Security Vision's ‘features’: general

Roman Dushkov, Security Vision

We are starting the publication of the ‘Security Vision “Features”’ series to introduce you to interesting solutions in our products that allow you to solve actual tasks as efficiently as possible. The first article is devoted to the general aspects of the platform.

Initially a single product and interconnection of any objects

When using different products, there is a need to switch between their interfaces. Security Vision has solved this problem by organising a single database where all objects are interconnected. Now there is no need to go to other sections, search to get the required content.

This feature allows the SOC operator to get deeper analytics on the asset to which an incident or vulnerability is related, and immediately proceed to its classification and risk assessment.

Adaptable to any architecture and ready to handle the load

There are two main options for implementing a distributed cluster:

1. Main server in the centre + remote connector services are installed, through which data collection and remote interaction with target systems takes place.

2. Several full-fledged installations, between which synchronisation via API is configured.

This allows to distribute the load between data streams and organise a large-scale SOC with geo-distributed infrastructure. Specific connector and data processing services also scale to run 500-1000 workflows in parallel.

Parsing large volumes of JSON and XML data formats

Typically, when analysing large data volumes, software products require more RAM and CPU speed. The Security Vision platform does not overestimate hardware requirements, having built the ability to parse large files piece by piece.

This allows you to work with large vulnerability reports or just large files with useful information without ‘brakes’ and the need to purchase hardware in the process of operation.

Granular cleansing of old data

The characteristics of hardware or virtual machine parameters on which IT and IS systems are deployed may change over time, so it is important to use not only modern architectures (separate separate processes or duplicate modules), but also to manage persistent memory utilisation in order to adapt.

The Security Vision platform allows not only to manage the database using built-in or external DBMS (e.g. hot backup in PosgreeSQL), but also to clean up old data directly in the platform settings, with rules customised for different types of objects, processes, logs and reports.