| Developers: | GC Intelligent Security (Security Vision Brand) |
| Date of the premiere of the system: | 2023/10/10 |
| Technology: | Information Security - Information Leakage Prevention, Information Security Management (SIEM) |
Content |
The main articles are:
- Security Information and Event Management (SIEM)
- SOAR Security Orchestration Automation and Response
2024
Availability of FSTEC NOS expertise
Security Vision on November 6, 2024 announced the release of updated SOAR and NG SOAR products. Now, in incidents and correlation rules, you can operate not only with Mitre Attack tactics and techniques, but also with threats and methods of implementation from the FSTEC NOS. The corresponding implementation methods have already been configured for boxed correlation rules. Read more here.
Compatibility with NGFW "Continent 4"
Multifunctional firewall (NGFW) "from the Continent 4 company" "and Security Code the products, Security Vision Threat Intelligence Platform (TIP) User and Entity Behavior Analysis (UEBA) Security Orchestra, Automation and Response (SOAR) and Next Generation SOAR (NG SOAR) passed comprehensive testing, as a result of which their compatibility was confirmed. The company Security Vision announced this on March 21, 2024. More. here
2023: Security Vision Next Generation SOAR Presentation
Security Vision on October 10, 2023 launched the next generation cyber threat response product, Next Generation SOAR.
Security Vision Next Generation SOAR (NG SOAR) is a composite of technologies and functions focused on automatic detection and solving cyber incidents "on the fly" in accordance with the full cycle of incident processing phases (NIST).
Security Vision NG SOAR functions in different incident processing phases (NIST) solve the tasks of systems such as AM, VM, SIEM, IRP, LM, SGRC, SOAR, TIP, UEBA, etc., directly necessary for a focused response to full-cycle information security threats.
Security Vision NG SOAR implements cybersecurity incident detection mechanisms and investigation and response methods based on dynamic playbook and machine learning technology . All stages of incident processing are maximally automated and created within the framework of a modern object-oriented approach.
The main idea of the concept of dynamic playbooks is to automatically adapt response plans to a specific situation of the incident that has worked: the system automatically analyzes the event, its attributes, attack technique, objects involved, and based on this information automatically builds the desired playbook using the atomic response scenarios included in the product. Through a retrospective analysis of the vicinity of the incident, Security Vision NG SOAR determines the chain of attack and builds a response based on the received objects.
This approach does not require complex preliminary development and configuration of many playbooks, assessment and pre-calculation of the attacker's routes, reachability of the infrastructure, calculation of attack options, construction of attack maps and network infrastructure. The system assembles a suitable incident handling plan each time.
Security Vision NG SOAR can independently carry out triage (primary categorization) of notifications received from MPS, prioritize incidents, select a suitable response scenario and promptly take countermeasures to localize the incident to prevent its spread and cause significant damage to the company. It is advisable to interact with the MPS to perform active response actions (sending control signals) through API integrations, while for MPS that do not support APIs, it remains possible to connect to them via SSH, RPC, MSSQL, etc.
Security Vision NG SOAR uses machine learning methods and statistical analysis of incident properties to identify anomalies and possible previously unnoticed cyber incidents in the infrastructure (UEBA - User and Entity Behavior Analytics mechanism), as well as to predict the next steps of attackers and develop the incident to select optimal countermeasures. The functionality of cyber threat analytics (Threat Intelligence Platform) and the mechanisms for enriching incident data from external and internal (including Data Lake) sources available in NG SOAR allow you to contextualize incident information, providing information security analytics with a complete picture of the danger and scale of the incident, affected entities and infrastructure elements, as well as the relationship of incidents, artifacts, and indicators of compromise with each other.
Security Vision NG SOAR also has the functionality to solve one of the most important tasks for many Russian companies - the formation and sending of reports on cyber incidents to NCCCA (through the State system of detection, prevention and elimination of consequences of computer attacks system), FinCERT (through the ACOI interface), Roskomnadzor and industry CERT. To automate this interaction, Security Vision NG SOAR offers built-in functionality for sending notifications and exchanging data with these structures, as well as for creating internal reporting and visualizing the state of the company's cyber security in order to ensure situational awareness of managers.
NG SOAR is based on a single Security Vision platform. Customers have access to all the advantages of the platform, including customization capabilities.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |