Customers: Segezha Group
Contractors: R-Vision Product: R-Vision SGRC Information Security Monitoring CenterSecond product: R-Vision Incident Response Platform (R-Vision IRP) Project date: 2021/01 - 2021/05
|
2021: Implementation of R-Vision platform combining R-Vision SGRC and IRP products
{{quote 'The platform is designed to save the IB specialist from routine work. In other words, it is an information security desktop. In the platform, we consolidate information about emerging IB incidents. We also maintain an asset base in it - so we understand, for example, how many Windows installations we have, what version they are, whether we have versions removed from Microsoft support. The latter is important, as it serves as a source of additional risks for us. We "drove" some of our processes into the system, for example, negotiating the inclusion of USB ports. Using the platform, we get a geographical map with peaks of unresolved incidents. Such visualization helps to look at what is happening from above and decide where to move in the first place.
In addition, we used the platform to conduct internal audit of IB. Automation of this process helped us to see the current state of the IB and understand what needs to be improved.
In general, in my opinion, the most important thing in ensuring information security is to constantly improve something and prioritize improvements. After all, some of them can significantly increase the level of protection, but some is not. With the help of the R-Vision solution, prioritizing measures for the development of IS is quite simple.
We are trying with this tool to digitize the feasibility and effect of providing IB. For us, this is an important indicator, as we strive to speak the business in the same language, explain what damage was prevented, what risks to reduce. The platform allows you to both describe risks and threat models, and try to digitize specific incidents, which we are working on. Similarly, we plan to digitize in the R-Vision module the effect of other used IB solutions.
Our future plans are to automate at least eight routine procedures, including those related to risk management, using the system. In addition, we plan to implement IB incident response scenarios in the platform to coordinate regional response teams on them when receiving incidents from MTS SOC. That is, we will act as the second line of support on IS issues, when the skills of specialists in the field will not be enough to solve problems, "said Maxim Korolev, director of information security at Segezha Group.[1]}}