| Developers: | VK (formerly Mail.ru Group) |
| Date of the premiere of the system: | 06.02.2025 |
| Branches: | Information security |
| Technology: | Information Security Management (SIEM) |
VK launched its own safety monitoring system developed by the company's engineers, the company told TAdviser on February 6, 2025. The proprietary SIEM solution provides at startup analysis of more than 1.5 million events per second (EPS) emanating from the VK infrastructure, network devices and applications.
As explained in the company, the development was created using the practices of leading high-load data processing systems and designed as a modular system that combines both new and successfully proven VK engineering solutions. The flexible architecture allows you to quickly scale horizontally without reducing overall performance - the estimated bandwidth is up to 3.5 million EPS and can be increased to meet business needs.
In addition, thanks to the advanced functionality of the rule correlation engine on the stream, SOC specialists receive in-depth data analytics, create new rules and respond faster to possible incidents, preventing the onset of damage.
VK told TAdviser that with the commissioning of SIEM of its own design, the company no longer uses third-party solutions. VK did not specify which market products the company refused.
 | We have used various technologies and products in the past, but the growth of VK's infrastructure has shown that we need a new centralized solution that we can fully control and develop by integrating our own developments, "Dmitry Kukolev, head of SOC VK, explained to TAdviser. - Therefore, we focused on the development of functionality and manufacturability of this solution in order to scale to the new needs of the company. |  |
Dmitry Kukolev added that this is how most large IT companies work. VK does not exclude that if successful, its solution will be able to become a new service and will enter the VK portfolio.
I must say that in the current vacancies of SOC VK, the requirements for analysts include the ability to work with SIEM systems ELK and KUMA. But as explained by TAdviser in VK, these are essentially general requirements for specialist experience, and these systems themselves are not used in VK at the time of launching their own SIEM.
Speaking about the prerequisites for the development of his own SIEM, Dmitry Kukolev notes that in recent years VK has seen a multiple increase in the load on its systems: if in 2023 the company's solutions processed about 200 thousand events per second (EPS), then by the end of 2024 the load increased 5 times.
| | Our engineering team has been able to develop a functional and high-performance tool for finding, correlating and processing security events that enables our security professionals to identify threats even faster and more accurately, minimize risks and make informed decisions in real time, even in the most complex cyber attacks and a huge amount of telemetry, says the head of SOC VK. | |
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |