Security Vision Specialized platform for automating information security processes

Main article: Security Information and Event Management (SIEM)

2024

Security Vision 5 with the ability to set the background color of the cell when uploading the xlsx report

An updated release of Security Vision 5 has been released. Updates have affected all brand products. The developer announced this on September 18, 2024.

Users have more options to control the display of data through tables and widgets. The wishes of our users in terms of managing the module editor and maintaining the change history were also taken into account:

• added the ability to set the background color of the cell when unloading the xlsx report;
• for the Speedometer widget, added the ability to change widget ranges dynamically (by input parameter, variable) and set the displayed value in the form of text with parameters;
• for the Timeline widget, added the ability to search;
• The ability to select a link type (left join, right join, inner join) has been added for associated widget blocks.
• updated the view editor, added the display of the module in which the data views are edited;
• for transposed matrices in widgets and reports, it became possible to change the width of columns;
• The History data tabs add a page split to show changes to any property.

Updated the appearance and functionality of the connector designer, which allows users to quickly manage data import, launch third-party solutions through integration, objects, directories, alerts and reports. added the ability to delete DP instances;

• the status (on/off) appears in the workflow schedules and report creation schedules tree;
• Added import result output for data loaders
• updated the editor for RP actions "Set Value," "Connector Call," "Create Object," "Create Reference Item," "Process Start," "Add Objects to RP," "Create Alert" and "Create Report";
• Access to the list of running workflows with template filtering
• the functionality of automatic notification in case of connector error is implemented.

General platform updates affected the ability to create direct links to access various data, manage additional localization, clear old data, and transfer data. Also, the latest update allows you to quickly install new modules due to optimization.

• the possibility of adding an additional non-configured locale for the platform is implemented;
• Added access to the alert link
• Added link access to connector commands and connectors
• In Multitenancy object access mode, replacement text is added when the object is not available to the user.
• faster import of the module package, optimized loading steps, which previously spent the most time;
• added the ability to control the automatic cleaning of old data in the built-in chat;
• A new mass operation record type has been added to the audit.
• The Kafka connector has added the ability to transmit key messages;
• AccountInfo synchronization is organized between several WebApis.

Red OS Compatibility 8

Tests of Red Software and Security Vision solutions have been completed. The companies have issued a certificate that confirms the compatibility and correctness of the Security Vision and Red OS 8 information security process automation platform. Both products are certified by FSTEC and are included in the Register of Russian Software of the Ministry of Digital Industry of Russia. Security Vision announced this on September 17, 2024.

We are consistently working to ensure the compatibility of the Security Vision brand products with the solutions of leading domestic vendors, contributing to the treasure in the creation of a global domestic information security ecosystem. Integration with RED OS 8 is another important step in this direction, - said Ruslan Rakhmetov, General Director of Security Vision.

The Security Vision platform will allow RED OS 8 users to implement new practices to ensure information security in their organization. Thank your Security Vision partners for their cooperation. We are pleased to expand the catalog of products compatible with the RED SOFT ecosystem, comprehensive and high-quality solutions from Russian developers, - commented Rustam Rustamov, Deputy General Director of RED SOFT.

Compatibility with Rosa Chrome 12

Security Vision STC IT ROSA The companies have completed comprehensive compatibility testing of their products. Security Vision announced this on August 20, 2024. The result was confirmation of the stable and correct operation of the information security Security Vision process automation platform and, operating system ROSA Chromium 12 designed to equip user workplaces without special requirements for. information security

The combination of Security Vision and ROSA Chrome 12 products will allow customers to form a stable and fault-tolerant infrastructure that is as secure as possible from cyber attacks and malware.

We strive to ensure the compatibility of our products with the maximum number of solutions of leading Russian vendors. This ensures the versatility of the Security Vision brand systems and the possibility of their organic inclusion in even the most complex corporate stack, "said Ruslan Rakhmetov, CEO of Security Vision.

The technological compatibility of our solutions with Security Vision products is an important step towards creating secure and stable IT infrastructures for domestic organizations. This cooperation confirms our general course towards the development and strengthening of domestic technologies, which is especially important in the context of modern information security challenges, - commented Vyacheslav Kadomsky, Director for Strategic Development of ROSA.

Security Vision 5 with the ability to visually distinguish between on and off connectors

On June 25, 2024, Security Vision announced the release of an updated release of the Security Vision 5 platform.

Security Vision 5

According to the company, the updates affected all brand products. The most significant of these are:

Displaying Data and Changing the Interface

Users have more options for managing the display of data through tables, cards, widgets and other objects, and interface changes have taken into account their wishes for easier work with products:

• many editor elements have been redesigned for system object types (availability, population, validation, table view and tree) and for card blocks (widget, history, chat, text and properties);
• redesigned the interface for the action editor, added the ability to set the button color depending on the topic;
• UI/UX of the "Users" section is optimized;
• introduced an editor for versions of workflows (playbooks, life cycles, request processing scenarios, etc., depending on the modules);
• For the Radar, Map and Globe widgets, you have added the ability to display a description for axis labels, as well as specify zero and maximum values ​ ​ on the radial axis and draw arrows on tasks to exclude animation layering;
• for the "Table" widget, the ability to set the width of columns and customize their sorting in related tables has been added;
• a mechanism is provided for displaying tooltips on widgets (when hovering the mouse cursor over it) and "plugs" when displaying empty blocks;
• a dynamic scroll has been added to the Platform menu;
• For the card editor, you have added a pixel step setting (through resizing the grid).

Connectors and Data Management

Integration with any external systems is an important part of the platform's work both when building a single ecosystem within the framework of orchestration and when building response mechanisms. Therefore, some of the updates affected the functionality of connectors and data transformations, which expanded the logic of work and optimized the flexibility of Security Vision products when integrating external systems and during the processing of data from them:

• added visual delimitation of enabled and disabled connectors and display of connector schedule names depending on their status;
• for connectors of type HTTP"" () API and "" File(read/write), the ability to use BZip2 and Tar archives has been added, as well as the selection of a specific file from zip the archive in; HTTP
• for all connectors, the conditions for repeating the step have been updated (if the result is divided into separate events, then check the condition for each event and repeat the step, if at least one has been completed) and the ability to obtain information about connectors in the pool and free ports has been added;
• Updated the logic for updating and applying the Syslog audit log submission settings
• when processing data as a result of parsing, the result of the "Split result by individual events" option for two blocks at the same level is combined into events with variants of all combinations of results;
• Delete options at the beginning and end of the row have been added for the Replace transformation.
• added conversion type - "Remove empty values from multiple"
• for the parsing "JPath" added the ability to get the name of the attribute (parent) and the full path;
• added the ability not only to set a regular expression (transformation) as a fixed value, but also to load it dynamically from properties, variables, etc.

Role model

System owners have more options for managing users and accounting for various changes:

• Added the ability to modify the parent organization in the employee group and user group trees
• Added the ability to specify multiple user groups
• added the ability to prevent users from changing data in profiles;
• redesigned the interface for displaying the history of changes in the card (logging), added the ability to transfer the functionality of exporting/importing audit events to a dedicated service in order to optimize;
• Log log logging has been added to configure the audit log.

Overall Performance and Functional Components

Other significant updates affected the overall performance and function of the functional components:

• The process of removing a large number of objects and reference lines from the portal is optimized.
• updated Angular, Prime NG, amcharts, openlayers, cytoscape, globe.gl, gridster and platform on.NET 8 (including libraries for current versions);
• updated integration service with SUDIR;
• The operation of the filter in the general view of the Tree type is configured;
• introduced changes in work calendars, widget library (selector), data deletion processes and other mass operations in general form "Tree," in the Platform menu and component status monitoring interface;
• added the possibility of full-text search in "Chat" by analogy with the search by actions in "Graphs";
• added the ability to select the encoding of the uploaded file and text separator, as well as when assigning a background color to a document for reports;
• intraportal alerts are able to load object and reference property values.

Security Vision 5 with the ability to move divisions within the organizational structure

An updated release of the version of the Security Vision 5 platform has been released. Updates have affected all brand products. The developer announced this on March 26, 2024.

Using the experience of Security Vision products in the framework of large installations with support for a distributed infrastructure and multi-lease, special attention is paid to the formation and changes in the organizational IT structure: work with large amounts of data of accounts and organizations in multitenancy mode has been accelerated, and for variable perimeters, access models are quickly adapted for new or moved roles.

• With a large number of organizations in the "tree," as well as departments or positions in organizations - they are loaded with parts
• Added ability to move departments within organizational structure (e.g. departments and positions) using a separate button
• The cursor automatically moves to the login entry field, which speeds up user access to data, and an employee without an established role will not be able to log in
• Audit logs now capture user temporary lock events as well as general changes, such as password changes.

Optimized work with data of different formats and their transformation, import and export of data has been expanded with new functionality, including granular configuration of user capabilities and launching a group of actions when a single button is pressed, and the results of actions are sent to the platform chat as separate records.

• New data transformations have been added for processes and variables, such as converting data types and calculating file sizes
• Dynamic content change added for objects during interactive actions
• Full-text search and user filter have been added for reference books, as well as the ability to take into account the case of text when searching (or filtering)
• The Security Vision platform API has support for downloading files from system objects, as well as adding records about the results of the action in the internal chat of the solution
• Added the ability to generally import data from any format in the "Data loaders" section
• To protect privacy, added the ability to prohibit the export of data arrays from table views for users
• The process of deleting a large number of objects and reference lines for authorized roles is optimized. A new activity type has been added to workflow templates, and if duplicated, the error text now displays the object ID and properties that matched
• When activating actions in one button cards, it became possible to set several actions at once (with the ability to search for their groups), as well as display buttons, including if the conditions are not met
• For automatic and manual actions "Call Connector" (integrations), the ability to set the number of retries in case of an error has been added.

Added the ability to apply various widget improvements both for interactive dashboards and inside object cards and uploaded reports. This will simplify the preparation of analytical reports and speed up navigation to find the data that you need to pay attention to first.

• For tables, the ability to customize variables and format columns, as well as customize styles, has been added;
• The Line Plot widget received additional color settings for markers, editing values ​ ​ on scales (for example, only integer values ​ ​ or displaying values ​ ​ from the other side of the line when it goes beyond the grid)
• The Map widget now allows you to set text for objects, in addition to icons and related widgets;
• The widgets "line plot" and "bar chart" allow you to determine the color differentiation depending on the location of the value in a particular range;
• The " Link Graph" has the ability to set a legend (for example, to display tooltips or navigate objects), as well as save the position of the "camera";
• For the editor of object types (table views, cards, etc.) and module sections (cards, permissions to create objects), the interface has been updated;
• You can specify a limit on the number of characters displayed for String properties
• For buttons (actions and transactions), it became possible to edit heights and indents to form storefronts of different compactness.

Updated NCCC Security Vision Module

On March 19, 2024, Security Vision introduced the updated Security Vision module of the NCCC.

NCCC Security Vision

According to the company, NCCC Security Vision is a product that automates and optimizes interaction State with a system for detecting, preventing and eliminating the consequences of computer attacks on information resources RUSSIAN FEDERATION (). State system of detection, prevention and elimination of consequences of computer attacks The system allows you to send real-time notifications about events in (INFORMATION SECURITY National Computer Incident Coordination Centre incidents, attacks and operational attempts vulnerabilities), receive messages from the NCCC about controlled resources of the organization noticed in harmful activity, as well as receive bulletins about current threats and vulnerabilities. The product was developed taking into account all the requirements of GosSOPKA.

NCCSC Security Vision ensures timely notification of the regulator about recorded incidents within the existing infrastructure and taking into account the established deadlines for sending to NCCCC. Due to the integrated resource and service model, which repeats the structure of GosSOPKI assets, the process of creating and sending notifications is as automated as possible. The notification lifecycle is completely the same as the regulator.

The system, within the framework of working with the regulator, allows not only to receive messages from the NCCC about incidents and attacks involving the controlled resources of the organization, which were recorded by the regulator, but also to implement several scenarios for responding to received tasks, taking into account their type and life cycle. When a message is received, the system automatically associates the data provided by the regulator with external IP addresses and public domain names of the organization, displaying the resources of the organization involved in the potential incident. The product allows you to answer the regulator in one click about the success of the investigation of the incident, making a decision about its error, or creating a notification about the incident, vulnerability or attack (in the last scenario, the information security event data cards will be automatically enriched from the original source).

The ability to fully manage the assets and IT objects that must be reported to the regulator in the context of displaying the external contour of the organization has been implemented. It is also possible to maintain reference information on all requested information on critical information infrastructure facilities involved in the incident under investigation.

The product allows you to regularly download bulletins about current vulnerabilities and threats sent by the national coordination center, and keep records of recommended events.

The product includes pre-configured reports that allow you to upload data for both individual incidents and messages, as well as summary reports that show the dynamics of interaction and consolidated information on the processed information. Dashboard displays key information on the status of sending incidents to NCCC and processing messages from NCCC, as well as summary statistics on the received bulletins.

The product natively integrates with all solutions of the Secuerty Vision line, which allows not only to meet the requirements of the regulator, automating interaction with it, but also to build a full-fledged security complex, taking into account all processes and procedures of the SOC center.

Jatoba DBMS Compatibility

and Security Vision Gazinformservice"" confirmed the compatibility of the secure management system databases (DBMS) Jatoba and the automated information security Security Vision platform during comprehensive testing. Gazinformservice announced this on January 17, 2024. More. here

2023

Security Vision 5 with Advanced Internal Audit and Installation Status

On December 6, 2023, an updated release of the current version of the Security Vision 5 platform was released, designed to automate and robotize information security processes. Updates have affected all brand products. The most significant of these are:

The capabilities of internal audit and installation status check are enhanced:

• audit logs have added events for viewing cards of various objects (assets, incidents, events, vulnerabilities, applications, questionnaires, etc.);
• added the ability to configure the list of audited events;
• implemented an updated service for monitoring the own state of implemented solutions.

Thus, the logging capabilities for accounting for changes have been expanded: now not only changes to objects, but also their viewing are taken into account, and a separate dashboard for analytics has been created to visualize the system state using the built-in widget designer.

Additional updates have been implemented to optimize user speed and data security:

• when the authorization page is opened, the cursor automatically moves to the login entry field;
• settings for local accounts have been added to the need to change the password at the first login;
• the password validity period of local accounts can be set unlimited or limited in time.

As a result, the work of users without using the mouse is simplified, and to improve security, more detailed settings of passwords and their validity period are taken into account.

Improved role model and user collaboration:

• account role settings are fixed as system;
• Standard rendering capabilities have been updated for the progress bar output form.
• When mentioned in an internal chat, you have added alert settings for these users.
• user activity in the platform is recorded with visualization both on the user's page and in short/full cards;
• for visibility and availability rules for short/full cards, the ability to set the application limit has been added;
• added permissions to additional configurations: download schedule, data start correlation rules.

As a result, to manage the command, the activity of platform users is now recorded and possible actions for each role are widely configured.

Enhanced options for setting up correlation rules and processing objects and reference books:

• improved rule editor, updated interface;
• Added the ability to create correlation rule condition templates
• the option "Create only events for correlation rules" has been added to the event handler in the action "Create event";
• copying functionality has been added for objects in the platform, which will be useful when creating any own content;
• for reference books, a similar function is implemented - creating a copy of the reference book.

Thus, the built-in correlation engine is strengthened and simplified in use, which allows processing "raw" events and their macro-correlation.

Improved workflow management, the work of connectors to third-party solutions (and between Security Vision installations), as well as object cards:

• a timeout has been added to the runtime schedules for the connectors;
• New data conversions have been added for the variables used (date and time conversion from Windows NT format, SID conversion to string, as applicable for Active Directory data)
• For workflows, you have added the ability to time-delay execution (including processing cycles in workflows) in transactions (manual and automatic).
• For general workflows, you have added the ability to enable or disable the option to display manual transactions, and to select transaction groups to display.
• system objects have expanded options for displaying content in action buttons.

As a result, the processes and actions of the connectors are now time-controlled.

Enhanced data visualization and end-to-end analytics with interactive transitions:

• for a widget of the "Table" type, the ability to transpose (change the matrix with replacing rows and columns) is implemented, which is useful for visualizing any amount of content taking into account its volume;
• Added the ability to save custom column width settings for event tables
• updated the editor with the display of settings in the form of a hierarchy of elements (general view of the "Tree" type);
• a new vector substrate has been developed for the Map widget, which allows you to implement geographical visualization without using external mapping services if necessary;
• added a widget type - "Globe," used to visualize objects and their relationships in a 3D map;
• for classic widgets (line plot, bar chart and radar) added line display and position settings for axes;
• New basic icons have been added to the platform installation, which can be used along with custom and downloadable systems;
• options for displaying content in action buttons are expanded for the object system.

Thus, with the addition of widgets and data display methods, new options have become available for adapting the appearance of object content and properties for any content and creating dashboards for analysts.

Adding Security Vision 5 Platform Capabilities

The release of the current version of the Security Vision 5 platform, designed to automate information security processes, has been released. Updates have affected all brand products. This was announced on September 14, 2023 by Security Vision.

Using the experience of their implementation as part of a single installation (on the same platform with a common database), Security Vision specialists paid special attention to the separation of user capabilities and role model settings:

• Added editors for user groups, employee groups, and company organizational structure
• An organization tree with the number of divisions has been added to the user and employee groups.
• Enhanced filtering for actions with tables, general object type, and interactive role model link graph
• added the ability to determine users' access to certain specified reports in the report library;
• For transformations within activities, you have added the ability to apply a work calendar (for example, when calculating SLAs and planning leave for employees working in the platform).

As a result, the Security Vision platform retains possible relationships for any objects (IT assets, incidents, vulnerabilities, risk register, indicators of compromise and attacks, etc.), and visibility and action capabilities for different roles can be configured granularly for any number of users.

The functionality of uploading data from the system has been improved:

• Added import/export capabilities for system events (together with the module and separately)
• dynamic upload of objects in.xlsx and.csv formats is organized, depending on the filter specified in the view by objects and on the columns specified by the user.

Added the ability to dynamically change content:

• For the object card (during interactive user interaction)
• For table view (automatic update of rows when object card is closed and focus is changed)

This made it possible to speed up the process of updating data on any objects both within the framework of work within the platform and when exporting to alienated files. To log actions, there is also a system notification for the user to view the card of any object.

Simplifies the availability of data on individual objects and workflows:

• added the ability to open the object card by direct link (without specifying a specific view id);
• the selection type (Initiator Objects) has been added to the additional filter of the process input parameter (Object Reference).

When the process is called from the card, only objects relative to the parent card will be available, not all system objects of the specified type.

The functionality of working with third-party solutions using connectors has been expanded:

• for the Mail connector, the ability to parse nested emails in.eml format upon receipt has been added;
• for the HTTP connector (API), the ability to select the protocol security of the connection has been added;
• workflow actions ("Connector Call") have been added with the ability to change the order in which connector commands are executed if more than one is specified.

As a result, it became possible to configure the actions to be performed and their order in more detail.

Enhanced visualization and analytics capabilities:

• The column adds the ability to update icons, colors, fonts and values ​ ​ of the associated property when performing automatic actions or manual transactions.
• in workflows for the Formula transformation type, added functions that output the value encountered in the processed set most or least times;
• added widget type - Radar.

2022

  Smart Monitor Platform Compatibility

The Russian developers of software solutions in the field of comprehensive monitoring information security VolgaBlob Security Vision and confirmed the compatibility of their products - the Security Smart Monitor information Vision platform and the automated security platform - during the comprehensive. This was testings announced by Security Vision on December 26, 2022. More. here

Security Vision 5 - winner in the nomination "Information Security Solution of the Year in Russia" TAdviser IT Prize

The Security Vision 5 platform, which allows you to robotize up to 95% of the functions of an information security operator, became the winner in the nomination "Information Security Solution of the Year in Russia" Awards in the field of information technology in the corporate sector TAdviser IT Prize 2022. The award was held on November 29, 2022 at the TAdviser SummIT site .

Compatible with Xello Deception

Xello, the developer of the Russian DDP (Distributed Deception Platform) Xello Deception platform, designed to provide information protection for businesses against targeted cyber attacks, and the Intelligent Security Vision company, which develops advanced Russian solutions in the field of information security process management and automation, have entered into a partnership agreement. This was announced by Xello on September 19, 2022. Read more here.

Integration with the RST Cloud platform

RST Cloud and Security Vision combined expertise to investigate and respond to cybersecurity incidents. Security Vision announced this on September 15, 2022.

The integration of RST Cloud and Security Vision products will allow customers to use an expanded, up-to-date database of indicators based on more than 260 open sources in cyber intelligence and incident management processes.

The main advantages of integration:

• Security Vision users will now receive processed data from both well-known and highly specialized unstructured sources (such as open reports on malware and groupings).
• Complex sources of compromise indicators such as Twitter, Github and Pastebin will be added to the work of SOCa line operators, which will ensure the relevance of "day to day" and the maximum speed of the preventive response.
• In addition to systematizing heterogeneous and difficult to access information, with the participation of the RST Cloud expertise, the Security Vision platform will be enriched with an additional context with reliability and criticality assessments, which will allow you to more accurately and quickly make operational response decisions.

The use of open sources of TI is necessary in the work, since in fact this gives access to a huge useful array of data on current threats. But working with open unstructured sources is hampered by the need for time-consuming data processing. It is this main task that the RST Cloud platform solves, giving its customers a processed and filtered array of data on compromise indicators in a readable format both for any means of protection and for a specific expert. At the same time, in addition, the data goes through enrichment and the procedure for calculating the level of danger (scoring), thus significantly reducing the time and cost of working with incidents for the Incident Response team and other Threat Intelligence participants, "said Anna Mikhailova, director of business development at RST Cloud.

The RST Cloud platform provides extensive information on the latest threats online. The integration of RST Cloud and Security Vision systems will allow our customers to develop a more complete understanding of the current threat landscape and ensure their prompt detection and investigation. This is undoubtedly an important step both in strengthening the information security of Security Vision users and in the formation of a domestic information security ecosystem - a process that we strive to promote in every possible way, "said Anna Oleinikova, Security Vision Product Director.

Security Vision 5 certified by the OAC of Belarus

In September 2022, it became known that the Security Vision platform was certified for compliance with the requirements of technical regulations (TR 2013/027/BY) at the Operational and Analytical Center under the President of the Republic of Belarus. The OAC certificate makes the Security Vision platform and products based on it available for use not only by commercial companies, but also by government agencies of the Republic.

The certificate for compliance of information protection tools with the requirements of TP 2013/027/BY confirms that the Security Vision platform provides:

• performance of the functions stated in the operational documentation;
• protection against unauthorized disclosure and/or modification of critical parameters;
• monitoring of configuration integrity;
• self-testing;
• control of access to control functions and settings;
• maintaining health when processing incorrect data.

Security Vision has a successful experience of implementations in the Republic of Belarus, - said Ruslan Rakhmetov, General Director of Security Vision. - Obtaining an OAC certificate opens up the possibility of using products on the territory of the Republic to ensure information security of a large number of organizations, which in the current realities is a particularly urgent task.

Certification extends the scope of information protection, especially enterprise-class solutions. In addition, it is always pleasant to help bring to our market, the Republic of Belarus, new classes of solutions in the field of information protection, such as the Security Vision security platform, - said Sergey Stetsyuk, head of the testing laboratory of Security Lab LLC, which conducted the tests.

The certificate of conformity is registered in the registry under the number BY/112 02.02. TR027 on August 036.01,00492,5, 2022.

Release of Updated NCCC Interface Module

The company Security Vision announced on September 1, 2022 the release of an updated interaction module with. The NCCCI interaction module with the NCCC of the Security Vision 5 platform is a means of ensuring automated information exchange between organizations and. about for state system for detection, prevention and elimination of consequences of computer attacks (State system of detection, prevention and elimination of consequences of computer attacks) Informing State system of detection, prevention and elimination of consequences of computer attacks cyber incidents several years already mandatory for subjects. In critical information infrastructure (CII) September 2022, the Federal Law of 14.07.2022 No. 266-FZ comes into force, which makes interaction with State system of detection, prevention and elimination of consequences of computer attacks mandatory for personal operators. data

The Security Vision 5 platform implements the exchange of information between organizations and State system of detection, prevention and elimination of consequences of computer attacks by connecting them to the technical infrastructure of the National Coordination Center for Computer Incidents (NCCCA). The use of the NCCC Interface Module allows organizations to fully comply with regulatory requirements and promptly share information on incidents and security threats on a two-way basis.

The main capabilities provided by the NCCC interaction module on the Security Vision 5 platform:

• Notifications of threats and vulnerabilities are received from the NCCC portal automatically according to customizable schedules;
• Notification of incidents, attacks and vulnerabilities from the Security Vision platform is sent through separate entities called "Sending to NCCC";
• Depending on the selected category and type of information security event, the card offers for filling in the corresponding sets of additional fields in the tabs of technical and basic information;
• The card "Sending to NCCC" also provides the possibility of receiving and sending comments on the relevant notifications;
• The History tab is also available, reflecting all data changes in the card during its existence in the system.

RedCheck Compatibility

and AltexSoft Security Vision confirmed the compatibility of the Security and Compliance Analysis Tool information security RedCheck software suite and the automated Security Vision information security platform during comprehensive testing. Security Vision announced this on August 17, 2022. More. here

Compatibility with Kaspersky Unified Monitoring and Analysis Platform (KUMA)

Kaspersky Lab and Security Vision have confirmed the compatibility of the SIEM system of Kaspersky Unified Monitoring and Analysis Platform (KUMA) and the automated information security platform Security Vision during comprehensive testing. This was announced by Kaspersky Lab on July 27, 2022. Read more here.

Compatibility with Alt 8 SP and Alt Server 10

On July 12, 2022, the Russian company Intellectual Security announced that it had confirmed the compatibility of its software products together with BASEALT. The created software package will help organizations seriously strengthen the protection of their information systems, fulfill the requirements of the FSTEC of Russia for the security of digital infrastructure and automate routine processes for the prevention and processing of incidents.

Our company gives high priority to the protection of IT infrastructures built on the basis of Alt operating systems, - said Sergey Trandin, General Director of BASEALT. - Together with colleagues from Intellectual Security, we have created and will develop a software stack for building a digital environment for which security is a natural and integral property. Organizations and enterprises will be able to transfer their IT infrastructures to Russian software, reliably protecting them from external intrusions.

Security Vision and BASEALT conducted test tests of the joint operation of the automated information security platform Security Vision with the Alt 8 SP and Alt Server 10 operating systems. The test results are reflected in a two-sided certificate of compatibility.

Ensuring technological compatibility of domestic products is another contribution to increasing the security of information assets of Russian enterprises, as well as to the formation of an import-independent ecosystem. cyber security We are actively working to build technological partnerships with leading Russian vendors, "said Security Vision CEO. Ruslan Rakhmetov

Tests of the joint operation of the information security vision automated platform running the Alt 8 SP and Alt Server 10 operating systems were carried out in the following test configurations:

• Security Vision: Center for Intelligent Information Security Monitoring and Management (v. 5.x and above);
• Security Vision SOC (v. 5.x and higher);
• Security Vision IRP (v. 5.x and higher);
• Security Vision SOAR (v. 5.x and higher);
• Security Vision CRS (v. 5.x and higher);
• Security Vision SGRC/A-SGRC (v. 5.x and above);
• Security Vision CII (v. 5.x and higher).

Vulnerability Management Module

Security Vision on May 19, 2022 announced the release of the Vulnerability Management module.

When creating the module, Security Vision experts tried to think over all the bottlenecks and blind spots that information security specialists have in order to ensure that the process of analysis, enrichment and communication with other departments is transparent, convenient and as automated as possible. The most significant functions are:

In the Security Vision platform, within the framework of the asset classification process, the business owner of systems and the technical administrator set permissible scan ranges for the system, within which the vulnerability detection process should be carried out. Each scan task for each server is available for subsequent analysis if a negative effect is detected on the systems. An engineer in a matter of minutes will be able to tell when exactly with what policy and with what errors the task of scanning on a specific equipment or workstation began and ended.

As a unit of accounting, the Vulnerability Management module uses the universal vulnerability identifier CVE or NOS FSTEC, and, only in their absence, their own scanner identifiers. Thanks to built-in to base knowledge and external analytical services, each of the vulnerabilities not only has specific, specific permanent and temporary characteristics of CVSS, but also information constantly updated from external sources about the presence of exploits, references in well-known computer attacks and frameworks, hackers as well as ways to eliminate and compensating measures.

The process of eliminating vulnerabilities and interacting with IT departments as the main object operates on the actual technical task of elimination, that is, updating or compensating measure. Such requests are generated automatically based on the Elimination Policy. Applications that comply with the specified policy can be automatically translated into the external IT system of applications. Security Vision supports two-way interaction with many modern ticketing systems, so that their integration will not be difficult, and the statuses updated in one of the systems will be automatically updated in another. Thanks to these policies, cybersecurity specialists can create criteria by which a process of not only regular, but also emergency elimination will be formed, if an update is required for critical assets, which, from the point of view of network topology, have access to a large number of users. Similarly, you can build applications for testing.

To make it easier to work with a large number of requests, decisions and compensatory measures can be automatically copied to similar requests for elimination.

The module supports the main formats of manufacturers' bulletins, such as CVRF and OVAL. The bulletins contain not only lists of vulnerabilities and updates, but also specific technical recommendations for additional configuration, as well as mitigation of vulnerabilities, both in the field of advanced logging, and direct measures to reduce or eliminate the attack surface without applying updates.

The role model in the Security Vision platform allows you to not only restrict viewing and editing access to certain objects. It forms for each participant of the process, depending on his role, his own presentation of information, his own showcase, in which only the necessary information is available, and the focus of attention is focused on those aspects that are necessary within the framework of the function and competence of the employee.

Asset Management and Inventory Module

On March 1, 2022, Intelligent Security announced that it had released the Asset Management and Inventory module on the Security Vision platform. Read more here.

2021: Security Vision version 5.0.0

GK "Intelligent Security" (Security Vision brand) May 17, 2021 introduced version 5.0.0 of the Security Vision platform. The changes affected many aspects, from design and architecture to filling modules and principles of working with. data However, the overall approach remained unchanged: Security Vision is a process automation and orchestration platform, the information security flexibility of which allows you to optimize almost any area of ​ ​ information security. Regardless of the selected functional modules (,), IRP/SOAR SGRC the product changes the paradigm of umbrella solutions, opening up a wide range of opportunities, the company noted.

The most significant updates are:

Design and User Interaction

• The user interface has become even more friendly, there is the possibility of choosing a dark or light theme, as well as support for several languages.
• Quick filtering and end-to-end search functions for all objects have appeared.
• Controls are now fully functional on mobile devices and tablets.

Workflows

• Now the objects in the system are not limited to only one workflow, and this removes all restrictions on the potential for accounting and automation. The same object, such as the Technical Tool, can now have independent analysis and processing cycles in the Inventory, Risk Assessment, and Incident Investigation modules.
• Workflows can now either start when a trigger occurs as an event or be generated by another workflow, or start at the command of the task scheduler on a regular basis.
• Collaboration and testing of workflows have become much more convenient due to the emergence of versionality.

Custom Modules and Storefronts

Data from asset inventory and incident handling is seamlessly available for risk or audit. However, the system now provides its own user showcase to each user.

Object Card Designer

Now all the features of the card editor, such as creating tabs, graphical selection, various forms of input and presentation of information are available in the No-Code designer. Already at the stage of creating system objects, the user can set templates for auto-filling information, create rules for input based on directories or regular expressions, and specify fields for deduplication.

Integration

• Now the authorization parameters received on one service can be used to obtain data and execute commands on another.
• Integrations support both process and microservice startup capabilities. The first is saved for greater speed and compatibility with built-in authentication mechanisms. Containers, on the fly, allow you to use intermediate data processing services.

Incidents

• It became possible to call manual operations not only from the full incident card, but also from a short and even from a table view.
• An automatic summary on the solution of similar incidents has become available, based on the Knowledge Base and solutions.
• Assigning incidents to an available employee can now be done based on their current workload and required skills.
• Various types of timers are integrated in the cards, allowing both calculation of processing efficiency and automatic escalation when the agreed service level is overdue.
• It became possible to embed graphic widgets in incident cards for more in-depth analysis.
• The ability to work with compromise indicators has been expanded.
• Added the ability to analyze related incidents, compromise indicators, investigator reports and data from enrichment platforms directly from the incident card.

Asset inventory

• There is support for virtualization tools such as VMware and Hyper-V.
• Inventory of distributed divisions and subsidiaries is now available through the Configuration and Connector Managers engine.
• A full-fledged toolkit for setting and deregistering assets within their life cycle has appeared.
• All changes to asset states as well as data sources are available in the History tab.

Vulnerabilities

• The Vulnerabilities module of the Security Vision platform allows you to consolidate information from existing scanners vulnerabilities, update management platforms and other data collection and analysis products, in particular with. SkyBox
• The user has access to analytical summaries from Vulners.com, AttackerKB, VulDB and other commercial and free sources.
• The vulnerability card can now be provided with information about the availability of Internet exploits in the PoC network, as well as a link to it, the estimated cost of developing an exploit on the black market and its current demand among cybercriminals.
• The user can independently select a vulnerability assessment policy using any available parameters, making changes to existing coefficients, or use a template assessment.
• The Vulnerability Remediation Policy now allows you to set up Agreements (SLAs) with the IT department under which vulnerabilities must be addressed.

Cyber Threat Analytics (TI)

In addition to the already existing two-way integration with FinCERT through mail or online interaction, the system has the ability to connect Threat Intelligence commercial platforms such as Kaspersky, Group-IB, as well as IBM X-Force Exchange. The data obtained is normalized, deduplicated, and enriched when loaded. The functionality of both historical search in SIEM systems and real-time search using big data brokers is available.

Big Data and Machine Learning Module (ML)

• Working with big data from software message brokers allows the system to access significantly more information than in. SIEM
• Real-time search of compromise indicators is available, as well as detection of anomalies in messages from network and end devices.
• The deep learning system is able to detect anomalies by analyzing millions of events per day, without requiring significant production capacity and disposal of the SIEM system license for a massive volume of messages.

Analytics and Data Views

Widgets, dashboards and reports of any complexity in the new version of the portal can be created using No-Code and Low-Code constructors. Users can independently customize drill-down to related widgets or table views of data, download report templates, configure their regular generation, send by e-mail or attach as evidence of appropriate technical control.

Architecture

The presented version has become completely cross-platform. There is still support for installing components on, MS Windows so OS Microsoft as not to lose the safe and fast functionality of interacting with systems under control, while both the platform itself and database the connectors are now available for installation on and. Astra Linux Viola Database support for storing information has now been expanded. PostgreSQL

Multitanancy

Release 5.0.0 provides the ability to physically separate data, share indicators and incidents between related companies, and share response connectors.

2020

Security Vision received a certificate of compliance with the FSTEC of Russia

The Intellectual Security Group of Companies announces in January the passing of certification tests of the Security Vision IT platform in the system of certification of information protection tools according to the requirements of information protection of the Federal Service for Technical and Export Control.

The Certificate of Conformity No. 4194 of 19.12.19 issued by FSTEC of Russia certifies that Security Vision fully complies with the norms of the current regulatory legal acts of the Russian Federation (in particular, on the 4th level of control over the absence of undeclared capabilities), and confirms the high level of protection of information processed in Security Vision.

The availability of the FSTEC certificate of conformity is one of the necessary conditions, compliance with which confirms the reliability of the Security Vision IT platform and allows it to be used in state information systems (GIS), personal data information systems (ISDS), automated process control systems (APCS) up to the 1st class/level of security inclusive.

Purpose and composition of the Security Vision IT system

Security Vision is a Russian product designed to automate collateral. information security Russian IT system that allows you to robotize up to 95% of the software and hardware functions of the information security operator. Security Vision is 100% Russian development and is included Unified Register of Russian Programs in computers and databases. Ministry of Digital Development, Communications and Mass Media Russia It has all the necessary permits for operation FSB and FSTEC. A product in the IRP and SGRC class, which is certified according to NDV4 safety requirements FSTEC (FSTEC Certificate of Conformity No. 4194 dated 19.12.2019) and can be used in GIS (State information systems), Personal Data Information Systems (Personal Data Information Systems), (APCS Automated Process Control System) up to and including 1st class.

Security Vision works at Sberbank of Russia, Otkritie Bank, FSO of Russia, Rostec, Goznak, Glavgosexpertiza, Gazprom-Media Holding, SME Corporation, Multicart, Russian Post, United Energy Company, Federation Council of the Federal Assembly of the Russian Federation, PFR, Accounts Chamber of the Russian Federation, Transneft, PIK and many other state bodies and commercial structures.

Security Vision includes five products with the ability to work on one platform:

• Security Vision SOC (Security Operation Center) 
• Security Vision IRP (Incident Response Platform) 
• Security Vision SGRC (Security Vision Security Governance, Risk Management and Compliance) 
• Security Vision CRS (Cyber Risk System) 
• Security Vision CII (Critical Information Infrastructure)

2019

As part of the Register of Domestic Software

As of March 2019, the Security Vision system was officially recognized as created in the Russian Federation and included by the Ministry of Digital Development, Communications and Mass Media in the Unified Register of Russian Computer Programs and Databases.

FSTEC Certification

On January 9, 2020, Intellectual Security Group of Companies announced the successful passing of certification tests of the Security Vision IT platform in the information protection certification system for information protection requirements of the Federal Service for Technical and Export Control.

The issued FSTEC Russia Certificate of Conformity No. 4194 of 19.12.19 certifies that Security Vision fully complies with the norms of the current regulatory legal acts of the Russian Federation (in particular, on the 4th level of control over the absence of undeclared capabilities), and confirms the high level of protection of information processed in Security Vision.

The availability of the FSTEC certificate of conformity is one of the necessary conditions, compliance with which confirms the reliability of the Security Vision IT platform and allows it to be used in state information systems (GIS), personal data information systems (ISDS), automated process control systems (APCS) up to the 1st class/level of security inclusive.

Purpose. Products and modules. Implementation Scheme

Security Vision automates key information security processes in the organization, and is capable of monitoring and robotic response to cybersecurity incidents in real time.

As of March 2019, the product solves problems in a number of areas of cybersecurity, known in the international classification as:

• Security Operation Center (SOC)
• Incident Response Platform (IRP)
• Cyber Risk System (CRS)
• Security Governance, Risk Management and Compliance (SGRC)

Appointment

Most developed organizations use a set of information protection tools to some extent in order to reduce the impact of the growing number of new threats to the information security of corporate information systems, elements of the network infrastructure of data transmission, engineering and business systems. Each of the systems has its own aspects of influencing information security. In order to transfer disparate security systems to the category of managed services, a software complex for intelligent security has been created that automates information security processes.

According to the product developers, the implementation of Security Vision allows the company to implement monitoring, data protection and response in real time. Security Vision Implementation End-to-End Cybersecurity Challenges:

• Surveillance (SOC). Centralized collection and storage of information about information security events. The security officer must conduct operational monitoring of the state of cybersecurity, clearly and transparently.
• Digitization (CRS). Obtaining operational information on the state of information security for management decisions. The system must be able to act to prevent or minimize damage.
• Response (IRP). Detection and prevention of computer attacks aimed at protected information resources in real time.
• Improvement (SGRC). Drawing experience, the system should improve information security processes (audits, compliance, etc.)

The system is designed for comprehensive automation of the activities of employees of structural divisions of information security of the customer and the formation of uniform approaches to the implementation of information security processes.

Products and Modules

The software product is built in the form of a platform and modules. Each module is built on the principle of a designer, allowing the customer to form the structure, logic and content of the solution for their own business tasks. The platform includes four products with the ability to work on one platform - Security Operation Center (SOC), Security Vision Incident Response Platform (IRP), Security Vision Cyber ​ ​ Risk System (CRS) and Security Governance, Risk Management and Compliance (SGRC).

Security Vision Incident Response Platform (IRP) Presentation

Security Vision Cyber ​ ​ Risk System (CRS) Functionality

The Security Vision platform can include the following solution modules:

• 1. Asset Builder
• 2. Request/Incident Designer
• 3. Workflow Designer
• 4. 2D/3D Map
• 5. Designer/showcase of dashboards
• 6. Report Designer
• 7. Alert Designer
• 8. Risk Management Designer (Cyber ​ ​ Risk System PC)
• 9. Response Control Designer
• 10. Data Connector Designer
• 11. External Connector Designer
• 12. Vulnerability Lifecycle Management
• 13. Compliance Management Designer and Database of Documents Regulating Information Security Assurance Procedure
• 14. Audit Designer
• 15. Compliance Management; GDPR
• 16. Compliance Management CUES (); Critical Information Infrastructure
• 17. Availability Monitoring Designer;
• 18. Awareness management in the field of information security;
• 19. Accounting of licenses and service contracts;
• 20. Correlation core
• 21. Integration with CERT (State system of detection, prevention and elimination of consequences of computer attacks, FinCERT)
• 22. Inventory and Integrity Monitoring
• 23. Monitor changes in IT infrastructure
• 24. Big Data Analytics Cluster: ML, OLAP, Hadoop sample
• 25. Interaction with corporate systems, etc.

Typical Solution Implementation Scheme