Step Security Data Lake

Main article: Security Information and Event Management (SIEM)

2024: Adding generative AI

STEP LOGIC specialists have expanded the functionality of the TDIR Security Data Lake class technology platform. To help conduct investigations, search for incidents and information security events, a generative artificial intelligence based on a locally deployable language model, the GPT assistant, was built into the solution. The developer announced this on March 29, 2024.

The Security Data Lake software product is a proprietary development of STEP LOGIC for Cyber Security Centers (SOCs) with a common user interface, data, and processes, combining event monitoring and incident detection (SIEM), response and investigation (IRP), and automation and orchestration of these processes (SOARs ).

The GPT Assistant is an optional software module that can integrate with both the local and public platform models.

In a special window, the SOC analyst asks the bot-analyst questions about events related to data from the information security incident under investigation, and receives its interpretation of the response to the resulting request.

For March 2024, the neuro-assistant can process several types of requests related to data search in the system. He displays lists of summary data, counts quantitative values, determines the validity time, and can also answer questions about the functioning of the platform in free form.

We have provided an opportunity for analysts and heads of cybersecurity centers to use a generative model AI when investigating incidents. With the help of a neuro-assistant, you can quickly determine when the user who took part in the incident last logged in to the system, what events happened to him in the last 24 hours, the number of incidents in the investigation with the specified parameters, etc., - said Stanislav Prischep, head of information security management systems at STEP LOGIC. - At the same time, data breach excluded. The AI model is static, it is already trained and only searches the data without transmitting them to the outside.

2023: Inclusion in the register of Russian software

According to the instructions of the Ministry of Digital Development, Communications and Mass Media of Russia, the Security Data Lake technological platform for automating data analysis and incident investigation is included in the Register of Russian software (registry entry No. 20657 of 25.12.2023) under the class "02.08 Monitoring and Control Tools." Step Logic (Step Logic) announced this on January 23, 2024.

The Security Data Lake software product is a proprietary development of STEP LOGIC for centers cyber security (), SOC combining the functions of monitoring events and detecting incidents (), SIEM responding and investigating (IRP), as well as automating and orchestrating these processes (). SOAR

The Security Data Lake interface not only provides cybersecurity analytics with the most complete incident context, but also has customizable response automation tools.

A feature of the platform is the use of a single search query language and visualization designer, general correlation and automation rules for analyzing events, incidents, investigations and assets. As practice shows, this approach reduces incident response time and reduces operating costs by 2 times compared to solutions based on a complex of integrated SIEM, IRP and SOAR systems.

The platform is designed to build insider or publicly managed cybersecurity services. It implements the possibilities of creating separate workspaces, dividing access to data between security objects, there is a large range of analytical tools.

Unlike boxed solutions, the content and configuration of Security Data Lake are adapted to implement the Infrastructure-as-Code (IaC) and Configuration-as-Code (CaC) approach. The solution includes tools for automating administration and development. This allows you to control the changes made to the system, reduce the complexity of connecting new sources and creating your own monitoring scenarios.

The first industrial implementation of Security Data Lake was carried out in 2021. As of January 2024, our development has already found application in several cybersecurity centers, both public and corporate. The scale of installations reaches 25,000 events per second, with more than 50,000 EPS confirmed in the test environment, "said Stanislav Prischep, head of information security management systems at STEP LOGIC. - For our part, we provide a full cycle of product implementation and technical support, systematically update monitoring scenarios and implement integrations to connect new sources. In addition, as part of the implementation of the platform, our specialists provide consulting support in organizing SOC workflows.