R-Vision EVO

Main article: Security Information and Event Management (SIEM)

2025: Launching Solutions for End-to-End Business Digitalization

R-Vision expands the business and enters the market IT of solutions. On April 21, 2025, the company presented a direction focused on comprehensive business digitalization. The focus of R-Vision will be on solving problems for cooperation IT and - INFORMATION SECURITY districts, as well as on the development of technologies for. data management This is a response to the growing demand from organizations for digital transformation, increased manageability of the IT landscape, and elimination of silos. data Analysts estimate that more than 67% of incidents in the area information security are related to infrastructure opacity and process disunity, and the inability to effectively manage their data leads to losses of at least 30% of current revenue. This R-Vision IT area is aimed at solving these problems systemically - with an emphasis on end-to-end automation and control.

The R-Vision IT product line is created on a single R-Vision EVO platform. Now the platform also includes products for managing the IT landscape, service and processes around data. They cover configuration control, asset inventory, automation of joint IT and information security processes, as well as data processing and storage tasks, which makes it possible to build an effective data-driven approach. Products can be used either individually or as part of a single system. End-to-end integration, common data loop, and scalability for big business objectives ensure consistency, reduced routine, and increased control accuracy.

The line of new solutions includes:

• R-Vision CMDB is a solution for centralized database management of IT components and their configurations.
• R-Vision is ITSM an automation and management solution that IT services uses library best practices. ITIL
• R-Vision ITAM is a solution for managing the lifecycle of a company's IT assets.
• R-Vision DGP is a data management solution that provides complete transparency, protection, and control throughout its lifecycle, from efficient storage creation to access control and secure removal.

The key difference between the R-Vision approach is in platform. The company's products work in a single interface, synchronize tasks between information security and IT and integrate with external systems. Dozens of ready-made connectors and an advanced API are available out of the box, speeding up implementation and expanding use cases.

R-Vision products have always been created with a deep understanding of the customer's infrastructure. And we have often faced challenges at the intersection of IT and information security, seeing an increasing need for data management, efficient data acquisition and storage. This has become a trigger for deep analysis: how current approaches really solve these problems. Today, this formed the basis of a separate IT direction of the company: our goal is to help restore order in the infrastructure, automate the routine and ensure the coordinated work of teams, relying on our expertise and experience in processing large amounts of data, - said Valery Bogdashov, CEO of R-Vision.

The company focuses on large organizations of government agencies, telecom operators, power, industry and finance. The first pilot implementations of products from the IT line are already planned, and certification processes have been launched for all solutions. According to R-Vision, by 2028, the new direction can bring up to 30% of the company's total revenue.

2023

R-Vision Endpoint 1.8 with integration with R-Vision TDP

On November 20, 2023, R-Vision, a developer of cybersecurity systems, announced the expansion of the functionality of R-Vision Endpoint. Additional features are designed to improve the protection of corporate networks from current cyber threats and make the process of monitoring IT infrastructure more efficient.

In the update, the developer has significantly improved the technical audit section. Now users can view the results of the examination in a more comprehensive form, which simplifies the analysis of vulnerabilities and will allow faster measures to eliminate them. In addition, it became possible to add your own policies and modify the installed checks, adapting the audit system to specific requirements and tasks of the company.

In the update, the developer added the ability to integrate with the R-Vision TDP product, which allows one click to place decoys that simulate vulnerabilities in the corporate system, making it attractive to attackers. For example, R-Vision Endpoint technology helps to place decoys - false accounts, saved sessions and SSH keys. This approach reduces the cost of deploying and updating false infrastructure.

The R-Vision team also integrated the ability to install and manage the Sysmon module for. OS Windows Sysmon is a system event monitoring tool that allows you to detect suspicious activity on computers and prevent potential threats. The product update includes the ability not only to generate events Linux in using its own modules, but also offers INFORMATION SECURITY specialists an understandable tool on Windows.

{{quote 'In R-Vision, we strive to create technologies that will meet the needs of our customers as much as possible. To do this, we regularly improve our products, add new features and improve the user experience - commented Petr Kutsenko, leading product manager of R-Vision - We are also closely monitoring for new threats and vulnerabilities in order to timely develop countermeasures and implement them in our solutions}}

R-Vision Endpoint is a key component of the R-Vision EVO ecosystem that extends the functionality of other technologies by unlocking additional product benefits. With Endpoint, users can perform detailed asset inventories, identify threats, and respond to incidents directly on end devices, and automatically perform technical audits of all popular types of security operating systems.

Integration with R-Vision SGRC

On August 11, 2023, R-Vision introduced an update to R-Vision Endpoint technology, which provides data collection, detection and response on end devices.

R-Vision Endpoint technology is a key component of the R-Vision EVO ecosystem that expands the functionality of other technologies and provides additional advantages from their use. With R-Vision Endpoint, the user can conduct detailed asset inventory, identify threats and respond to incidents directly on end devices, and automatically conduct technical audits of all popular types of operating systems for compliance with information security standards.

Updates make it possible to use R-Vision Endpoint as a sensor for detecting IoC at the end nodes of its infrastructure. Users can now receive events regardless of the configuration of other protection systems, as well as where the node is located - inside or outside the perimeter of the organization. This was made possible by integration with the R-Vision TIP cyber threat information analysis platform.

In addition, the developer implemented the integration of R-Vision Endpoint with the R-Vision SGRC information security management automation platform, which allows you to conduct a technical audit of the node for compliance with the requirements of legislation and the selected level of protection. Thus, you can check the correctness and optimality of the settings of the operating system and application software, as well as make sure that the node complies with the requirements of regulatory acts.

Another important update relates to improved event collection from Linux systems. In particular, R-Vision has improved R-Vision Endpoint technology by adding the ability to centrally manage the collection policy of information security events from nodes. This is especially true for users of Russian operating systems, where setting up an audit of information security events can be difficult or the completeness of data collection does not allow a high-quality investigation.

A number of other functional modifications are associated with an expanded number of possible methods of response, whereby users can send files from a node to any system that supports POST/PUT HTTP interface, for example, to a sandbox. The vendor also supplemented the R-Vision Endpoint component with the option to centrally search files by their hash amounts, thanks to which you can quickly and efficiently detect other affected nodes and prevent the spread of threats in the organization.

R-Vision Endpoint is a significant tool for building comprehensive protection processes in an organization. Its use enables customers not only to respond quickly to an incident, but to expand the visibility of many events that occur on the system, including: user actions, file changes, starting processes, and much more. Thus, R-Vision Endpoint allows you to detect anomalies and potential threats that may be missed by other security systems. We are confident that this technology will become indispensable for better information security in the corporate environment, and we continue to actively develop it as one of the key components of our ecosystem, "said Petr Kutsenko, R-Vision Endpoint Product Manager at R-Vision.

2022: Presentation of the R-Vision EVO

The developer of the systems cyber security R-Vision on November 9, 2022 announced its own ecosystem of technologies for evolution - SOC R-Vision EVO. The ecosystem has combined existing technologies, components and processes, and has also been supplemented with technologies that time will soon become available to the vendor's customers under special conditions.

Against the backdrop of an increasing number of cyber threats, business requirements for information protection are changing: the classic approach to building monitoring and response centers for information security (Security Operation Center, SOC), where each product performs a separate specific function, has come an ecosystem approach. Ecosystems allow organizations to comprehensively approach cybersecurity issues, provide solutions to problems at the intersection of technologies, and also focus on the most priority business processes for companies.

Taking into account the needs of the market and customers, the R-Vision developer presented the R-Vision EVO ecosystem - a complex of interconnected technologies, components and processes built between them that allow companies to build the Security Operation Center and develop it to the required level of maturity. A distinctive feature of the R-Vision ecosystem is the fact that the vendor's technologies help to evolve all information security monitoring and response centers, regardless of their initial scale and industry, while the developer presents all customers with the opportunity to gradually increase and expand the ecosystem functionality as SOC needs grow.

R-Vision EVO currently includes the following technologies and components:

• Security Asset Management technology, which builds the process of managing an organization's assets;
• User and Entity Behavior Analytics technology, which detects violations in the state of IT and information security systems, suspicious activity of objects and performs a dynamic assessment of threats and anomalies;
• Security Orchestra, Automation, Response technology, which is responsible for automating the information security incident management process;
• Threat Intelligence technology, which provides comprehensive management of cyber intelligence data;
• Governance, Risk management, Compliance technology, with the help of which information security management processes are formed in accordance with best practices and standards;
• Deception technology, which simulates elements of the infrastructure, thereby detecting the presence of an attacker;
• Vulnerability Management technology, the main task of which is to automate the vulnerability management process.

In addition, in the near future, 2 more ecosystem technologies will be available to R-Vision customers:

• Endpoint Security technology, which collects and inventories information about information security events from endpoints, as well as a tool for responding to incidents and eliminating the consequences of an attack on hosts;
• Log Management technology, which collects events from all elements of the infrastructure, and also allows you to build the process of collecting, normalizing and storing information security events and provides users with the ability to analyze the collected information.

It is important to note that the advantage of building SOC based on the R-Vision EVO ecosystem is the possibility of an integrated and strategically verified approach to information security. Ecosystem components enrich each other and allow you to access both more detailed technical data and business analytics at any time. At the same time, the R-Vision EVO ecosystem presents customers with a huge number of built-in integration mechanisms, configurations and expertise, with which the tasks of building and developing an information security incident monitoring and response center become much easier and more transparent.

The creation and development of SOC is a complex and multifaceted task for which there is not enough point solving problems with separate products. In the new realities, users and the market need a comprehensive and strategically thought out approach to build truly effective protection. Ecosystems where technologies are deeply integrated and work in close conjunction can provide this approach. Thus, understanding these factors formed the basis for creating the R-Vision EVO ecosystem and adding new technologies to it, "commented Igor Smetanev, Director of Strategic Development at R-Vision.