X5 Group transferred the processes of managing cyber intelligence data to the solution of the Russian developer R-Vision

2023: Transition to a domestic R-Vision Threat Intelligence solution

X5 Group, grocery retail the company, within the Russia framework of the program implemented in the company import substitution , switched to the domestic analysis platform about information from the threats R-Vision Threat Intelligence (TIP) system developer. This was cyber security R-Vision announced on May 15, 2023 by R-Vision.

The specialists of the Incident Monitoring and Response Center Security Operation Center(,) SOC X5 Group data cyber intelligence have been actively using in their work for several years. The company also used specialized platforms to analyze information about threats from. world producers Therefore, when choosing a domestic platform for working with cyber intelligence data retailer , he placed high requirements on the functionality of the solution, paying special attention to the connectivity of previously used data providers integration and existing INFORMATION SECURITY systems in the company.

Illustration: realty4sale.ru

At the same time time , the transition to this product was to be implemented without violating the existing processes for collecting forensic information, which is further used in the response and for retrospective analysis of data. After analyzing the technical capabilities of a number of the Russian TI systems, X5 Group came to the conclusion that the R-Vision TIP platform most meets the company's requirements and decided testing on the platform.

During the R-Vision TIP pilot test, the vendor's specialists connected more than 15 commercial and open-source data sources (feeds) collecting compromise indicators (IoCs), including from international databases. In addition, another data source was the developer's own feed - R-Vision Threat Feed, which automatically extracts IoCs and their associated context from public TI reports.

Also, for better and more complete information about threats, the developer has configured support for services for enriching compromise indicators, with the help of which the platform collects additional context not only about IoCs, but also about their relationship with each other, with vulnerabilities and malware. In turn, the integration of R-Vision TIP with the SIEM system previously implemented in X5 Group allowed SOC analysts to automatically search for compromise indicators in security events.

As a result of testing, all the tasks assigned to X5 Group were solved, which became an additional argument in favor of choosing R-Vision TIP. Already at the piloting stage, the platform showed its effectiveness, and the company received a working product that allows you to collect in one place all the necessary context about potential threats and provides ample opportunities to automate actions with available data.

The transfer of X5 Group processes for analyzing information security threats to the R-Vision TIP platform is a vivid example of how, using a solution from a Russian manufacturer, you can replace foreign products without losing the system as a functionality. As part of pilot testing and subsequent operation, the product has demonstrated in practice full compliance with customer expectations, commented Andrey Milovanov, Deputy Commercial Director of R-Vision.

A joint project with R-Vision clearly shows that Russian information security products can fully comply with international standards. It was important to find a domestic solution that could ensure the continuity of current processes and reduce the risk of various kinds of cyber threats. The R-Vision TIP product significantly demonstrated its peculiarity and the choice was made in favor of it. The experience and expertise of the vendor made it possible to close the needs in this area in the conditions of accelerated import substitution. As a result, in just 1.5 months, R-Vision TIP was put into commercial operation, said Nikita Galimov, head of monitoring and response at X5 Group.