Developers: | R-Vision |
Date of the premiere of the system: | 2023/09/29 |
Last Release Date: | 2024/08/21 |
Technology: | Information Security - Fraud Detection System (Fraud), Information Security Information and Event Management (SIEM) |
Content |
The main articles are:
R-Vision VM is a technology that allows you to identify vulnerabilities information security in the infrastructure of an organization, aggregate the obtained information in a single database, as well as prioritize the discovered vulnerabilities and monitor the process of their elimination.
2024
Certification of FSTEC of Russia according to the 4th level of trust
The R-Vision VM vulnerability management process automation system has passed all the necessary certification tests in the certification system of the Federal Service for Technical and Export Control (FSTEC of Russia). R-Vision (R-Vision) announced this on October 3, 2024.
The FSTEC Certificate Russia No. 4782, re-issued on September 27, 2024, confirms that the R-Vision VM product (R-Vision Control Center information security) is a means of identifying and analyzing vulnerabilities in automated systems and meets the security requirements information established in the document "Information Security Requirements Establishing Levels of Trust in Technical information protection and Security Tools" (information technology FSTEC of Russia, 2020) - according to the 4th level of trust. The certificate is valid until March 5, 2029.
The certificate of the FSTEC of Russia confirms that R-Vision VM meets high safety standards and can be used in significant facilities critical information infrastructure (IO) CUES of the 1st category, in state information systems (GIS) of the 1st security class automated production and process control systems , in the 1st security class, in information systems (personal data ISDS) if it is necessary to ensure the 1st level of personal data security, in public information systems of the 2nd class.
R-Vision VM is also included in the Unified Register of Domestic Software of the Ministry of Digital Development of the Russian Federation. Registry entry No. 21948.
Hacker exploitation of vulnerabilities in software is one of the acute problems of information security. Therefore, the choice of a tool that will strengthen the protection of information systems from such attacks is of particular importance. Modern vulnerability management requires a holistic understanding of all the assets of the organization and their relationships, accumulated knowledge of vulnerabilities, taking into account the degree of their possible exploitation relative to the existing IT infrastructure and security system. These principles are implemented in the R-Vision VM product, which allows you to build a full-fledged vulnerability management process in the organization throughout the life cycle: inventory, identification, prioritization, elimination and control. The R-Vision VM solution uses its own vulnerability database maintained by the R-Vision Expertise Center. The team of analysts regularly updates and enriches the database from a large number of sources, including the NOS FSTEC of Russia. R-Vision VM also allows you to work with vulnerability data obtained from various systems and protections. said Kamil Baimashkin, deputy executive director of R-Vision.
|
In addition to R-Vision VM, additional certification tests were passed in the certification system of the Federal Service for Technical and Export Control (FSTEC of Russia) in level 4 of trust and the remaining components of the R-Vision Information Security Control Center software complex.
Vision VM 5.4 with Black Box Scanning
R-Vision on August 21, 2024 announced the release of an updated version of the R-Vision VM 5.4 vulnerability management product. It introduced the black box scanning function and integration with the Threat Data Bank (DDR) of the FSTEC of Russia. In addition, the developer has implemented a function to search for vulnerabilities in third-party software and monitor vulnerabilities that are actively exploited by attackers.
The black box scanning feature allows you to detect vulnerabilities on assets without the need for authorization on the device. This functionality simulates the actions of an external attacker and is used to check the reliability of open services of the device, for example, external services on the perimeter of the network. It is also now possible to test the effectiveness of password protection of various components of the IT infrastructure using the Bruteforce method. This method involves enumerating all possible passwords using user or system dictionaries for different network services, such as SSH, RDP, Telnet, SMB, FTP and others.
This version of R-Vision VM 5.4 introduces a third-party scan feature. ON This made it possible to significantly expand the base for detecting vulnerabilities that could pose a serious threat to business. Now R-Vision VM can scan more than 50 types of foreign and, Russian software including programs such as,,, Adobe Acrobat Google Chrome Mozilla Firefox WinRAR, products Microsoft and others. This gives enterprise users a higher level of protection.
To launch this function, we have selected a list of the most popular programs, which we will continue to expand and supplement, including domestic products from the register of Russian software, - said Andrey Selivanov, product manager of R-Vision VM. |
Also in version R-Vision VM 5.4, the developers have introduced additional sources for their own vulnerability database, which is constantly updated by the team of the Center for Expertise. One of the main changes is integration with the NOS FSTEC of Russia. Thanks to it, you can get more detailed information about each vulnerability, including recommendations for fixing and sources of updates. In addition, the new version of the product provides additional information from the regulator about checking security updates for undeclared features.
The R-Vision team is conducting research on vulnerabilities that are actively exploited by attackers. To do this, the Center for Expertise uses its own methodology for tracking and analyzing vulnerabilities. Understanding what vulnerabilities are used to attack helps prevent threats more effectively. This helps to avoid serious incidents and minimize negative consequences for the business. The R-Vision VM 5.4 update introduced an additional field with information about actively exploited vulnerabilities.
Development of R-Vision VM is proceeding at a faster pace. The product has already aroused significant interest in the market, as evidenced by the large number of pilots conducted, - said Andrey Selivanov, product manager of R-Vision VM. - By the end of 2024, we plan to add several more important features that will significantly expand the capabilities of our product. |
Inclusion in the Financial Industry IT Solutions Repository
On May 14, 2024, R-Vision announced that R-Vision VM technology for the vulnerability management automation system was included in the registry of IT solutions of the FinTech Association Repository on April 25, 2024 (register number - AFT0270).
R-Vision already has practical experience of cooperation with financial organizations members of the FinTech Association, so the inclusion of another solution in the FinTech Association Repository (the fifth since the beginning of 2024) was an important step to expand the opportunities for implementing projects in the financial industry, - said Kamil Baimashkin, Deputy Executive Director of R-Vision. - R-Vision VM allows you to automate the process of managing vulnerabilities in your organization. The presence of a built-in scanner and its own vulnerability base and the ability to import vulnerabilities from external sources helps both identify vulnerabilities in the IT infrastructure and comprehensively approach the task of eliminating them taking into account different contexts. |
An integral part of the work of any banking institution is to ensure the security of data storage. Government regulators set standards for information protection, business continuity and risk management to be followed by financial institutions. Therefore, banks pay special attention to the introduction of technologies that ensure the safety of confidential customer data, improve the processes of responding to identified vulnerabilities and prevent possible cyber attacks. Also, banks need to freely integrate domestic products into their protection circuit in order to import substitution of foreign products.
R-Vision VM provides the opportunity to fully replace the following foreign solutions within the framework of the import substitution program:
- Tenable Nessus;
- Tenable Vulnerability Management;
- Qualys;
- Rapid7 InsightVM.
{{quote 'R-Vision VM technology helps detect vulnerabilities in the organization's infrastructure, prioritize them to fix and control the process of eliminating vulnerabilities, "said Andrey Selivanov, R-Vision VM Product Manager. - The built-in scanner and the ability to import vulnerabilities from external sources allow you to create and maintain an up-to-date database of vulnerabilities. A customizable vulnerability rating helps you flexibly organize the order of elimination using attributes of vulnerabilities, network nodes and asset groups. The Task and Incident Manager, integrated with Service Desk solutions, automates the process of eliminating vulnerabilities, and the modern R-Vision VM interface makes it easier to find information, study statistics and prepare deployed reports. }}
2023: R-Vision VM Solution Presentation
On September 28, 20232, R-Vision introduced two technologies - R-Vision SIEM and R-Vision VM, the creation of which was another step towards the development of its own ecosystem for the evolution of SOC R-Vision EVO. Read more here.