Trusted Access Technologies signed strategic partnership agreement with ITRAMAS.

ITRAMAS, a Malaysian leading technology corporation, will take on Malaysian distribution for Trusted Access Technologies.

ITRAMAS Corporation was represented by CEO Mr. Lee Choo Boo, Head of R&D Dr. Lim Way Foong and Corporate Advisor Mr. Tengku Mahaleel.

“We are very pleased to announce our partnership with ITRAMAS, a corporation that has unique and leading position in Malaysian ICT market. Our cooperation will bring to the region new holistic approach to cybersecurity”, says Anis Khasun, managing director of Trusted Access Technologies.

“Our solutions will help Malaysian government entities and enterprises to protect themselves against sophisticated cyber threats, 0-day attacks, backdoor and supply chain attacks”, he added.

ITRAMAS is a leading Malaysian engineering company in the field of advanced technology. The corporation has extensive experience in implementing large-scale projects in the field of electronic production, cybersecurity and smart city. ITRAMAS cooperates with CyberSecurity Malaysia to ensure the state’s digital independence and cyber sovereignty.

Gartner released a “Market Guide for Cloud Workload Protection Platforms” in the April of 2019. Trusted Access Technologies, formerly Security Code was again mentioned as a representative vendor of security solutions mentioned in the report.

According to Gartner “At YE18, we estimated that the CWPP market was in the range of $600 million to $700 million in revenue with aggregate double-digit year-over-year growth.” (Market Guide for Cloud Workload Protection Platforms, 8 April 2019, ID: G00356240 Page 4).

The analytical company highlights the following trends that have influenced the growth of the market:

• Workloads are being moved from on-premises to public cloud IaaS, and the overall number of IaaS workloads is growing.
• In public cloud IaaS, workload-centric host-based CWPP solutions provide an easier architectural option for enforcing security policy than traditional in-line network-based security controls. Workload-based offerings automatically scale out and back as the number of workloads increases and decreases.
• Likewise, the need for pervasive Secure Sockets Layer/Transport Layer Security (SSL/TLS) decryption and inspection is performed more easily at the host workload where the session is terminated versus having to decrypt traffic in line using “man-in-the-middle” approaches. This is especially true for inspecting traffic that moves laterally east/west from service to service in microservices-based architectures.

The shift to cloud-native application development using container-based application architectures, microservices-based applications and adoption of serverless PaaS will require new CWPP capabilities both in development and at runtime. Cloud-native apps require solutions designed to address the protection requirements of cloud-based systems. (Market Guide for Cloud Workload Protection Platforms, 8 April 2019, ID: G00356240 Page 4)

There are two distinct markets – for agents who are put on servers and protect them (Cloud Workload Protection Platforms (CWPP)) and the adjacent Cloud Security Posture Management (CSPM) market, which is important for the full implementation of a secure cloud.

In this way, CWPP solutions protect servers from within, while CSPM solutions exercise external control over server machines in the cloud.

Source: Gartner, Market Guide for Cloud Workload Protection Platforms, 8 April 2019

The security code’s vGate product can provide CSPMsecurity: delineation of access to virtual machines, network configuration, storage configuration, access rights management virtual environment administrator. As a result, the solution significantly reduces the risks of IB in large virtualization environments.

Together with the Secret Net Studio product, which protects every single virtual machine and falls into the CWPP solution category, they are a holistic solution for the protection of virtual and physical servers. Secret Net Studio is a comprehensive solution to protect workstations and servers at the level of data, applications, network, operating system and peripheral hardware.

Recall that the basis of the platform for server protection is a set of mechanisms, which we talked about last time: the basis is operational hygiene – a set of basic measures that significantly reduce the risks ofIB. configuration and vulnerability management, network traffic filtering, system integrity control, app start-up control, RAM protection, data encryption in IaaS environment, EDR server activity monitoring, system intrusion detection, false vulnerability detection system, signature antivirus.

“We are grateful to Gartner for including us as a representative vendor for the second year in a row. We believe this indicates a continuing high level of confidence of independent analysts in our products and is especially relevant, given our serious actions to enter the international market,” said Andrei Golov, CEO of Security Code.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Find out more

The Security Code is a Russian developer of software and hardware that protects information systems and meets international and industry standards. nine licenses of fsTEK of Russia, the Fsb of Russia and the Ministry of Defense of the Russian Federation. More than 60 valid certificates issued by these authorities confirm the high quality of products and allow them to be used in information systems with the most stringent security requirements. The company’s products are used to protect confidential information, trade secrets, personal data and information that constitutes state secrets.

There are currently more than 400 qualified professionals in the Security Code, many of whom have unique expertise in the development of IB solutions. More than 900 authorized partners of the company supply its products and provide their quality support in all regions of Russia and CIS countries. More than 32,000 government and commercial organizations trust and use Security Code products to protect workstations, servers, virtual infrastructures, mobile devices, and network interactions across all information components Systems.

vGate is an information protection tool designed to ensure the security of virtual infrastructures based on VMware vSphere and Microsoft Hyper-V platforms, as well as the critical task of bringing virtualization infrastructure into line legislation, industry standards and the world’s best practices.

Secret Net Studio is a comprehensive solution for protecting workstations and servers that protects information simultaneously at the data, application, network, operating system, and peripheral equipment level, and enables you to implement centralized management and monitoring of all security mechanisms with the ability to collect, correlate, filter and prioritize information security events. The product is available in two editions: Secret Net Studio – to protect sensitive information and Secret Net Studio – C – to protect state secrets.

Trusted Access took part in GITEX Technology Week 2018, international IT exhibition, which took place in Dubai (UAE) from 14 to 18 October 2018. This ICT and electronics market event is the biggest and the most significant one for the Persian Gulf countries. The exhibition attracted attention of more than 150 thousands visitors and more than 4,5 thousands of companies participated this year.

Continue reading “Trusted Access exhibited at GITEX Technology Week in Dubai”

Research and consulting company Gartner has released its October 2018 report “Market Guide for Information-Centric Endpoint and Mobile Protection”. The “Security Code” was included in the Representative Vendors list.  Our solutions are designed to satisfy requirements listed in the report.

According to Gartner, “Data losses are at an all-time high, and data breaches — both criminal actions and careless accidents — must be prevented by any and all means…  Security and risk management leaders who grapple with endpoint security challenges must accept that astute information protection requires a blending of several methods…  The interconnected world and its increasingly pervasive data-sharing demands will soon force companies to put the solutions together to resolve different aspects of loss.” (Gartner, Market Guide for Information-Centric Endpoint and Mobile Protection, October 15, 2018)

Gartner identifies eight ways to encrypt and protect business information:

1. Preboot OS-level encryption of physical or virtual device
2. Postboot OS file system encryption
3. Container encryption
4. Removable media encryption
5. Data loss prevention controls (DLP)
6. Content collaboration platforms (CCPs)
7. Secure PIM
8. Enterprise digital rights management

Vendors are expanding their products to more completely address these capabilities and reduce information loss and endpoint security risks.

Gartner, Market Guide for Information-Centric Endpoint and Mobile Protection, October 15, 2018

Systems can be protected by Secret Net Studio for Data – information-centric endpoint protection solution. It allows to control sensitive data handling, block access to confidential files, prevent unauthorized printing and moving to the USB-device.

Secret Net Studio offers three protection methods: Container, Data loss prevention controls (DLP) and Enterprise digital rights management.

Gartner defines these methods are described in the following way:

• “Container – files are unreadable without successful login to a protected virtual file system. App access to container and import/export of files may be controlled. Some containers may include DLP features. This method is suitable for shared systems and multiple users. Defense value: Information protection is independent of OS and disk protection, and can be highly portable. Containers can be context-dedicated to specific business processes or act as a broad workspace.
• Data loss prevention controls (DLP) – file transfers can be blocked or processed with encryption based on keywords, user, project and other contexts. This method is suited to context-dependent data protection. Defense value: Data transfer events can be identified and evaluated using business rules and policies.
• Enterprise digital rights management – this method is suited to platform-independent, context-dependent data protection. Files are imbued with persistent protection policies when created, read and updated. The policies can specify access by company, user, project and other details. EDRM can also stipulate limitations on app behavior, such as blocking “save as,” clipboard copying, printing and so on. Defense value: EDRM creates the tightest possible access control relationships between files and apps. Policies can be detailed, and access can be tracked.” (Gartner, Market Guide for Information-Centric Endpoint and Mobile Protection, October 15, 2018)

“We are doing our first steps in the international market so far. And we have to fill our solution with new features and methods of data protection. But we are pleased to know that our current solution that was developed for Russian companies is partially compliant with market demands. It means that the main vectors of data protection are approximately the same in different countries. So far, we are going to develop our solution taking in consideration all the methods of data protection that are required by international market”, – says Dmitry Zryachikh, CTO “Security Code”*.

* About “Security Code” and Trusted Access

Trusted Access is a foreign division of “Security Code”. We have unique security solutions successfully used by more than 32 000 organizations to address any information security issues on workstations, servers, virtual infrastructure and networks. Our products and solutions protect the most critical IT systems.

Company has technical partnerships with Microsoft, VMware, Kaspersky lab, Intel.

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About “Security Code”

“Security Code” has unique security solutions successfully used by more than 32 000 organizations to address any information security issues on workstations, servers, virtual infrastructure and networks. Our products and solutions protect the most critical IT systems.

Company has technical partnerships with Microsoft, VMware, Kaspersky lab, Intel.

Trusted Access, the leading provider in IT infrastructure security solutions, will be exhibiting at GITEX Technology Week in Dubai, 14-18 October 2018. Company stand is SR-B6.

GITEX Technology Week 2018 is the 38th international IT-exhibition in Persian Gulf. It is the largest and most authoritative exhibition of the latest achievements in the field of information and communication technologies and electronics. There are expected more than 150 000 visitors and more than 4500 companies to exhibit this year.

Trusted Access will be introducing its three products:

• vGate – Private cloud security posture management solution. It allows to enhance cloud security and ensure compliance with security regulations beyond virtual machines.
• Secret Net Studio Trusted Environment – Unique pre-OS endpoint security solution. It gives company a way to externally control consistency of standard endpoint protection mechanisms. It cannot be detected and deactivated remotely.
• Secret Net Studio for Data – Information-centric endpoint protection solution. It allows to control sensitive data handling, prevent data leakage and streamline incident investigation process.

“This year will be the second time that we are exhibiting at GITEX. We’ve got a lot of benefits from our first participating in GITEX in 2017. Trusted Access products are represented at the local market for more than a year and they have big success. That is because we offer our customers not just an abstract concept; and not just technology: we bring to the local market the product, which has a long history — dozens of years. Our information security tools are easily deployed and simple to operate. That is why we are exhibiting at GITEX – we want to share information and spread our technologies to the Middle East and Africa regions. Our exclusive distributor in the region is Al Hosani Computer LLC  –  company’s specialists know the market well and are ready to help us with any localization requirements and issues”, – says Andrey Golov, CEO at Trusted Access.

Additional information:

Trusted Access by Security code has unique security solutions successfully used by more than 32 000 organizations to address any information security issues on workstations, servers, virtual infrastructure and networks. Our products and solutions protect the most critical IT systems.

Company has technical partnerships with Microsoft, VMware, Kaspersky lab, Intel.

Security code mentioned in Gartner’s Market Guide for Cloud Workload Protection Platforms.

Research and consulting company Gartner has released its March 2018 report “Market Guide for Cloud Workload Protection Platforms”. “Security Code” was included in the list of the Representative Vendors that offer solutions designed to satisfy one or more of the requirements in the report. The company is the only Russian vendor noted in the report.

According to the report, “Gartner has not yet formally sized the CWPP market, but we estimate it to be between $550 million and $600 million at YE17, and it is growing in double digits.”

The development of the server security market and its dynamics are influenced by several key factors and main are:

• Servers require fundamentally different security measures, while a different approach to security is needed in public clouds.
• Target attacks bypass traditional perimeter protection and signature-based protection. The need to protect against this type of attack has led to several key changes in server security systems:
  • There are protection models that do not rely on signatures.
  • There was a need for isolation, segmentation and transparency of network traffic.
  • Additional behavioral monitoring is required.

The figure below shows recommended order of prioritizing cloud workload protection controls: from the more critical (foundational) elements in the lower part of the pyramid to the less critical ones at the top.

Source: Gartner,     Market Guide for Cloud Workload Protection Platforms, 26 March 2018

The base is operational hygiene, next in ascending order are: hardening, configuration and vulnerability management, network firewalling, segmentation and visibility. At the same time, companies themselves can assess the importance of these measures in different ways depending on specific risk profiles, regulatory requirements or geographical factors.

In Security Code’s product line, there are two solutions that we believe will allow implementation the principles that Gartner analysts write about.

The protection of the system can be realized with the help of Secret Net Studio – an integrated solution for protecting workstations and servers at the level of data, applications, network, operating system and peripheral equipment.

This solution allows you to manage security to protect a hybrid cloud server in the following areas:

• network firewall, segmentation and visibility;
• File integrity control;
• application control / white list;
• protection against exploits / memory protection;
• Intrusion prevention system with protection from vulnerabilities;

However, when migrating to a virtualized infrastructure while providing complete protection, it is necessary not only to protect the virtualized server, but also to control the security of the cloud environment or the virtualization environment. It’s about the set of services that are required to manage and configure virtual machines. For example, access control, network settings, storage settings, and settings for PaaS services. In large cloud environments, the correct configuration of these services can be complex, which will create additional risks for the security of virtual machines and information on them.

The vGate product ensures the security of the virtualized environment. It allows the demarcation access to virtual machines, monitor the activity of virtual environment administrators and security settings of the hypervisor. As a result, the solution significantly reduces the risks of IS in large virtualization environments.

“We are grateful to Gartner for including us in the Market Guide report. We believe this allows us to assess the level of demand for all the lines of our products in new market segments for us and think it contributes to strengthening our own analytical expertise. We feel the inclusion of Security Code as a Representative Vendor for its products we feel indicates a high level of trust. In our opinion, this is especially true, given our serious actions to enter the international market. The development of the company’s business in foreign markets we feel should be successful due to the products we offer,” –  said Andrei Golov, CEO of the Security Code.

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Trusted Access took part in GITEX Technology Week 2018, international IT exhibition, which took place in Dubai (UAE) from 14 to 18 October 2018. This ICT and electronics market event is the biggest and the most significant one for the Persian Gulf countries. The exhibition attracted attention of more than 150 thousands visitors and more than 4,5 thousands of companies participated this year.

Trusted Access introduced export products at GITEX Technology Week: Secret Net Studio and vGate were presented on the company’s stand. Trusted Access experts mentioned company products advantages and information security practice of governmental and commercial organizations.

Due to GDPR which has been applied in May 2018 and expected local personal data protection requirements in the Persian Gulf countries, organizations of the commercial and governmental sector are looking for an appropriate level of protection of personal data operated in information systems. Products of the Trusted Access company absolutely satisfy these challenges.

Visitors of the exhibition were interested in information security technologies development. Trusted Access» stand allowed them to familiarize with new approaches of infrastructure and data security. A special interest of visitors was caused by the fact that Trusted Access products were able to create a trusted environment of the confidential data processing, protect data stored in the virtualization infrastructure and differentiate users’ access to these files.

Trusted Access representatives participated in a row of business meetings and as a result approved pilot projects in UAE, Oman and Pakistan.

Company CEO Andrey Golov and technical director Dmitry Zryachikh took part in press conference, after which «60 mins» magazine published their interview.

«Our products have been introduced on the middle-east market more than a year ago and are in demand. We give our clients not just an abstract conception or technology, but ready-to-use products for the local market. Our information security appliances are easy to install and simple to use. Interest in them was an inherent condition of positive agreements of pilot projects in the Middle East region. We decided to set up an office in Dubai in order to realize these projects in the most accurate way», commented the results of GITEX Technology Week 2018 Andrey Golov, CEO Trusted Access

Trusted Access has unique security products/solutions successfully used by more than 32 000 organizations to address information security issues on workstations, servers, virtual infrastructures, mobile devices and networks. Рroducts and solutions protect the most critical IT governmental systems. Andrey Golov, CEO at Trusted Access – global cyber-security company with headquarters in the UK, spoke to us about the company’s expectations from the promotion of products in the new region.

“Andrey, you are the CEO of an international company with a development center in Russia. Can you tell us, why you’re interested in this region?”

Andrey Golov: “Aspiring to penetrate new markets we start by looking at the problems. There are three factors, which lead us to this decision. Firstly, information is the main and most valuable asset for any organization. Secondly, it so happens that all basic information technologies – hardware, infrastructure software, etc. are produced by a single country – the USA. And thirdly, we constantly hear about the fact that infrastructure software has a large number of vulnerabilities. And these vulnerabilities can be deliberate (the most recent example is the epidemic of the WannaCry virus, which spread to 150 countries because of a vulnerability in OS Windows).

And finally, another important point is the existence of a global system for tracking businesses. Each organization creates its own data, but it is processed by someone else’s instruments. And this data can be potentially accessed by people who have not created it or who don’t have permission to access it. As a result, data is accessed with the owners permission or knowledge.”

“Why are the technologies, which were developed in Russia, able to cope with the problems that you have described?”

Andrey Golov: “The answer is simple: we have lived with these problems for 25 years and have learned to cope with them. Russian developers have created a class of solutions, which they called “imposed security”.

The approach, where a Russian company offers its solutions to foreign markets, has been deployed successfully by many of my compatriots. Our technologies and the level of technical expertise of Russian developers are always highly valued all over the world. However, at the same time we recognize that the level of management, marketing and sales is traditionally stronger in foreign markets.

Why in particular did we chose the Middle East and Africa market? Because Russia in the sphere of foreign policy traditionally stands for a multipolar world. We believe that it is good when the world is multifaceted. With the help of our technologies we give users – data owners – the opportunity to build their own security system that does not depend on IT suppliers. With our help, it is possible to provide protection, which would be separate from the security tools built into the IT-systems and infrastructure software produced in USA. As such, the term ‘imposed security; appeared.”

“How difficult will it be for customers to implement this concept of imposed security? Will it require more time and significant investment?”

Andrey Golov: “We offer our customers not just an abstract concept; and not just technology: we bring to the local market the product, which has a long history – dozens of years. Of course, we have a huge installation base – more than 1 million servers and workstations. We are able to perform mass implementations. Our information security tools are easily deployed and simple to operate. No special training is required for their implementation. The ease of installation confirms the fact that our product is used by organizations from nursery to the largest ministry.”

“Many information security companies, including Russian ones, aspire to trade in the Middle East and Africa. How do you plan to compete with them and with players from other countries who offer similar solutions? How will you convince customers to choose your products?”

Andrey Golov: “We do not compete with any Russian company represented in the region. Moreover, we do not compete and do not intend to compete with global companies. As I have noted, the solution class for Russia is not new but our approach to the global market is new and has no competitors. We offer customers the opportunity to build trusted systems in an untrusted environment.

The question is, “is the local market ready to accept this approach?” If the market says: “We are all friends and we are ready to share our information “, then the class of solutions proposed by us will not be in demand. If the market says: “We have confidential information and it should only belong to us” – then we are ready to provide this need by providing a new class of solutions that is not available in the local market, which nobody right now is producing. We want to give people the opportunity to choose a security system.

Our goal is to protect confidential information. We do not fight against targeted attacks, we do not strive to protect state secrets in this market (for these goals other approaches are needed). We are committed to ensuring that our potential customers can withstand global tracking systems. And at the exhibition we will demonstrate how it works!”

“ALHosani Computer LLC is the company who will be promoting your products in this region. Tell us, how you will build your interaction with them? And what steps should the customer take to purchase your products?”

Andrey Golov: “AlHosani Computer LLC became our exclusive distributor. On this basis, we are planning to establish a call-center which will provide all the necessary support to our customers. We chose AlHosani Computer LLC as an anchor partner in the region, as the company’s specialists know the market well and are ready to help us with any localization requirements and issues. Of course, we will ensure compliance with all key requirements of the market regulators.

I should note that the Middle East and Africa clearly are not the first foreign region for Trusted Access. We have a vast positive experience in adapting our products to local requirements elsewhere. Moreover, adaptation for us is not limited to localization: when entering new markets, we are always ready to make the necessary changes in the logic of our software.”