Solar and Security Vision: Solution for automation of information security risk assessment

The main articles are:

• SaaS - History. Philosophy. Development drivers
• Security Information and Event Management (SIEM)

2024: Presentation of a prototype solution for automation of information security risk assessment

Solar Group and Security Vision plan to develop an automated solution for quantitative assessment of information security risks. The corresponding agreement was signed by Ruslan Rakhmetov, General Director of Security Vision, and Andrei Timofeev, Financial Director of Solar Group. About this "Solar" reported on September 12, 2024.

source = Solar

The partners have already carried out a practical test of the possibility of automation and unification of the methodology for quantitative assessment of information security risks and have developed a prototype SaaS service based on the risk-oriented Solar CRQ model. The functionality of the solution includes a quantitative assessment of information security risks, a scenario analysis of the implementation of cyber attacks, an assessment of the parameters of possible violators and an analysis of the economics of initiatives to protect critical business processes. A key advantage of the Solar and Security Vision joint product will be the use of Solar JSOC, which has an extensive knowledge base on cyber attacks, to assess risks. The product is intended for companies with a medium and high level of maturity of the information security function.

The market for automated quantitative risk assessment in Russia is just being formed. According to analysts of the Solar Group of Companies for September 2024, it can be about 350 million rubles. A number of prerequisites suggest that the demand for such solutions will grow. Firstly, the detail of the level of risks in the "traffic light" format is no longer enough, a more accurate assessment is needed to make decisions when forming a budget. Secondly, the number of possible directions and options for investment in cybersecurity is increasing, so businesses need a tool for comparing cost-effectiveness and prioritizing initiatives. And, most importantly, the results of the assessment will allow businesses to discuss information security in categories and parameters comparable to other areas of the company.

In deciding on the size of the budget for information security, business, as a rule, focuses on how much other organizations in the industry invest on average, how much you need to spend to close certain gaps, or how much you need to increase the budget compared to last year. The goal of Solar and Security Vision is to help customers not only ensure infrastructure security, but also optimize resources, making protection more targeted and efficient.

Over the past few years, companies have expanded their technical base of security tools, but now their main task is to configure, integrate and manage these tools in order to competently analyze their work and make informed decisions based on the data obtained. Within the framework of information security consulting, we assess the maturity of technologies, processes and training of specialists, identify problems and draw up a development plan. By combining our rich experience with advanced Security Vision solutions, we will be able to offer our clients the most effective recommendations for improving our security, including in the format of digital consulting, - commented Roman Chaplygin, director of consulting at Solar Group.

We are pleased that our cooperation with Solar has been continued, since both companies have multifaceted competence, and the useful potential of our partnership is very high. Information security consulting is a promising area, since it allows you to systematically solve problems in their totality, as well as assess the relevance of minimizing information security risks for business and the feasibility of investing in the company's cybersecurity. From this point of view, our cooperation will be useful for increasing the maturity of approaches to information security, that is, for the development of the industry in the country, - said Roman Ovchinnikov, Director of the Security Vision Implementation Department.