| Developers: | VolgaBlob |
| Last Release Date: | 2025/10/20 |
| Technology: | Big Data, Data Mining |
Content |
The main articles are:
2025
Ability to deploy Security Data Lake
The company VolgaBlob has expanded the application scenarios of its flagship Smart Monitor product, designed for umbrella IT monitoring, building/and SOCSIEM analysis. business processes Now the platform can be applied as Security Data Lake (data lake security). This opens up opportunities for in-depth retrospective analysis of data and identification of complex long-term ones. The attacks company announced this on October 20, 2025.
35% of cyber attacks in 2024 lasted more than a month. In the case of targeted attacks, their depth, as practice shows, can reach several years. Traditional SIEM solutions that focus primarily on online streaming analysis of events in a short period of time - an average of 7 days to a month - are not always effective in identifying and investigating such threats.
 | The architecture of most SIEMs is focused on correlation and event detection in real time or 'in stream'. This is effective for detecting cyber threats' on the fly ', but limits the ability to in-depth retrospective analysis and search for traces of an attacker. As a result, SIEM responds to an outbreak, but can miss a fire smoldering for months. Security Data Lake is a logical and necessary development of the security infrastructure that closes this "blind spot," explained Maxim Kiriyenko, head of the VolgaBlob technical presale. |  |
A lake of security data deployed on the Smart Monitor platform helps organize a scalable repository of huge streams of security-related information. It can receive data from any source - network logs, telemetry from agents, events from cloud services. Unlike SIEM, Security Data Lake for the most part does not require a rigid scheme for recordable data: information is stored "as is" and can be processed and structured already at the time of a request or analysis. This allows you to use the data whenever it is needed.
This approach allows you to work with as much source data as possible, which is stored for a long time - a year or more - for retrospective analysis without losing details and context. Moreover, in comparison with classic information security event management systems, the use of Security Data Lake based on Smart Monitor can reduce license costs and total cost of ownership by up to 50%.
The additional quality of such tools is that the functionality of Security Data Lake goes beyond security tasks. With the help of an analytical tool, other departments - for example, IT, manufacturing, HR - can see a complete picture of what is happening in the corporate infrastructure and make informed management decisions. Among the scenarios already implemented by VolgaBlob are balancing the load on employees and reducing the PHY for processing, monitoring the discipline of launching lines at production, as well as investigating thefts in warehouses through a retrospective analysis of metadata.
| | SIEM and Security Data Lake are not competing, but complementary technologies. In an ideal scenario, these systems operate in tandem: SIEM captures suspicious real-time activity for immediate response. And Security Data Lake allows you to follow the full picture: when this activity began, which systems were affected, and whether there were similar patterns in the past. Together, they provide complete visibility into threats and increase the likelihood of detecting even the most complex of them. And in Smart Monitor, these technologies can be combined in one product, without the need for complex integration of disparate systems of the monitoring class and protective equipment, "summed up Alexander Skakunov, CEO of VolgaBlob. | |
Compliance with the requirements for the 4th level of trust of FSTEC of Russia
The Smart Monitor data monitoring and analysis platform has received a certificate from the FSTEC of Russia for compliance with the requirements for level 4 trust and Technical Specifications (TS). VolgaBlob (VolgaBlob) announced this on May 30, 2025. Proprietary Search Anywhere technology, part of the Smart Monitor kernel, allows you to use various storage, including OpenSearch. The product can now be used in government organizations and large corporate structures with high data protection requirements, as well as in critical information infrastructure facilities .
Certification of the FSTEC of Russia confirms that the VolgaBlob Smart Monitor platform fully complies with the functional requirements and requirements for safety functions stated in the Technical Specifications (TS). In addition, the platform passed certification tests at the 4th level of trust (based on the order of the FSTEC of Russia dated June 2, 2020 No. 76), including checking the absence of vulnerabilities and undeclared capabilities.
The Smart Monitor platform implements a set of security measures, which allows it to be used in various areas. Thus, Smart Monitor can be used in automated systems up to classes 1G, 2B and 3B, information systems personal data up to the first level of security inclusive, state information systems and automated process control systems - in both cases up to the first class of security inclusive. In addition, it is suitable for objects CUES of the first category of significance and can be used in security circuits financial of organizations up to the first level.
For the first time in Russia, a platform has been certified that can use such hybrid storage as OpenSearch, ClickHouse, Hadoop, DB, Elastic as data sources. As part of the certification, the source code was checked with a volume of tens of millions of lines.
The Smart Monitor Certificate of Conformity No. 4932 is included in the state register of the information security certification system. Smart Monitor will be updated in full compliance with the requirements of the FSTEC of Russia.
| | Certification of Smart Monitor according to the requirements of the FSTEC of Russia is a new horizon not only for us, but also for the entire market of data monitoring systems. We were able to go through a complex certification process for our components, including confirming the safety of hybrid storage. Now, thanks to obtaining the FSTEC certificate, our clients will be able to use the system to monitor critical infrastructure, including GIS and information systems that process personal data - and not spray resources on different products, "said Alexander Skakunov, CEO of VolgaBlob. | |
Smart Monitor 5.0 with Smart Code content module
Smart Monitor 5.0 introduced the Smart Code content module for Security Code solutions. VolgaBlob (VolgaBlob) announced this on May 27, 2025.
The module allows you to monitor the status of their components and use the data to analyze the network infrastructure and endpoints. The module is available in the updated version of the comprehensive data processing and monitoring platform Smart Monitor 5.0.
The Smart Code module is designed for comprehensive monitoring of the Security Code products - the Continent network security complex and the Secret Net Studio server and workstation security solution. With the help of the module, you can analyze the state and level of performance of security systems, as well as extract insights from data, using them for information security and monitoring tasks.
From the Continent complex, the module collects product status data through the SNMP protocol (configuration properties, network and resource utilization metrics, cluster status), as well as event messages through the Syslog standard (syslog, firewall and intrusion detection events).
In addition, Smart Code takes a list of connected devices and VPN session events from the database. Secret Net Studio collects information about events and alarms of subsystems, information from the audit log and syslog, a list of clients and security policy settings through integration protocols.
The obtained data is then normalized and brought to several domains. As a result, with Smart Code, you can track the properties and metrics of all components critical to the functioning of security systems, from the state of subsystems and security servers to the relevance of keys and operating mode.
In addition, the module can analyze the functionality of the Security Code products, such as traffic blocking, intrusion detection, application control, authorization and others. This allows not only to monitor the current state of security tools, but also to use data in various information security scenarios. For example, analytics about application control and tunnel status can be especially useful if you want to make sure that the Security Code products have not affected the customer's applications.
| | We protect and strengthen the IT infrastructure capabilities of companies by operating a number of products and tools. In the case of large customers who use a large number of our solutions, ensuring a single monitoring becomes a non-trivial task. Smart Monitor with a special Smart Code module helps a lot in this, which allows you to centrally monitor the security and stability of systems, "said Fyodor Dbar, commercial director of Security Code. | |
| | We have been working in partnership with the Security Code for several years, creating monitoring and analytics tools. We finalized them, added and packed all this into a separate Smart Code module. Combining the capabilities of monitoring the technical condition of components and functional monitoring, Smart Code helps to ensure the continuity of business processes, quickly identify anomalies and prevent possible failures in the operation of protective mechanisms, "said Timofey Melnikov, Head of Content Module Development at VolgaBlob. | |
Integration of TI-feeds of "Perspective Monitoring"
and VolgaBlob Prospective monitoring"" expanded the technological partnership aimed at information protection Russian companies. In April 2025, expert " data Perspective Monitoring" was are integrated included in the Smart Monitor system. TI feeds will enrich the context of detected SIEM events and incidents, which will allow more effective detection of new threats and increase the level of security of organizations. This was Infotecs announced on April 30, 2025.
Promising Monitoring has been collecting information security threat data for 9 years and releasing databases of decisive rules for intrusion detection tools. TI feeds - data streams containing indicators of compromise, that is, signs by which you can recognize a potential threat - are supplied using the AM Threat Intelligence Portal (AM TIP) web service. It accumulates threat data and is a service for the automated delivery of TI-feeds and a base of AM Rules decisive rules to customers.
The portal provides expert data to analysts of monitoring centers, computer forensic scientists, vendors of information protection tools for integrating data into their products, and is also open for use by individuals to check objects for malware.
In April 2025, an updated version of Smart Monitor 5.0 was released, which implements a number of tools and functions that not only increase customer security, but also find new opportunities to analyze the business and increase its anti-crunch. The Search Anywhere data search technology has been improved, the resource and service model has been updated, new security modules have been added, and more than 10 functions requested by customers and partners have been implemented. Integration of TI-feeds of "Perspective Monitoring" is part of the Smart Monitor platform development program.
| | We strive to improve information security expertise in Russian information security solutions and flexibly adapt to any class of information protection tools. It is important for us as a feed supplier that the end user is effectively protected, and his information protection tools have maximum coverage of information about cyber threats, "said Kirill Kuznetsov, product manager of Promising Monitoring. | |
| | High-quality compromise indicators that are highly likely to indicate malicious activity significantly enhance SIEM capabilities, turning data collection into a powerful threat detection tool. That is why we pay such attention to integration with leading TI providers. Our goal is not just to add another source of data from which you can notice signs of malicious activity, but to give customers the flexibility of choice: the ability to combine suppliers for their own needs, budget and industry requirements, - commented Alexander Basov, SalesOps VolgaBlob. | |
BI.Zone EDR Integration
BI. ZONE EDR tools and mechanisms have been integrated into Smart Monitor. The Smart Monitor EDR module thus formed will help to quickly and efficiently identify security threats and respond to cyber incidents before attackers have time to develop an attack. BI.Zone announced this on April 16, 2025.
The module included BI. ZONE EDR agents, as well as a set of mechanisms for integration with the Smart Monitor platform. Now, within the framework of the platform, you can collect and analyze data on all events on endpoints (servers and workstations) in real time, thus identifying threats and anomalies. In case of suspicious activity, the specialist will be able to immediately respond to the incident directly from the Smart Monitor interface.
Data from BI. ZONE EDR agents will complement the information that comes to the platform from logs, network devices, and other sources. Together with the ability to quickly access historical data and event context, this will greatly speed up incident response. In addition, integration will automate routine tasks, primarily related to data collection, and thus optimize resource costs from the cybersecurity team.
The Smart Monitor platform functionality also allows it to be used to automate incident management processes, including reporting, notification, and integration with other security systems.
{{quote 'author=said Ivan Silkin, CTO of VolgaBlob. | Thanks to close cooperation with colleagues from BI.ZONE, within the framework of the technological partnership, it was possible to implement the useful and deep integration of the Smart Monitor platform and the BI. ZONE EDR solution. The integration of the two products greatly enhances the cyber defenses of customer organizations, enabling more effective threat detection, investigation, and incident response,}}
2024: Universal rocket for machine data analysis
On April 12, Cosmonautics Day, at 12:00, VolgaBlob (a developer, for a minute, with more than twenty years of experience in the field of information security and IT) launched a new rocket called Smart Monitor 4.0 into IT space. The purpose of our article is to tell and show you its possibilities. Give an understanding of which stratosphere the results of processing machine data can be raised. And to answer the exciting question, why has the company now become "green"? Read more here.
2022: Compatibility with Security Vision Automated Information Security Platform
The Russian developers of software solutions in the field of comprehensive monitoring information security VolgaBlob Security Vision and confirmed the compatibility of their products - the Smart Monitor platform Security Vision Automated Information Security Platform and in the course of comprehensive. This was testings announced by Security Vision on December 26, 2022.
Smart Monitor monitors security events to identify incidents, and Security Vision automates the process of investigating and responding to identified incidents. Products are most in demand in the Security Operation Center (SOC), which handles a large number of incidents per unit time.
Smart Monitor and Security Vision complement each other in terms of data exchange during bilateral interaction:
- information on IT assets;
- incidents and correlation rule actuations;
- information obtained during incident enrichment;
- incident status and investigation progress.
The integration of Smart Monitor and Security Vision is implemented in two ways:
- in automatic mode: when an incident is detected, Smart Monitor transmits the relevant information to Security Vision via REST API;
- in manual mode: the operator in the Smart Monitor Incident Manager module, when transferring an incident to a certain state, has the ability to send incident data to Security Vision.
| | The integration of Smart Monitor and Security Vision allows you to implement extensive functionality for orchestrating information security incidents. The joint application of these products allows you to take SOC platforms to another technological level. commented Ivan Silkin, CTO of Smart Monitor Development.
| |
| | Cyber resilience is an important principle of the company. You need to be prepared for the fact that sooner or later a cybersecurity incident will occur, and it is important to detect it in a timely manner and take the necessary actions. The set of Smart Monitor and Security Vision solutions will make it possible to solve the tasks of operational monitoring to identify violations and build an automated response process, noted Roman Ovchinnikov, head of the Security Vision execution department.
| |
Smart Monitor is a universal platform for collecting and analyzing machine data, which allows you to solve practical problems in the field of information security, monitoring the IT infrastructure and analyzing business processes. It provides centralized collection, storage and processing of events from all types of data sources: servers, network equipment, IoT, information protection tools, application information systems, virtualization and containerization tools.
Security Vision is a platform for automating information security processes, monitoring and responding to cybersecurity incidents, which for the first time allows you to robotically perform the software and hardware functions of an operator with an automation share of up to 95% due to:
- creating elements of self-regulating software using mathematical methods to free a person from participation in routine operations and processes of obtaining, converting, transmitting and using information;
- using machine learning algorithms and methods;
- using predictive analytic large data algorithms and cognitive information retrieval.
2019: Release of a new version based on open source software
In November 2019, the Russian developer VolgaBlob presented a new version of his Smart Monitor solution - a set of applications for analysis and business processes IT infrastructures events. information security Previously, it was based on the platform Splunk of the American developer of the same name, which in February 2019 announced its departure from with Russia reference to the revision of the investment strategy and stopped selling in this market. To replace Splunk as the new platform for Smart Monitor in VolgaBlob, which was a key partner of Splunk in Russia, they chose ON with Stack. open source Elastic
| | In February 2019, Splunk left the Russian market. There was a significant demand for services to support and develop projects based on its platform from customers with valid licenses. At the same time, former Splunk clients, as well as companies that are implementing solutions of this class for the first time, faced the task of switching to an alternative platform for analyzing machine data, - explained the prerequisites for creating a new solution, VolgaBlob CEO Alexander Skakunov. | |
The new version of Smart Monitor is based on Elastic Stack using VolgaBlob development modules tied to the main platform with different functionality for solving different problems. In total, 18 modular applications are available for analyzing machine data aimed at large and medium-sized businesses.
The main Smart Monitor Core module builds tree indicators based on the resource and service model and allows you SLAKPI to calculate/indicators related to information IT infrastructure security (IS) and business. The Alert Wizard, which is part of the main module, sends notifications to users when abnormal situations occur.
Other modules allow you to manage incidents, assess risks, profile employee actions, automatically build a corporate network map and collect events from network nodes, including physical and virtual VMware servers, accumulate and process logs from virtualization and containerization environments, manage information protection tools, and monitor events from application information systems.
To implement the necessary functionality in Smart Monitor, which was in the previous version of the Splunk solution, a significant revision of Elastic Stack was required. In its original form, they say in VolgaBlob, it is inferior to Splunk in a number of parameters. But in terms of the amount of data that these platforms can work with, they are comparable, said Ivan Silkin, architect of the VolgaBlob development department, in a conversation with TAdviser.
Alexander Skakunov clarified to TAdviser that the Smart Monitor version on Splunk in Russia has several dozen clients, about 30-40, and the total number of installations of the Splunk platform is even higher, not everyone just needed additional functionality. Among the largest users of Smart Monitor are the Central Bank of the Russian Federation, SUEK, Yota, etc.
The previous version of Smart Monitor was aimed mainly at large corporate clients. And the new modular structure of the solution, which allows customers to more flexibly choose the set of functions they need, will also cover smaller organizations, explained Skakunov. Due to this, the company expects to increase the installation base of the solution by 2-3 times.
The growth of the customer base in VolgaBlob is also expected due to a change in the price model. So, Splunk had two types of licenses - either an indefinite license or an annual subscription, and the cost is tied to the amount of data that the client passes through it. And VolgaBlob does not use price-to-data mapping in its new open source solution.
At the same time, Splunk has abandoned permanent licenses around the world since November, betting on subscriptions, and VolgaBlob, on the contrary, is focused more on permanent module licenses, the company's CEO added in a conversation with TAdviser.
Smart Monitor developers will not charge for the Elastic Stack platform itself, because this does not imply an open source license under which the open version of Elastic Stack is distributed. The price of the final solution will depend on the set of modules that the customer needs along with the platform.
The company has not yet decided on the exact prices in the company as of November. According to Skakunov, they are at the approval stage.
The Splunk kernel is written primarily in C/C + + and Python, while Elasticsearch is written in Java. Ivan Silkin explained to TAdviser that Splunk has frameworks that allow it to expand its functionality with minimal interference with platform code. In order for Smart Monitor modules to approach Elastic Stack, you need to do a lot of work to rewrite them.
Several Smart Monitor customers are already piloting a new version of the open source solution. The feedback that developers receive is used to further refine the product.
| | We also continue to accompany Splunk with many customers, and it acts as a food for our minds for us: what else can be implemented in Elastic Stack both from the point of view of the platform and from the point of view of modules, "Alexander Skakunov emphasized in a conversation with TAdviser. | |
At the time of the announcement of the new version of Smart Monitor, the solution is already available for pre-order, but the main platform is still being finalized and Smart Monitor modules are being ported to it. First of all, the most popular functions are transferred to the new platform.
In the 2nd quarter of 2020, the developers plan to add Smart Monitor to the register of domestic software, and later also certify it to the FSTEC.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |