor all components of Continent 3.9;
  • Access Server, SHC for secure connection of remote users;
  • Continent Subscriber Access Point is a client application (VPN client) for secure access to the corporate network from remote employees personal computers and smartphones.

Key features

  • Protection of the corporate data network, including:
    • Protection of the external perimeter;
    • Internal network segmentation;
    • Protection of trunk communication channels;
    • Securing video conferencing traffic;
    • Securing VOIP telephony;
    • Protection of remote access to corporate resources;
    • Protection of communication channels between the primary and backup Data Processing Center;
    • Building GOST VPN over existing VPN network.
  • Network intrusion detection:
    • Combination of signature and heuristic methods of traffic analysis;
    • Registration of information about the attack (attack subject, IP address, port number, attack type, event date and time);
    • Prompt notification of attacks by the Network Control Center (e-mail, notification in the management system console);
    • Automatic updating of the base of decision rules from the Security Code servers (support for the vendor's own laboratory to develop signatures).
  • Support for various network technologies, including IPv6, VLAN, NAT, LACP, WAN/VPN redundancy, etc.;
  • Dynamic routing, traffic prioritization and bandwidth management;
  • Firewalling:
    • Support for SPI (stateful packet inspection) technology;
    • Control of network applications / traffic due to the support of DPI (deep packet inspection—checking and filtering network packets by their content) technology;
    • Inspection inside the SSL tunnel (Secure Sockets Layer, data protection protocol), checking all encrypted streams;
    • Filtering traffic by IP address, group of IP addresses, port numbers, protocol types, client/server, etc.
  • Hardware-accelerated L2 and L3 VPN encryption;
  • Protection of information from unauthorized access: identification, authentication and authorization of users;
  • Centralized network management (CNM), including management of:
    • Network nodes and routing settings;
    • VPN networks;
    • cryptographic keys;
    • SNMP settings;
    • Local administrators / device users.
  • Real-time event monitoring;
  • Uploading security events (alarms) from the complex database to the SIEM (security information and event management) system for in-depth analysis and making effective decisions on information protection;
  • Exporting the complex firewall configuration, generating an XML file and sending it to the Skybox Security server for subsequent vulnerability analysis and modeling of possible attack vectors on the company's IT infrastructure;
  • HSEC Continent is certified under FSTEC's and FSB's regulatory document requirements, can be used as means of protection:
    • Critical information infrastructure facilities;
    • Personal data information systems;
    • State information systems;
    • Automated control systems.

Key benefits

  • Operation in multiservice networks;
  • Wide range of models, flexible equipment configuration options for various customer tasks;
  • Reduced risk of network downtime in abnormal situations and time to resolve problems with SNMP support, centralized collection of debug logs, and uploading security policies to an XML file;
  • High performance of the complex, built-in hardware crypto accelerator with a throughput of up to 20 Gbps and a traffic processing delay of ~ 50 µs;
  • Minimization of the negative impact on the parameters of protected traffic;
  • Reliability of system operation, high level of fault tolerance of the solution:
    • Use of DOM and SSD solid-state memory modules;
    • Reservation of network control centers;
    • Mode of automatic switching to a backup communication channel;
    • Support for high availability clustering for security nodes (CNM, crypto gateways, crypto switches) with automatic configuration synchronization of cluster components;
    • Unattended operation 24/7/365.
  • Reducing administration costs and simplifying network operation due to the CNM with an intuitive interface and remote software updates for all the complex components;
  • Comprehensive solution to diverse network security tasks due to a wide range of equipment functionality, single console and centralized monitoring system management.
Platform

Request more information