VolgaBlob Smart Monitor

2022: Compatibility with Security Vision Automated Information Security Platform

The Russian developers of software solutions in the field of comprehensive monitoring information security VolgaBlob Security Vision and confirmed the compatibility of their products - the Smart Monitor platform Security Vision Automated Information Security Platform and in the course of comprehensive. This was testings announced by Security Vision on December 26, 2022.

Illustration: leader-id.ru

Smart Monitor monitors security events to identify incidents, and Security Vision automates the process of investigating and responding to identified incidents. Products are most in demand in  the Security Operation Center (SOC), which handles a large number of incidents per unit time.

Smart Monitor and Security Vision complement each other in terms of data exchange during bilateral interaction:

• information on IT assets;
• incidents and correlation rule actuations;
• information obtained during incident enrichment;
• incident status and investigation progress.

The integration of Smart Monitor and Security Vision is implemented in two ways:

• in automatic mode: when an incident is detected, Smart Monitor transmits  the relevant information to Security Vision via REST API;
• in manual mode: the operator in the Smart Monitor Incident Manager module, when transferring an incident to a certain state, has the ability to send incident data to Security Vision.

The integration of Smart Monitor and Security Vision allows you to implement extensive functionality for orchestrating information security incidents. The joint application of these products allows you to take SOC platforms to another technological level.  commented Ivan Silkin, CTO  of Smart Monitor Development.

Cyber resilience is an important principle of the company. You need to be prepared for the fact that sooner or later a cybersecurity incident will occur, and it is important to detect it in a timely manner and take the necessary actions. The set of Smart Monitor and Security Vision solutions will make it possible to solve the tasks of operational monitoring to identify violations and build an automated response process,  noted Roman Ovchinnikov, head of the Security Vision execution department.

Smart Monitor is a universal platform for collecting and analyzing machine data, which allows you to solve practical problems in the field of information security, monitoring the IT infrastructure and analyzing business processes. It provides centralized collection, storage and processing of events from all types of data sources: servers, network equipment, IoT, information protection tools, application information systems, virtualization and containerization tools.

Security Vision is a platform for automating information security processes, monitoring and responding to cybersecurity incidents, which for the first time allows you to robotically perform the software and hardware functions of an operator with an automation share of up to 95% due to:

• creating elements of self-regulating software using mathematical methods to free a person from participation in routine operations and processes of obtaining, converting, transmitting and using information;
• using machine learning algorithms and methods;
• using predictive analytic large data algorithms and cognitive information retrieval.

2019: Release of a new version based on open source software

In November 2019, the Russian developer VolgaBlob presented a new version of his Smart Monitor solution - a set of applications for analysis and business processes IT infrastructures events. information security Previously, it was based on the platform Splunk of the American developer of the same name, which in February 2019 announced its departure from with Russia reference to the revision of the investment strategy and stopped selling in this market. To replace Splunk as the new platform for Smart Monitor in VolgaBlob, which was a key partner of Splunk in Russia, they chose ON with Stack. open source Elastic

In February 2019, Splunk left the Russian market. There was a significant demand for services to support and develop projects based on its platform from customers with valid licenses. At the same time, former Splunk clients, as well as companies that are implementing solutions of this class for the first time, faced the task of switching to an alternative platform for analyzing machine data, - explained the prerequisites for creating a new solution, VolgaBlob CEO Alexander Skakunov.

VolgaBlob replaced Splunk with open source software in its solution "(photo - TAdviser)"

The new version of Smart Monitor is based on Elastic Stack using VolgaBlob development modules tied to the main platform with different functionality for solving different problems. In total, 18 modular applications are available for analyzing machine data aimed at large and medium-sized businesses.

Slide from the presentation of Alexander Skakunov

The main Smart Monitor Core module builds tree indicators based on the resource and service model and allows you SLAKPI to calculate/indicators related to information IT infrastructure security (IS) and business. The Alert Wizard, which is part of the main module, sends notifications to users when abnormal situations occur.

Other modules allow you to manage incidents, assess risks, profile employee actions, automatically build a corporate network map and collect events from network nodes, including physical and virtual VMware servers, accumulate and process logs from virtualization and containerization environments, manage information protection tools, and monitor events from application information systems.

To implement the necessary functionality in Smart Monitor, which was in the previous version of the Splunk solution, a significant revision of Elastic Stack was required. In its original form, they say in VolgaBlob, it is inferior to Splunk in a number of parameters. But in terms of the amount of data that these platforms can work with, they are comparable, said Ivan Silkin, architect of the VolgaBlob development department, in a conversation with TAdviser.

A comparative assessment of the basic capabilities of platforms conducted in VolgaBlob. Slide from the presentation of Alexander Skakunov

Alexander Skakunov clarified to TAdviser that the Smart Monitor version on Splunk in Russia has several dozen clients, about 30-40, and the total number of installations of the Splunk platform is even higher, not everyone just needed additional functionality. Among the largest users of Smart Monitor are the Central Bank of the Russian Federation, SUEK, Yota, etc.

The previous version of Smart Monitor was aimed mainly at large corporate clients. And the new modular structure of the solution, which allows customers to more flexibly choose the set of functions they need, will also cover smaller organizations, explained Skakunov. Due to this, the company expects to increase the installation base of the solution by 2-3 times.

The growth of the customer base in VolgaBlob is also expected due to a change in the price model. So, Splunk had two types of licenses - either an indefinite license or an annual subscription, and the cost is tied to the amount of data that the client passes through it. And VolgaBlob does not use price-to-data mapping in its new open source solution.

At the same time, Splunk has abandoned permanent licenses around the world since November, betting on subscriptions, and VolgaBlob, on the contrary, is focused more on permanent module licenses, the company's CEO added in a conversation with TAdviser.

Smart Monitor developers will not charge for the Elastic Stack platform itself, because this does not imply an open source license under which the open version of Elastic Stack is distributed. The price of the final solution will depend on the set of modules that the customer needs along with the platform.

The company has not yet decided on the exact prices in the company as of November. According to Skakunov, they are at the approval stage.

The Splunk kernel is written primarily in C/C + + and Python, while Elasticsearch is written in Java. Ivan Silkin explained to TAdviser that Splunk has frameworks that allow it to expand its functionality with minimal interference with platform code. In order for Smart Monitor modules to approach Elastic Stack, you need to do a lot of work to rewrite them.

Several Smart Monitor customers are already piloting a new version of the open source solution. The feedback that developers receive is used to further refine the product.

We also continue to accompany Splunk with many customers, and it acts as a food for our minds for us: what else can be implemented in Elastic Stack both from the point of view of the platform and from the point of view of modules, "Alexander Skakunov emphasized in a conversation with TAdviser.

At the time of the announcement of the new version of Smart Monitor, the solution is already available for pre-order, but the main platform is still being finalized and Smart Monitor modules are being ported to it. First of all, the most popular functions are transferred to the new platform.

In the 2nd quarter of 2020, the developers plan to add Smart Monitor to the register of domestic software, and later also certify it to the FSTEC.