R-Vision EVO

Main article: Security Information and Event Management (SIEM)

2023

R-Vision Endpoint 1.8 with integration with R-Vision TDP

On November 20, 2023, R-Vision, a developer of cybersecurity systems, announced the expansion of the functionality of R-Vision Endpoint. Additional features are designed to improve the protection of corporate networks from current cyber threats and make the process of monitoring IT infrastructure more efficient.

In the update, the developer has significantly improved the technical audit section. Now users can view the results of the examination in a more comprehensive form, which simplifies the analysis of vulnerabilities and will allow faster measures to eliminate them. In addition, it became possible to add your own policies and modify the installed checks, adapting the audit system to specific requirements and tasks of the company.

In the update, the developer added the ability to integrate with the R-Vision TDP product, which allows one click to place decoys that simulate vulnerabilities in the corporate system, making it attractive to attackers. For example, R-Vision Endpoint technology helps to place decoys - false accounts, saved sessions and SSH keys. This approach reduces the cost of deploying and updating false infrastructure.

The R-Vision team also integrated the ability to install and manage the Sysmon module for. OS Windows Sysmon is a system event monitoring tool that allows you to detect suspicious activity on computers and prevent potential threats. The product update includes the ability not only to generate events Linux in using its own modules, but also offers INFORMATION SECURITY specialists an understandable tool on Windows.

{{quote 'In R-Vision, we strive to create technologies that will meet the needs of our customers as much as possible. To do this, we regularly improve our products, add new features and improve the user experience - commented Petr Kutsenko, leading product manager of R-Vision - We are also closely monitoring for new threats and vulnerabilities in order to timely develop countermeasures and implement them in our solutions}}

R-Vision Endpoint is a key component of the R-Vision EVO ecosystem that extends the functionality of other technologies by unlocking additional product benefits. With Endpoint, users can perform detailed asset inventories, identify threats, and respond to incidents directly on end devices, and automatically perform technical audits of all popular types of security operating systems.

Integration with R-Vision SGRC

On August 11, 2023, R-Vision introduced an update to R-Vision Endpoint technology, which provides data collection, detection and response on end devices.

R-Vision Endpoint technology is a key component of the R-Vision EVO ecosystem that expands the functionality of other technologies and provides additional advantages from their use. With R-Vision Endpoint, the user can conduct detailed asset inventory, identify threats and respond to incidents directly on end devices, and automatically conduct technical audits of all popular types of operating systems for compliance with information security standards.

Updates make it possible to use R-Vision Endpoint as a sensor for detecting IoC at the end nodes of its infrastructure. Users can now receive events regardless of the configuration of other protection systems, as well as where the node is located - inside or outside the perimeter of the organization. This was made possible by integration with the R-Vision TIP cyber threat information analysis platform.

In addition, the developer implemented the integration of R-Vision Endpoint with the R-Vision SGRC information security management automation platform, which allows you to conduct a technical audit of the node for compliance with the requirements of legislation and the selected level of protection. Thus, you can check the correctness and optimality of the settings of the operating system and application software, as well as make sure that the node complies with the requirements of regulatory acts.

Another important update relates to improved event collection from Linux systems. In particular, R-Vision has improved R-Vision Endpoint technology by adding the ability to centrally manage the collection policy of information security events from nodes. This is especially true for users of Russian operating systems, where setting up an audit of information security events can be difficult or the completeness of data collection does not allow a high-quality investigation.

A number of other functional modifications are associated with an expanded number of possible methods of response, whereby users can send files from a node to any system that supports POST/PUT HTTP interface, for example, to a sandbox. The vendor also supplemented the R-Vision Endpoint component with the option to centrally search files by their hash amounts, thanks to which you can quickly and efficiently detect other affected nodes and prevent the spread of threats in the organization.

R-Vision Endpoint is a significant tool for building comprehensive protection processes in an organization. Its use enables customers not only to respond quickly to an incident, but to expand the visibility of many events that occur on the system, including: user actions, file changes, starting processes, and much more. Thus, R-Vision Endpoint allows you to detect anomalies and potential threats that may be missed by other security systems. We are confident that this technology will become indispensable for better information security in the corporate environment, and we continue to actively develop it as one of the key components of our ecosystem, "said Petr Kutsenko, R-Vision Endpoint Product Manager at R-Vision.

2022: Presentation of the R-Vision EVO

The developer of the systems cyber security R-Vision on November 9, 2022 announced its own ecosystem of technologies for evolution - SOC R-Vision EVO. The ecosystem has combined existing technologies, components and processes, and has also been supplemented with technologies that time will soon become available to the vendor's customers under special conditions.

Against the backdrop of an increasing number of cyber threats, business requirements for information protection are changing: the classic approach to building monitoring and response centers for information security (Security Operation Center, SOC), where each product performs a separate specific function, has come an ecosystem approach. Ecosystems allow organizations to comprehensively approach cybersecurity issues, provide solutions to problems at the intersection of technologies, and also focus on the most priority business processes for companies.

Taking into account the needs of the market and customers, the R-Vision developer presented the R-Vision EVO ecosystem - a complex of interconnected technologies, components and processes built between them that allow companies to build the Security Operation Center and develop it to the required level of maturity. A distinctive feature of the R-Vision ecosystem is the fact that the vendor's technologies help to evolve all information security monitoring and response centers, regardless of their initial scale and industry, while the developer presents all customers with the opportunity to gradually increase and expand the ecosystem functionality as SOC needs grow.

R-Vision EVO currently includes the following technologies and components:

• Security Asset Management technology, which builds the process of managing an organization's assets;
• User and Entity Behavior Analytics technology, which detects violations in the state of IT and information security systems, suspicious activity of objects and performs a dynamic assessment of threats and anomalies;
• Security Orchestra, Automation, Response technology, which is responsible for automating the information security incident management process;
• Threat Intelligence technology, which provides comprehensive management of cyber intelligence data;
• Governance, Risk management, Compliance technology, with the help of which information security management processes are formed in accordance with best practices and standards;
• Deception technology, which simulates elements of the infrastructure, thereby detecting the presence of an attacker;
• Vulnerability Management technology, the main task of which is to automate the vulnerability management process.

In addition, in the near future, 2 more ecosystem technologies will be available to R-Vision customers:

• Endpoint Security technology, which collects and inventories information about information security events from endpoints, as well as a tool for responding to incidents and eliminating the consequences of an attack on hosts;
• Log Management technology, which collects events from all elements of the infrastructure, and also allows you to build the process of collecting, normalizing and storing information security events and provides users with the ability to analyze the collected information.

It is important to note that the advantage of building SOC based on the R-Vision EVO ecosystem is the possibility of an integrated and strategically verified approach to information security. Ecosystem components enrich each other and allow you to access both more detailed technical data and business analytics at any time. At the same time, the R-Vision EVO ecosystem presents customers with a huge number of built-in integration mechanisms, configurations and expertise, with which the tasks of building and developing an information security incident monitoring and response center become much easier and more transparent.

The creation and development of SOC is a complex and multifaceted task for which there is not enough point solving problems with separate products. In the new realities, users and the market need a comprehensive and strategically thought out approach to build truly effective protection. Ecosystems where technologies are deeply integrated and work in close conjunction can provide this approach. Thus, understanding these factors formed the basis for creating the R-Vision EVO ecosystem and adding new technologies to it, "commented Igor Smetanev, Director of Strategic Development at R-Vision.