ИТБ: Security Capsule (SC SIEM)

Security Capsule - SIEM system for recording security events.

2025

Compatibility with Tantor 16.2.1

Innovative Technologies in Business - Security Capsule SIEM developer on February 11, 2025 announced the completion of compatibility testing with the domestic database management system Tantor SE version 16.2.1. The tests confirmed the correct operation of the solutions and their ability to effectively interact within the system.

As part of the testing, the stability of the Security Capsule SIEM was checked when using Tantor SE as a storage for account data users, settings and system statistics. Particular attention was paid to high-load performance, reliability data storage and correct integration. According to the results of testing, it was found that the system provides high speed and reliability in real time.

It is important to note that events and incidents in the Security Capsule SIEM system are not processed using the Tantor SE DBMS. For these purposes, a non-relational DBMS is used, MongoDB which is designed to work with large amounts of these security events and incidents. This separation of functionality allows you to ensure optimal performance and reliability of the system as a whole.

Company representatives noted that successful testing opens up new opportunities for the use of Security Capsule SIEM in conjunction with the Tantor SE DBMS in projects with increased information protection requirements. This is especially true for businesses with critical infrastructure and sensitive data, including government and corporate security facilities.

We are pleased to announce that our Security Capsule SIEM solution is fully compatible with Tantor SE 16.2.1. This success confirms the readiness of our product to work in the most demanding environments and process critical data with a high level of reliability and security, "said the head of development at Security Capsule.

Ability to match events and incidents by MITRE ATT&CK matrix

On February 3, 2025, ITB LLC announced the emerging functionality of SC SIEM, which allows you to compare events and incidents using the MITRE ATT&CK matrix. This feature greatly enhances the capabilities of SC SIEM to detect, analyze and respond to cyber attacks, making it even more in demand among organizations looking to increase their cybersecurity.

MITRE ATT&CK is a constantly updated knowledge base that describes the tactics and techniques used by attackers at different stages of attacks. It serves as the basis for building threat models and is used to assess the effectiveness of protective measures, as well as to develop and improve cyber defense methods.

Implementation of MITRE ATT&CK support in SC SIEM allows:

• Automatic matching of events with techniques and tactics: The system now automatically matches event and incident data with relevant techniques and tactics from MITRE ATT&CK. This gives information security specialists a more complete idea of ​ ​ what methods the attacker is using and at what stage of the attack is.
• Improved incident analysis: Matching with MITRE ATT&CK helps to better understand the context of incidents and make more informed decisions to neutralize them. Specialists can identify threats faster and more accurately using information about how attackers can advance in the company's infrastructure.

Thus, the integration of MITRE ATT&CK into SC SIEM greatly enhances the analytical capabilities of the system, turning it into a powerful tool for combating cyber threats.

Implementation of an enhanced event audit in the information security event monitoring and correlation system

LLC, ITB January 15, 2025 announced the introduction of an extended audit of events information security in the SC event monitoring and correlation system. SIEM This function is implemented using the Sysmon utility, which significantly improves the quality of monitoring and analysis of events in and. operating systems Windows Linux

Sysmon (System Monitor) is a utility included in the Sysinternals suite developed. Microsoft It is designed to track activity on the system and record detailed information events, such as starting processes, changes in files, network connections and other important actions that can be used to detect suspicious and malicious actions.

The integration of advanced event auditing with Sysmon into SC SIEM provides users with the following benefits:

1. Deep and detailed data collection: Sysmon allows you to capture a wide range of events on Windows and Linux systems, including detailed information about process startup, network connections, changes in system files and the registry. SC SIEM can now use this data for more accurate and detailed analysis of activity in the infrastructure.

2. Enhanced Threat Detection: Advanced event audit allows SC SIEM to more effectively identify potential threats and anomalies, such as suspicious processes, unauthorized changes to files, and other signs of system compromise. This helps security professionals respond more quickly to incidents and prevent them from developing.

3. Increased transparency and control: Implementing enhanced auditing makes processes on Windows and Linux operating systems more transparent to administrators and security professionals. This makes it easier to monitor compliance with corporate security policies and ensures compliance.

4. Versatility and cross-platform: SC SIEM can now effectively handle events in both Windows and Linux environments, providing a unified approach to monitoring and auditing across mixed IT infrastructures. This makes the system more versatile and easy to use.

5. Investigation and forensic support: The data collected by Sysmon can be used to conduct internal investigations and forensic examinations, providing important evidence in the event of information security incidents.

Update of Russian FSTEC certificate

The domestic system of monitoring and correlation of information security events and incident response Security Capsule SIEM (SC SIEM) has successfully passed the renewal of the Russian FSTEC certificate. This was announced by Innovative Technologies in Business, ITB on January 13, 2025.

The main achievements are:

• SC SIEM is included in the State Register of Certified Information Protection Tools of the FSTEC of Russia (Certificate of Conformity No. 4735 of 01.11.2023), complying with the requirements of the documents: Requirements of trust (4) and TS.
• Registered Unified Register of Russian Programs for Electronic Computers and Databases Ministry of Digital Development in Russia (Registration number: 1139)

Applications of SC SIEM:

• Ensuring the safety of facilities critical information infrastructure (containment CUES of category 1)
• State Information Systems (GIS Class 1)
• Automated Process Control Systems (Class 1 APCS)
• Personal Data Information Systems (PIS Level 1)
• Provision of monitoring services

Security Capsule SIEM features:

• Full compatibility with domestic operating systems
• Perpetual licenses convenient for organizations of any scale
• Integration with State system of detection, prevention and elimination of consequences of computer attacks and the Threat Intelligence cyber intelligence system from F.A.C.C.T.
• High performance, scalability, support for distributed installations, and high availability
• Active Directory High Control
• AI assistant to automate event analysis and accelerate threat response

2024

GigaChat Integration

Innovative Technologies in Business"" integrated neural network GigaChat business model in its information security Security Capsule Event Monitoring and Correlation (IS) system. The SIEM company announced this on December 25, 2024. This functionality reduced the response time to incidents by up to 70%, and the accuracy of their analysis increased to 30%. It was also possible to reduce operating expenses the user companies of the solution by 40%, but at the same time increase the efficiency growth of their teams by 50%.

GigaChat makes working with Security Capsule SIEM more intuitive and accessible. Unlike traditional SIEM systems, which provide "raw" information and technical descriptions of events, generative artificial intelligence interprets this data and explains its meaning in simple and understandable language. In addition to describing incidents, artificial intelligence generates recommendations for eliminating them and reducing the negative effect on infrastructure. For example, if the system detects an unauthorized access attempt, GigaChat may suggest steps to restrict login, upgrade software, or strengthen network perimeter protection.

Processing a large array of data, quickly providing clear explanations and recommendations allow operators to significantly reduce the time spent analyzing incidents and making decisions, and this reduces the risks associated with cyber attacks and increases the level of protection of companies' information systems.

{{quote 'author=said Grafov Sergey, project manager, "Innovative Technologies in Business." | Customers, especially large companies, government agencies, and organizations with critical infrastructure, face an ever-increasing landscape of cyber threats. They also had a problem with processing huge amounts of data, information security events, which are mainly generated by corporate networks and systems, and in addition, there was often a need to improve communication between teams in order to simplify coordination and analysis of events. GigaChat for business helped us solve all these problems and make the Security Capsule SIEM system more flexible, intelligent and scalable,}}

The company's future plans include strengthening the integration of GigaChat's capabilities into the Security Capsule SIEM, including in terms of automatic real-time incident analysis.

Compatible with Postgres Pro Standard (versions 14, 15, 16)

Postgres Professional, the developer of the Russian database management system Postgres Pro, and Innovative Technologies in Business LLC, the creator of the Security Capsule SIEM information security event monitoring and correlation system, announced full compatibility of their products. The certificate issued by Postgres Professional confirms the correct operation of SC SIEM with Postgres Pro Standard (versions 14, 15, 16). ITB announced this on December 18, 2024.

The integration of Security Capsule SIEM (SC SIEM) with Postgres Pro provides users with a number of advantages:

• Improved performance and reliability: Support for the flagship edition of Postgres Pro Enterprise, with its key developments, ensures that SC SIEM operates smoothly in high-load environments, which is especially important for protecting and monitoring large infrastructures.
• Compliance with information security requirements: Both solutions are included in the register of domestic software, have FSTEC certificates and are compatible with Russian operating systems and information protection tools, which makes them an ideal choice for companies seeking to comply with regulatory standards.
• Import-substituting solution: The compatibility of SC SIEM and Postgres Pro allows you to create highly efficient solutions on a domestic basis, which reduces dependence on foreign software and supports technological sovereignty.

Integration with domestic security scanners

LLC ITB"" on December 6, 2024 announced an important integration system for monitoring and correlation information security of SC events SIEM with domestic security scanners.

Security scanners are security solutions designed to scan networks, systems, and applications to identify vulnerabilities. They are widely used in the corporate environment to regularly monitor the state of information systems and ensure their compliance with security standards.

The integration of these scanners with SC SIEM provides users with several key benefits:

• Centralized analysis of vulnerability reports: Thanks to integration, data from reports are automatically sent to SC SIEM, where they are processed and analyzed. This allows you to centrally manage information about the vulnerabilities found and quickly get a complete picture of the security status of the organization.
• Risk Mitigation and Efficiency: Integration simplifies the work of security professionals, allowing them to spend less time debriefing individual reports and focus more on strategic tasks. This reduces the risks associated with human factors and improves the overall efficiency of the vulnerability management process.
• Deep analytics and reporting: SC SIEM, with integrated data from security scanners, provides advanced analytics capabilities. Specialists can quickly assess the severity of the identified vulnerabilities, their impact on the security of the organization, as well as generate detailed reports for management and audits.

This integration highlights SC's commitment to providing its customers with comprehensive and easy-to-use tools to protect their information systems. Combining the capabilities of SC SIEM with solutions for scanning vulnerabilities, XSpider,, Scanner-VS MaxPatrol Redchek makes security management even more efficient, helping organizations detect and eliminate threats in a timely manner, providing a high level of protection against. cyber attacks

Red OS Compatibility

On December 11, 2024, Innovative Technologies in Business announced the full compatibility of the Security Capsule SIEM information security event monitoring and correlation system with the Red OS. This significant achievement strengthens the possibilities of using domestic solutions for data protection and information security management that meet the requirements of import substitution.

The integration of Security Capsule SIEM with RED OS allows you to effectively use this SIEM system to identify, analyze and respond to information security incidents in environments built entirely on Russian software. RED OS, certified by FSTEC and the Ministry of Digital Development of Russia, ensures stability, high performance and reliability of work in corporate and government structures, which makes it an ideal platform for hosting Security Capsule SIEM.

Security Capsule SIEM compatibility with RED OS opens up new opportunities for Russian companies seeking to meet the requirements of software localization and critical infrastructure protection. Users can now use Security Capsule SIEM in a RED OS-based infrastructure with a comprehensive security monitoring and analysis solution designed and supported at the domestic level.

Advantages of using Security Capsule SIEM with RED OS:

• Full compliance with compliance and information security standards;
• Resilience to external threats and high performance in domestic infrastructure;
• Comprehensive monitoring and analysis of security incidents using the latest algorithms and technologies;
• Support for import substitution within the framework of the technological independence strategy.

With the integration of Security Capsule SIEM and RED OS, organizations can significantly improve information security while maintaining flexibility and efficiency in data management and protecting critical systems from today's threats.

GigaChat Integration

Innovative Technologies in Business"" integrated neural network GigaChat business model in its information security INFORMATION SECURITY Security Capsule event monitoring and correlation system. The SIEM company announced this on November 12, 2024. This functionality reduced the response time to incidents by up to 70%, and the accuracy of their analysis increased to 30%. It was also possible to reduce the operating costs of the companies-users of the solution by 40%, but at the same time increase the efficiency growth of their teams by 50%.

GigaChat makes working with Security Capsule SIEM more intuitive and accessible. Unlike traditional SIEM systems, which provide "raw" information and technical descriptions of events, generative artificial intelligence interprets this data and explains its meaning in simple and understandable language. In addition to describing incidents, artificial intelligence generates recommendations for eliminating them and reducing the negative effect on infrastructure. For example, if the system detects an unauthorized access attempt, GigaChat may suggest steps to restrict login, upgrade software, or strengthen network perimeter protection.

Processing a large array of data, quickly providing clear explanations and recommendations allow operators to significantly reduce the time spent analyzing incidents and making decisions, and this reduces the risks associated with cyber attacks and increases the level of protection of companies' information systems.

{{quote 'author=said Sergey Grafov, Project Manager "Innovative Technologies in Business." | Customers, especially large companies, government agencies, and organizations with critical infrastructure, face an ever-increasing landscape of cyber threats. They also had a problem with processing huge amounts of data, information security events, which are mainly generated by corporate networks and systems, and in addition, there was often a need to improve communication between teams in order to simplify coordination and analysis of events. GigaChat for business helped us solve all these problems and make the Security Capsule SIEM system more flexible, intelligent and scalable,}}

The company's future plans include strengthening the integration of GigaChat's capabilities into the Security Capsule SIEM, including in terms of automatic real-time incident analysis.

Integration with F.A.C.C.T. Threat Intelligence

On September 12, 2024, the F.A.C.C.T. announced the technological integration of the Security Capsule SIEM (SC SIEM) information security event monitoring and correlation system with the F.A.C.C.T. Threat Intelligence system. Technical cooperation will provide SC SIEM users with a deeper proactive approach to protecting against current cyber threats, detecting complex targeted attacks. Read more here.

2016

Certification of FSTEC of Russia

In the fall of 2016, the Security Capsule software and hardware complex successfully passed certification tests in the certification system. FSTEC Russia Certificate of Conformity No. 3649 dated November 9, 2016.

Release of updated version of PACAB SIEM Security Capsule

On September 28, 2016, ITB announced the release of the upgraded version of PACAB SIEM "Security Capsule."

The SIEM "Security Capsule" PACAB is designed to record information security events and performs the following functions:

• registration and accounting of information security (IS) events in information-computing systems and networks,
• delimiting user access to SIEM information resources,
• SIEM access control,
• Monitor the integrity of SIEM files
• correlation of information security events,
• response to information security events.

Based on the analysis of information obtained using SIEM "Security Capsule," the Security Administrator takes measures to ensure the security of objects of information and computing systems and networks.

Registration of information security events is implemented by maintaining logs of information security events:

• User access to the application and shutdown
• allowed/unresolved actions of users to access information resources;
• Messages received from network devices
• operator actions on client workstations such as: establishing access to the workstation using the eToken USB key;
• accessing external USB devices, accessing files on external devices.

The composition of the program modules (connectors) is variable by agreement with the customer.

List of developed connectors that accumulate data on information security events:

• Data from network devices that use the syslog protocol (for example, Cisco hardware, S-Terra hardware, CheckPoint)
• Data in DBMS logs, such as Oracle
• data in the system log of operating systems of the Windows, Linux families;
• data when using removable media such as eToken, USB, LPT, COM. IEEE 1394, ZlocK, Device Lock;
• Data from MPS from LSD, for example: Block Host, Dallas Lock;
• data from antivirus tools, for example: Doctor WEB, NOD32, Kaspersky Anti-Virus;
• Data from Active Direction
• Windows registry data;
• data from IDM systems (Identity Management), for example: Outpost;
• data from DLP systems (Data Leak Prevention), for example: Falcongaze.

SIEM "Security Capsule" is focused on compliance with domestic technical regulations and standards in the field of information security.

The system is focused on using:

• security administrators;
• administrators of IE, DBMS, LAN, LDS;
• heads of security services;
• heads of companies, enterprises (organizations);
• developers of confidential information protection systems.

Use

To use the SIEM system, the following conditions must be met: SIEM "Security Capsule" operates under the OS\ Microsoft Windows XP\7\8,10, Windows Sever 2010\2012 OC. Linux The Microsoft.NET Framework 4.0 runtime environment is required for the program to work. The program runs in a client/server architecture. Server part - DBMS. My SQL Database Server 5.5.2 or MS SQL is used as a DBMS.

Architecture

PACAB "Security Capsule" operates on the basis of client-server technology for distributed heterogeneous IS, LDS, LAN and confidential information protection system.

As part of the Security Capsule PACAB, the modules are:

• server part module;
• Monitoring and administration module
• central module;
• Client modules
• connectors;
• reporting module.

The server component has a hierarchical structure. Thus, event monitoring can be carried out locally in geographically remote departments, branches, subsidiaries and dependent organizations. Initial processing of information security events is carried out on local servers, either the full composition of information security events or the generated list of critical events and analysis results are transmitted to the central server.

In order to reduce the load on the data network, the initial processing of events is carried out on the Security Capsule servers installed in the LAN. Depending on the degree of importance and criticality, information about information security events is transmitted to higher-level servers. In order to reduce traffic, information to higher-level servers is transmitted on a schedule, usually during the lowest load on the LDS. Critical events are transmitted in real time.

An important module of the system is the module for processing and displaying information about events, generating reports. System administrators have the ability to independently, in accordance with the requirements of the information security policy, determine the list of monitored events, choosing from the basic set the required. Determine criticality levels.

As part of the event analysis, they are divided into events of OS information security, network devices, IPS from NSD, DBMS, antivirus tools, and application systems. Each monitored event or event group is assigned a status at the system setup stage. Event collection can be continuous, discrete with reference to a single time system, in a time interval. Events from different event sources can be mapped according to different criteria. Events can be sorted, ranked, and filtered by different characteristics. The system administrator has the ability to manage event handling rules. Events related to User Account Control are handled separately, including creation, modification, deletion, control-based access control, such as AD. Also, events related to the installation and/or removal of system-wide and application software, security tools using the system registry control mechanism are subject to processing. Security Capsule implements the maintenance of "white" and "black" lists of software.

The system provides user groups with configurable access rights and functionality for administration.

The modular architecture provides easy maintenance and scaling of the SIEM "Security Capsule."

Using SIEM "Security Capsule" it is possible to identify:

• Network attacks in the internal and external perimeters.
• Minimum hardware environment requirements.
• Viral infections, backdoors and Trojans.
• Attempts at unauthorized access to information.
• and Frod fraud.
• Errors in the operation of information systems.
• Vulnerabilities.
• Configuration errors in security and information systems.

Events captured by SIEM "Security Capsule":

• related to user attempts to establish access.
• messages from network devices.
• caused by user actions on workstations.
• obtained from removable media control means.
• applied information systems.
• related to AD.
• control of operating and software environments.
• DBMS.
• OS of the Windows family, Linux.
• received from MPS from NSD.

Hardware Requirements

• processor Intel X86 or compatible with a frequency of 1 GHz or higher;
• at least 256 MB of RAM;
• to install the Product, at least 200 MB of free space is required on the permanent storage medium of the machine memory used by the computer;
• manual manipulator of "mouse" type;
• a removable storage device (CD and DVD drive);
• SVGA video card;
• Ethernet adapter with 8P8C connector type for twisted pair;
• a computer keyboard;
• monitor with a diagonal of at least 15 inches and a resolution mode of at least 800x600 dpi.

PAKAB "Security Capsule" is certified by the FSTEC of Russia to protect confidential information, including ISDS. Certificate of FSTEC of Russia No. 2705 dated September 7, 2012.