UTSB helped SberAnalytica reduce response time to information security incidents

2025: SOAR Implementation

UTSB has implemented a SOAR system in SberAnalytics. The UTSB announced this on April 16, 2025.

The SOAR system from the Russian developer R-Vision aggregates data on possible information security incidents from many sources, automates enrichment of information security incident signs with context, responds to them and activates protective measures, providing a single space for the joint work of specialists involved in information security management.

In addition, the R-Vision SOAR platform provides a more complete understanding of the level of security, thanks to advanced asset inventory and vulnerability management functionality. And flexibly customizable visualization and reporting helps to control work both at the operational level and in terms of informing the company's management.

The goals have been achieved: the company has increased the effectiveness of cyber defense, significantly simplified the processes of managing information security incidents, and built a faster and safer exchange of data between systems and employees of the information security department, said Marat Shamsutdinov, CISO, SberAnalytics.

The result of the SOAR implementation was to improve the effectiveness of the company's protection against cyber threats and reduce the time to respond to frequently repeated types of incidents on the 90% - from 10 to 1 minutes. The high reaction rate minimizes the potential damage from attacks and gives additional time to make a decision to eliminate the consequences of the information security incident.

In addition, the labor costs of information security specialists for routine operations decreased - on average, the processing time of information security incidents decreased by 30%. This became possible thanks to automation, which helped to build a coordinated interaction between departments, IT OT and. SOC Sberanalytics

The USCS team integrated R-Vision SOAR in three stages: analysis of the information infrastructure of SberAnalytics to identify areas of automation and develop a plan for interaction of a new solution with already implemented ones, preparation of project documentation according to GOSTs and implementation of the system. During the implementation phase, SCS engineers developed a customized connector that integrates SOAR R-Vision with the Customer's security monitoring system (SOC) and automates information security incident lifecycle management.

We presented options for implementing the Customer's requirements taking into account the specifics of the systems under consideration and the supplied software. Thanks to well-coordinated joint work, we managed to create an effective automated system for responding to information security incidents, noted Anastasia Fedorenko, Head of Information Security Automation, UTSB.