| Developers: | Solar |
| Date of the premiere of the system: | 24.10.2025 |
| Last Release Date: | 2025/12/24 |
| Branches: | Information security |
| Technology: | Information Security Management (SIEM) |
Content |
2025
Solar SIEM — 2025.2
An updated version of Solar SIEM is presented - 2025.2. Solar announced this on December 24, 2025.
In this release, the company expanded the capabilities of the AI assistant, implemented intelligent data filtering during the log collection phase, and automated analytics. As a result, customers using Solar SIEM can reduce the burden on SOC analysts and total cost of ownership (TCO) by 40% by combining SIEM and SOAR technologies into one product.
According to the analytical center "Solar," the market in the segment of analysis and detection of incidents will grow by 2027 to 14.1 billion rubles. The development of demand in this segment is primarily provided by organizations that most often face cyber threats. So, in the first half of 2025, 36% of all incident investigations accounted for the public sector, 20% for industry, 12% each for the IT industry, healthcare and power, and 8% for retail. At the same time, the share of attacks year-on-year on state organizations increased by 5%, and on industrial enterprises - by 11%. Along with this, the business and the public sector also form a request for automation of work in SOC in order to reduce the burden on analysts and reduce the severity of personnel shortages.
Therefore, when developing its own SIEM solution, Solar relies on high automation and expanding the capabilities of the AI assistant. In the updated version, the AI Assistant now processes additional information to extend the incident context. It is already capable of analyzing events at the 1-line analyst level: it takes on up to 90% of routine data collection and primary verification operations, forming a more accurate assessment and allowing information security specialists to focus on complex threats.
The second important change was the filtering function. It allows users to define criteria for collecting only relevant information, significantly reducing the flow of events entering the system. This approach optimizes the cost of the license, which depends on the amount of data processed (EPS), and reduces the requirements for hardware resources for storing logs.
{{quote 'According to a survey of 25 information security market partners who studied the functionality of Solar SIEM, the concept of two SIEM and SOAR technologies "in one box" meets the current market needs. We are already conducting more than 30 pilot product implementations in mining companies, IT companies, banking, telecom, and we are promptly integrating their feedback and incident response practice into solution capabilities, "said Alexander Nenakhov, product manager at Solar SIEM of Solar Group. }}
As part of Solar's development, SIEM added information an asset collection, startup files statistics and inventory that is used to enrich data when investigating incidents. This reduces the overall Time-to-Response.
The product also implements the "Quick Actions" function - quick actions to optimize frequently used analyst actions through additional contextual operations. This frees up analyst time and allows you to focus on strategic tasks.
Release 2025.2 is part of Solar's consistent strategy to create a unified platform for monitoring, handling and responding to incidents. This approach, combining the functionality of SIEM and SOAR, allows companies to close the entire life cycle of an incident in one window and save up to 40% on the implementation of two technologies. The plans for the beginning of 2026 include the introduction of multitenance support, an automatic content update mechanism from Solar JSOC experts and the further development of an AI agent to the senior level, capable of analyzing a large stream of information and closing routine tasks.
Commercial Release to Market
Solar at the end of October announced the entry into a new segment of the market for systems for monitoring, analyzing and managing security events in the corporate IT infrastructure (Security Information and Event Management - SIEM). The product called Solar SIEM[1]according to company representatives, also has the functionality of cybersecurity incident management (Security Orchestra, Automation and Response - SOAR) solutions. In this bundle, part of SIEM is responsible for monitoring and identifying complex targeted attacks on the IT infrastructure, and SOAR is responsible for automatic response using an AI agent specially designed for the solution of the neuropower.
SIEM is a technology used by employees of the Security Operations Center () SOC to collect events occurring in the IT infrastructure, analyze them and process data based on correlation rules. The information is collected in a consolidated report, according to which the officers of the information security service of the company can decide on an incident. At the same time, SOAR is an automated technology to respond quickly and efficiently to cyber attacks predefined scenarios - playbooks.
The Solar SIEM "boxed" solution is based on a microservice architecture, which is based on its own code - modules for correlation, event processing, automation, integrations and others. The team developed all the logic of the product from scratch, although open communities developments are used as basic components.
The core of the team that develops Solar SIEM is the company Hephaestus Technology"," whose stake in Solar acquired in early 2025. In the register of the domestic ON solution, Solar SIEM is designated under No. 21682 as the automation software of the Egida information security situation center[2]owned by Hefest Technologies. Solar also applied for certification. FSTEC Russia
At the same time, Aegis is named on the manufacturer's website as a solution that combines SIEM, SOAR, Threat Intelligence Platform (TIP), Endpoint Detection and Response (EDR), and even Vulnerability Management (VM).
As explained by TAdviser at Solar, the functional blocks previously announced on the Hephaestus Technologies website, such as UEBA, TIP, EDR and Vulnerability Management, were at the prototype level at the time of the merger and were not implemented in the product. The released version of Solar SIEM used a stable, industrial version of the solution with a focus on two key components: SIEM and SOAR. At the same time, further development will take place within the Solar brand, and it is not excluded that in the future the product name may be expanded when the functionality goes beyond SIEM/SOAR and becomes part of the company's ecosystem approach.
The source of current data for Solar SIEM is the Solar JSOC Cyber Attack Center and the Solar 4RAYS cyber threat investigation team. They accumulate knowledge about the techniques and tactics of cybercriminals aimed at Russian companies and government agencies, and protect Solar SIEM users from them. Solar notes that the technological base of the product at the time of launch is sufficient to solve such customer tasks as automation of monitoring and incident response processes, increasing the efficiency of analysts of the 1st and 2nd security lines and reducing investments in the implementation of the SIEM and SOAR bundle at the enterprise. And by using a microservice architecture, you can scale the solution to handle a large stream of information security events - up to 500 thousand messages per second (EPS).
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |