Angara SOC (ранее Angara Cyber Resilience Center, ACRC)

2022

Angara SOC is a commercial SOC (Security Operations Center), a cyber resilience center. Formerly known as ACRC. Provides incident monitoring and response services, brand protection, incident investigation, etc. (February 2022 data)

2024: Launch of predictive analytics platform to attribute cyber threats by industry affiliation of companies

Experts from the Angara SOC Cyber ​ ​ Resistance Center, based on the MITRE ATT&CK international classification, the FSTEC security threat database and their own information security incident investigation and response practice, have developed a platform for automatically determining the statistically most likely tactics, techniques and procedures of hacker groups when carrying out attacks on companies, taking into account their industry affiliation and existing digital assets. Angara Security announced this on May 21, 2024.

The developed predictive analytics platform determines the most likely tactics, techniques and procedures of hacker groups based on the profile of the organization (OKVED codes). The data obtained may be in demand for developing an information security strategy and investment plans for infrastructure development, improving the information security system, for adapting and prioritizing the rules for detecting cyber attacks, and developing audit standards.

The platform uses practical knowledge about attackers and their activities to reduce damage by making informed decisions in the field of information security.

{{quote 'Time is the most valuable resource in investigating information security incidents. Automatic attribution of threats allows you to quickly form preventive tactics and measures to protect the IT infrastructure, form an investment plan for the development of information security infrastructure, and in the event of an incident, put forward the most likely hypotheses for conducting a cyber attack and reduce the response time and eliminate its consequences. Thus, specialists from corporate and external SOC centers can be one step ahead of hacker groups, "said Nikita Leokumovich, head of Angara SOC's digital forensics and cyber intelligence department. }}

So, at the end of 2023, the number of politically motivated cyber attacks increased by 120% compared to 2022. At the same time, the number of hacktivist groups that attack critical infrastructure is also growing. This trend continues in 2024.

2023: BI.Zone Sensors implementation

Angara Security has implemented an EDR class solution from BI.Zone in its SOC, which announced this on June 5, 2023.

BI.Zone Sensors will help Angara Security strengthen its expertise in protecting endpoints from complex threats, increase detection capabilities, speed up decision-making when analyzing suspected incidents, and ultimately provide customers with a better service for monitoring and responding to cyber incidents.

Previously, we analyzed the incident, being in some logical limitation, and could only be based on those events that are recorded by standard audit systems or other components of our own design. The EDR class solution from BI.ZONE allows us not only to go beyond this logical limitation, but also to manage all events, enrichment, telemetry, etc., that we use in our work. said Timur Zinnyatullin, director of Angara SOC.

BI.ZONE Sensors was originally developed as an internal EDR solution for use as part of the BI. ZONE TDR (threat detection and response) service, which is a synergy between classic SOC and MDR. Thus, the capabilities of BI.ZONE Sensors allow you to meet the needs of large inhouse-SOC, MSSP providers and other teams with a high level of expertise, which have more requirements for functional flexibility, the composition of collected telemetry, and the ability to detect and respond to threats.

At the end of 2022, BI.ZONE decided to bring the product to the mass market. Angara Security became the first MSSP partner of BI.ZONE to adopt BI.ZONE Sensors. The provider chose BI.ZONE Sensors because the system meets a number of requirements. Among them are flexible integration capabilities (product development according to the API-First principle), support for all types of operating systems (Windows, Linux, macOS), the presence of self-protection built into the agent, active response capabilities (including mandatory Live Shell), the ability to collect and process all registered telemetry agents and others. In addition, Angara Security seeks to use only domestic software.

BI.ZONE Sensors extends the effectiveness of existing Angara SOC options, for example, speeds up decision-making when analyzing LDAP requests. BI.ZONE also gives Angara Security additional capabilities, for example, to identify PPID-spoofing and command line spoofing.

Our company, like Angara Security, provides SOC/MDR services to many customers. We initially created BI.ZONE Sensors under the appropriate operating conditions, so during the development we took into account all the features and requirements of service providers. We are pleased that our partner has similar views on what the perfect EDR solution should look like for a mature SOC. Angara Security is a competent and advanced partner to help us improve and develop BI.ZONE Sensors by shaping the right requirements. In the future, we plan to expand cooperation, both increasing the installation base and adding new modules to its area. For example, the Deception module, which allows you to automate the creation and management of domain, as well as host traps to identify attackers, noted Teymur Heirhabarov, Director of the Cyberthreat Monitoring, Response and Research Department of BI.ZONE.

2021: Security Vision Incident Response Platform (IRP/SOAR) Integration into ACRC

On September 8, 2021, Angara announced that it was expanding the capabilities of its own commercial SOC - the ACRC Cyber ​ ​ Resilience Center - and improving its information security incident analysis and response processes by implementing the Security Vision Incident Response Platform (IRP/SOAR) solution. With the Security Vision platform, ACRC analysts can accelerate the initial enrichment of incident data and automate the application of response scenarios.

The ACRC Cyber ​ ​ Resistance Center is a commercial SOC of the Angara group of companies, on the basis of which various information security services are provided: from classic monitoring and incident response to narrowly targeted MSS and SecaaS services. ACRC clients are the largest companies in Russia and medium-sized businesses. An important task of the Angara group of companies is to improve the efficiency of the SOC services provided, so its arsenal is regularly strengthened by developments.

To expand the functionality of the ACRC Cyber ​ ​ Resistance Center with the capabilities of IRP/SOAR class solutions, the Angara group of companies has chosen the corresponding Security Vision system, one of the representatives of the Russian market for the production of solutions for monitoring centers.

Security Vision IRP/SOAR provides important processing and warning assistance computer attacks in near-real-time mode, reducing the risk of intruders spreading inside. IT infrastructures The system automates both the stages of investigating incidents and enriching suspicions of them (routine tasks of analysts) and the stages of responding to already confirmed information security events. The implementation of the system will provide SOC analysts with extended information about information incidents, information about the history of processing and data requests for similar information security events, an interface for asset management and inventory, the ability to retrospectively search for threats on a large historical sample of data, etc. In addition, system integration it will allow monitoring compliance with industry standards (for example: ISO 27001,,, SWIFT 683-P PCI DSS, 684-P, 672-P, 382-P, GOST R, etc.).

Security Vision IRP/SOAR is a specialized solution for internal and external SOC tasks, with the help of which we will raise the level of maturity and accelerate a number of key operations of the ACRC Cyber ​ ​ Resistance Center. Angara SOC is an information security monitoring center operating on an in-house SIEM platform. Continuing the course towards the use of domestic products, we have chosen the solution of a bright representative of the SOC market - Security Vision, - said Timur Zinnyatullin, director of the ACRC Cyber ​ ​ Resistance Center.

Upon completion of the information security incident response automation process, we will offer customers an additional portfolio of related services: vulnerability management, cybersecurity risk management, compliance management, and others. Access to services will be provided using the SaaS model, - added Timur Zinnyatullin.

Colleagues from the Angara group of companies did a lot of work - they analyzed the functionality and compared the solutions of the IRP/SOAR class on the market. We are glad that they appreciated the qualities of Security Vision IRP/SOAR and made a choice in its favor, - said Natalya Vorobyova, head of the department for working with partners and business development at Security Vision. - Security VisionIRP/SOAR is a mature, technologically powerful solution for automating key SOC processes. The system reduces response time to information security incidents and frees personnel from routine tasks, which ultimately reduces the costs of the organization. We see great potential in the development of partnerships with commercial SOCs and are confident that cooperation with the Angara group of companies will allow us to further offer our customers an integrated approach to solving the problems of monitoring and responding to information security incidents.

2019: As part of Kaspersky and Angara's joint services to protect against targeted attacks

On October 8, 2019, Kaspersky Lab announced that it was starting to work on the MSSP model in Russia. The first partner of the company was the Angara Professional Assistance service provider. Read more here.

2018: Angara Cyber Resilience Center (ACRC) релиз 2.6

The Angara Cyber ​ ​ Resilience Center (ACRC) notifies you of the start of the provision of information security monitoring center services with the ability to store security event logs from on-premium clients based on release 2.6.

The storage of event logs among clients is in demand among financial institutions, state-owned enterprises and industrial corporations, whose management will now make it fundamentally easier to decide to increase the effectiveness of the information security monitoring function by attracting a service partner.

In addition to local data storage release, ACRC platform 2.6 contains a significant expansion of monitoring services functionality, including basic capabilities:

• CMDB (Configuration Management Database),
• TIP (Threat Intelligence Platform),

• и UEBA (User & Entity Behavioral Analytics).

"Storing data on the client side allows our customers to deploy SOC on their own computing power, and expanding the functionality of the ACRC platform with a new release allows us to make the configuration settings for information security monitoring more flexible and improves the quality of visualization of information security incident analytics," comments Angara Professional Assistance CEO Alexander Bodrik.

Angara Cyber ​ ​ Resilience Center (ACRC) is Angara's cyber resilience center, which provides 24x7x365 security monitoring services with the ability to fully remotely connect the service in a few hours. ACRC provides a complete cycle of customer information security risk management - from threat protection auditing to identifying real attacks on customer infrastructure and supporting incident investigation.

Angara Professional Assistance is a high-tech service provider for a wide range of replicated cybersecurity services (MSSPs). The company focuses on: services based on the Security as a service model, outsourcing information security, services for maintaining and maintaining the operability of customer IT and information security systems, improving the efficiency of their work and ensuring the continuity of functions performed.

2017: Service Launch

Angara on November 22, 2017 announced the launch of information security monitoring services based on the ACRC Cyber ​ ​ Resilience Center. As a result, the company's customers have access to security monitoring services in 24x7x365 mode with the ability to fully remotely connect the service in a few hours.

According to the company's expectations, the center will be in demand by customers who are focused on reliable information security solutions with the optimal cost of ownership. The flexible ACRC architecture opens up the possibility of using professional remote security monitoring services for companies of any scale, from small to large.

The technology stack of the ACRC center includes a set of more than 20 technology services based on COTS and FOSS technologies.

According to Alexander Bodrik, Deputy General Director for Business Development of Angara Professional Assistance, ACRC provides a full cycle of managing customer information security risks - from auditing security against threats to identifying real attacks on client infrastructure. High deployment speed and reasonable cost of ownership allow medium and large businesses to quickly establish control over their infrastructure and ensure information security monitoring.

The company plans to increase investment in this area and expand the range of services, shifting the focus from monitoring to proactive protection and providing solutions for the service model.

The ACRC services enable our customers to focus on key areas of their business, putting the monitoring and protection of IT infrastructure under our responsible management. The group of companies today is ready to offer a full range of information security services, guaranteeing our customers security at business speed, "said Dmitry Pudov, Technical Director of Angara Technologies Group.