SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform

Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
18.07.2023

Security Vision

IRP/SOAR 2.0 is a new Security Vision product that implements unique methods of investigation and response to IS incidents based on dynamic playbook technology. All stages of incident handling are maximally automated.


SOAR is a class of automated systems for orchestration, automation, and response to information security incidents.


The main idea of the dynamic playbooks concept is automatic adaptation of response plans to the specific situation of a triggered incident: the system automatically analyses the event, its attributes, attack technique, involved objects and based on this information automatically builds the required playbook using atomic response scenarios included in the product. Through retrospective analysis of the incident vicinity, IRP/SOAR 2.0 identifies the attack chain and builds a response based on the received objects.


This approach does not require complex pre-design and configuration of multiple playbooks, evaluation and pre-calculation of attacker routes, infrastructure reachability, calculation of attack variants, and construction of attack and network infrastructure maps. The IRP/SOAR 2.0 system assembles a suitable incident handling plan every time.


A dynamic playbook is a scenario automatically built by the system based on the Customer's involved infrastructure, event types, their attributes, attack techniques, and inbuilt expertise that lays down expert recommendations for classification, enrichment, containment, and response in the scenario.


The system automatically builds the attack chain by collecting additional data directly from the involved objects and proposing a comprehensive object-oriented response scenario unique to each sequence of events and involved objects.


No need to calculate attack routes and network reachability maps in advance, the system responds in the face of uncertainty and variability of attacks and infrastructure through dynamic adaptation.


IRP/SOAR 2.0 is based on the unified Security Vision platform. Customers have access to all the benefits of the platform, including extensive customisation options. The solution is fully parametric, no platform modifications are required to create a new integration, report or dashboard: everything is customised through the system's user interface.


Incident analysis and enrichment


Incidents undergo an automatic analysis and enrichment phase, during which the system collects additional artefacts from all events in the vicinity of the incident to form an attack coverage. The incident retrospective analysis searches for suspicious process launch events based on sigma detection rules, anti-virus hits and IDS/IPS alerts on the host, and authentication events from the host.


Incident Classification


Security Vision IRP/SOAR 2.0 automatically classifies an incident by associating it with MITRE ATT&CK matrix techniques and tactics extended by Security Vision expertise. The system can classify more than 250 types of IS incidents and events, assigning them to more than 110 different techniques and tactics. The expertise package built into the system details a set of recommendations for the IS analyst to analyse, contain and respond to each identified technique. Additionally, the system provides recommendations for improving the overall level of security.


Object-oriented response


Security Vision IRP/SOAR 2.0, based on dynamic playbook technology, assembles on-the-fly a response process tailored to the identified attack and the infrastructure involved. Based on MITRE ATT&CK techniques and tactics, linked data in the vicinity of the incident, the result of retrospective analysis, data from external analytical services and internal expertise, the system builds a dynamic playbook. It is assembled from more than 150 different object-oriented actions and atomic response scenarios.


At the same time, Security Vision IRP/SOAR 2.0 is able to control the legitimacy of automated actions, taking into account the specifics of the customer's infrastructure: its confidentiality, permissions, segmentation and topology. The choice of response is based on the specific object, its type and the policies for working with it (triad, criticality, group membership or network segments). Users can flexibly configure policies for action execution, additional data collection, containment and response through system settings, specifying the type of action to be performed (automatic or manual) and the set of systems to be integrated.


Kill chain


The Security Vision IRP/SOAR 2.0 expert engine automatically builds kill chain attacks by linking the events and incidents involved in the attack by key attributes: IP addresses/names of attackers and compromised hosts, compromised accounts, host vulnerabilities, hacker tools, VPOs. Plus the system additionally collects raw data from the source: network connectivity, sessions, authentications, etc. Automatic analysis of hidden relationships is also performed. The analysed events and incidents can be obtained both from SIEM-systems and Data Lake (Kafka, Hadoop, Elasticsearch, etc.), and directly from the end devices of the customer's infrastructure using the correlation and data grouping mechanisms built into the product. Additionally, a sigma rule-based forensics package is built into the product, which allows to detect all affected infrastructure elements, expand and define the attack landscape.


Count Incident Investigation


Security Vision IRP/SOAR 2.0 is able to represent incidents and attacks in the form of a graph, which allows you to assess the attack as a whole by displaying all objects affected by the incident, including showing non-obvious relationships. For example, the graph displays:

- All assets associated with the incident

- IOA and threat sources

- Additional attribution (e.g., MITRE ATT&CK, vulnerabilities, etc.).


The graph is interactive, its functionality allows you to perform deep analytics (via enrichment and sigma queries), perform investigation and response by selecting specific actions. For example, you can block a user account, perform host isolation, run an antivirus scan, retrieve a list of active sessions, and more. Initial analysis, containment, retrospective analysis, mitigation, removal of malicious artefacts and evidence collection are performed as required. At each step of the investigation, the user sees the key relationships and objects of the incident to form a complete picture of what is happening. The user can graphically analyse relationships, perform actions on assets, and open object cards.


Expert recommendations and Lessons learnt


When investigating an incident, the system automatically displays expert recommendations for containment, analysis and response, tailored to the MITRE ATT&CK techniques automatically assigned to incidents.


The IRP/SOAR 2.0 recommendations for improving the overall level of infrastructure security (hardening) are based on information security best practices that are generally accepted and repeatedly proven to be effective, in particular the Microsoft recommendations, as well as the CIS Critical Security Controls standard. These recommendations include such sections as account management, access differentiation, VPO defence, network security and others.


Processes and automation


All stages of incident handling are implemented and automated as much as possible in the product:



Integrations


Security Vision IRP/SOAR 2.0 features a large number (more than 150) of built-in connectors for integration with all popular SIEM systems (MaxPatrol SIEM, KUMA, Pangeo RADAR, RuSIEM, NEURODAT SIEM, ArcSight SIEM, QRadar, Splunk, etc.), with the customer's infrastructure, including end devices (Windows/Linux systems), anti-virus systems (NGFW, DLP, antivirus, EDR, sandboxes). In addition, Security Vision IRP/SOAR 2.0 offers an extended number (more than 30) of built-in integrations with analytical services (both external and internal), which allow to collect all necessary information on incident attributes required for investigation. Security Vision IRP/SOAR 2.0 is able to work with a variety of data types, unifying them and producing normalised results.

Integration builders built into the platform allow for quick no-code implementation of additional integrations with any new or unique customer systems, expanding the investigation, response and action capabilities that can be performed on customer infrastructure.


The product also has built-in integration mechanisms with NCSCI and FinCERT.


The product uses an agentless method of operation to collect data about the incident and the infrastructure involved, conduct incident and IS event response, and does not require any additional components to be installed on endpoints, Windows/Linux servers and stations.


ChatGPT


Integration of the platform with OpenAI service is implemented, which is used as an analytical service for recommendations on how to respond to detected attacker techniques. The transmitted data does not contain sensitive information. The system transmits obfuscated data: hash, malisodes, urls or VPO samples with the question how to investigate further. The main challenge in using and configuring the service is to properly drill down into the questions to get the expected result. By building the right context, ChatGPT will take all subsequent questions in the key of the given issue. There are two ways to use it. The first way is to connect to a cloud service by asking questions to the main OpenAI. The second way is to deploy locally on your servers an analogue of ChatGPT to provide maximum privacy without losing the advantages of modern technologies.


Object representations



In IRP/SOAR 2.0 from Security Vision, incidents, attacks and related objects (hosts, vulnerabilities, malware, etc.) can be viewed as lists, as a tree, and in detail on each object card (full and brief) with a full list of attributes. Three variants are implemented in the system for convenient search of necessary objects:

- Full-text search - searches the value by displayed attributes

- Quick - search by any selected attribute

- General - complex filter, with unlimited number of nesting levels of conditions for different attributes.


The user can save the configured filter for its reuse.


The user can perform bulk operations on the selected objects (both preconfigured and created by the user on the fly), for example, mark an incident as False-Positive, reassign a responsible person, etc.


Incident Card



For each incident, you can view detailed information that displays:

- Time of first and last event

- Scheduled timeframes for handling and resolution

- Incident event timeline and total number of events

- Criticality

- Sign of mass incident

- Belonging to techniques and tactics

- Incident tags

- And more.


For each incident, you can perform a specific set of preconfigured actions, such as assigning a new responsible person, adding a tag, marking the incident as False positive, and more. This set can be extended with other actions through the corresponding system constructor.


The system implements an incident lifecycle, which can be managed manually or automatically by the user by setting the parameters of activity and presence in the system for each type of incident through special settings.


The phases of incident processing correspond to the response phases according to the NIST methodology: each new affected incident object received (until the incident is closed) goes through all phases according to the methodology.


From the incident card it is possible to interact with raw event sources, for example, you can request additional data in different areas: successful authentications, raw events, suspicious LOLBINS processes, suspicious Credential Access events, hacker utility launch events, etc. There is also a function to automatically search for alerts on hosts.


The system also has an internal chat room (warroom), where both system messages and analysts' messages are recorded when it is necessary to leave a comment manually. It is possible to send messages to external Service Desk systems to perform certain actions, for example, by system administrators from the IT Service Desk.


Within the framework of post-analysis from the incident card there is a possibility to create and set child tasks, control their execution taking into account the investigated incidents, attacks and expert recommendations issued by the system.


MITRE ATT&CK


The Security Vision IRP/SOAR 2.0 functionality provides work with the MITRE ATT&CK knowledge base of techniques, its automatic support in all main sections: description of tactics, techniques and sub-techniques, attacks, hacker tools and hacker groups, ways to counteract unauthorised access to data. Incidents are automatically assigned a MITRE ATT&CK technique or sub-technique, allowing for more efficient investigation of threat detection incidents.


During the process, the analyst sees the MITRE ATT&CK techniques assigned by the system to the incident. Depending on the technique, the system issues a particular block of expert advice on how to investigate, respond, and post-analyse the incident. When an analyst disagrees with a technique automatically determined by the system, he or she can add or remove the attack technique in a separate tab of the incident.


Attack Card


The system automatically links incidents into an attack and builds a killchain based on the key attributes and attack techniques of the incidents. In this way, the analyst works with incidents that have already undergone initial full-fledged analysis and are built in a single chain of sequence and context.



On the main page of the attack card, information such as:

- Criticality of the attack

- Mass severity

- Incident sources

- Planned and actual take-up and resolution times

- List of MITRE ATT&CK techniques assigned to the incidents that make up the attack

- Kill chain of MITRE tactics, with the number of incidents for each tactic listed

- A timeline that allows you to track the evolution of the attack over time

- A list of brief recommendations for responding to this type of attack

- Attack tags

- etc.


The system implements a life cycle where each attack goes through a series of automated and manual stages during investigation and processing. For example, when an attack is created or modified, all incidents included in it are automatically enriched from external analytical services, and information on all participating assets is collected from the internal infrastructure. Thus, when the user starts working with an attack, he immediately receives the most complete information on the incidents and the infrastructure involved.


While the attack is still open, all new information detected from new incidents is automatically added and aggregated, and data is automatically deduplicated. The user receives a grouped set of incidents to be investigated and processed as a single attack.


The criticality of the attack is automatically calculated using a special methodology that takes into account the criticality of incidents, their mass and a number of internal characteristics, including False-Positive marks.


When working with an attack, the user has a number of preconfigured actions to handle the incident and interact with external systems and involved assets. Examples of actions implemented in the system are:

- Collecting data on hosts, accounts, processes, services, sessions, etc.

- Incident response - blocking accounts, disabling hosts, blocking email accounts

- Checking attachments in internal and external sandboxes

- Retrieving asset data from CMDB systems

- Sending to NGFW blocklists

- etc.


An attack card, just like an incident, but already in the context of all related incidents, contains all response actions within this attack, all recommendations for investigation and mitigation. It is possible to perform additional work from a common context with any object of the attack, as well as to cancel any action or communicate in a common chat of all participants in the investigation.


For all actions it is possible for the user to customise their execution both manually and automatically. The set of actions can be extended through the constructor available in the platform and working in no-code mode.

Alerts


Users of Security Vision IRP/SOAR 2.0 platform can receive notifications - alerts with details of new incidents and attacks, changes in their status, as well as links to the object card. In case of a large number of incidents, the data is automatically aggregated into a single notification. The system has preconfigured notification channels, such as email, Telegram channel, file network resource, etc. Users can both customise the types of alerts and add their own filters for each set of monitored objects, as well as configure other channels for sending alerts through the platform's built-in constructs.

Flexible role model and MSSPs


To manage the incident investigation process, the product features a flexible role model that allows you to differentiate access to each field and attribute of an incident and IS event during an investigation. The investigation process is highly customisable, allowing it to be adapted for both small teams working on incident investigation and large SOC centres, with flexible configuration of applicable response levels (L1, L2, L3), escalation, post-analysis and integration with the customer's external Service Desk.


Each role is configured with its own set of actions, available data, reports and dashboards, as well as its own menu and display settings. Multiple roles can be assigned to a user, in which case the user will have the authority of all assigned roles.


If necessary, an unlimited set of roles can be created and each role can have its own accessibility settings for each object of the system. All settings are performed through the constructor included in the platform.


The product supports multitenancy and can also be used under the MSSP model.

Dashboards


Security Vision IRP/SOAR 2.0 includes preconfigured dashboards that display key information on incidents, attacks and other system data in operational, analytical and strategic sections.



All dashboards are automatically updated and interactive: the user can ‘fall through’ the required data slice and see the source for calculating this or that indicator. For example, clicking on critical attacks in the pie chart opens a view with a list of all unclosed critical attacks. Or if you click on an attack with the status of the system object ‘New’, a separate list will display a list of all new attacks that have not yet been accepted for work.


The user can also change the analysed period for dashboards - key parameters are provided as input data for all displayed items, with the ability to adjust their default values from the general dashboard interface.


For visual real-time tracking of the geography of detections, Security Vision IRP/SOAR 2.0 features a graphical map that displays current attacks and the associated territorial offices of the customer where incidents have been detected, linked to the geographical location of the attack source. All information is interactive: it is updated when the data in the system changes.

Dashboard Editor


The Security Vision IRP/SOAR 2.0 platform features a built-in editor of dashboards and displayed widgets that does not require programming skills and works in no-code mode. The user through the system interface can create and edit data sources (with the possibility of complex filtering, selection of object type and reference data, their linking and grouping, definition of input parameters, setting of calculation formulas), data display (pie chart, bar chart, line graph, table and many others), styles, actions (drill-down, etc.), location in the dashboard with the possibility to set any size for each element and many other settings and functionality that allows customising dashboards.



Reports


Security Vision's IRP/SOAR 2.0 solution includes preconfigured reports that allow you to upload data on individual attack characteristics (by source, by organisation, by mass attacks, etc.), as well as consolidated reports for a shift and for a week, which contain consolidated information on all data for the period and separately for each section of the IRP/SOAR 2.0 product.


Consolidated reports can be uploaded manually by the user through a special section of the platform interface, where you can select the format of the uploaded report (Docx, Pdf, Xlsx, Ods, Odt, Txt).


The system also has the functionality of automatic scheduled distribution of reports to different channels and recipients: email, Telegram, File Server, databases, external APIs, etc. The reports can be automatically sent to different channels and recipients.


Users of the Security Vision IRP/SOAR 2.0 platform can independently create new report templates via the inbuilt editor, the functionality of which is similar to the dashboard editor (with additional specific settings for each report format). It does not require programming skills and works in no-code mode.


Interface


IRP/SOAR 2.0 from Security Vision supports working in light and dark themes for the whole used platform interface. These settings are set individually for each user. Also implemented ‘multi-language’ - the system interface supports the use of several languages, both basic for the entire system, and individually configured for specific users (the basic package includes Russian and English languages).


Native integration with the Security Vision product ecosystem


The product works even more efficiently due to native integration with the Security Vision product line and joint use with such modules as TIP, UEBA, CMDB, Vulnerability management, SGRC and others. The Security Vision product ecosystem enables comprehensive coverage of key information security areas in an organisation.


Security Vision IRP/SOAR 2.0 Architecture


When implementing the Security Vision IRP/SOAR 2.0 platform at the customer's premises, it is possible to install all components on one virtual server or spread the components across different servers for load balancing. The system architecture supports full fault tolerance of all components.


For all components of the platform it is supported to work on any OS: MS Windows, Ubuntu, Debian, CentOS, RedHat, Oracle Linux, Alt Linux, Astra CE ‘Orel’, Astra SE ‘Smolensk’/‘Voronezh’/‘Orel’, RED OS, ROSA ‘KOBALT’. PostgreSQL, Postgres Pro, Jatoba or Microsoft SQL Server are used as DBMS.


IRP/SOAR 2.0 from Security Vision complies with the ideology of technological sovereignty, being a fully domestic product.

information security MITRE TIP SGRC IRP UEBA (User and Entity Behavior Analytics) SIEM SOAR SOC

Recommended

Darknet - what it is, how criminals use it, what to watch out for
Darknet - what it is, how criminals use it, what to watch out for
information security

24.06.2024

IRP/SOAR by law. Finance
IRP/SOAR by law. Finance
information security

18.10.2021

Security Vision's ‘tricks’: objects and processes
Security Vision's ‘tricks’: objects and processes
information security

27.02.2023

Role-based security model and its differences from the attribute-based access control model
Role-based security model and its differences from the attribute-based access control model
information security

26.08.2024

Security of transfers and payment for goods via SBP. Part 2
Security of transfers and payment for goods via SBP. Part 2
information security

14.06.2022

Dynamic playbooks
Dynamic playbooks
information security MITRE UEBA (User and Entity Behavior Analytics)

21.02.2024

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
information security SOC MITRE

29.05.2023

IRP/SOAR by law. CII
IRP/SOAR by law. CII
information security

25.10.2021

How the technical side of data leakage protection is organised
How the technical side of data leakage protection is organised
information security

22.08.2022

Dark sides of containers: risks and security measures
Dark sides of containers: risks and security measures
information security

22.08.2024

IRP/SOAR by law. GIS, PDN, GOST project
IRP/SOAR by law. GIS, PDN, GOST project
information security

01.11.2021

Web Application Security: WAF
Web Application Security: WAF
information security SOAR

07.11.2022

Recommended

Darknet - what it is, how criminals use it, what to watch out for
information security

24.06.2024

Darknet - what it is, how criminals use it, what to watch out for
IRP/SOAR by law. Finance
information security

18.10.2021

IRP/SOAR by law. Finance
Security Vision's ‘tricks’: objects and processes
information security

27.02.2023

Security Vision's ‘tricks’: objects and processes
Role-based security model and its differences from the attribute-based access control model
information security

26.08.2024

Role-based security model and its differences from the attribute-based access control model
Security of transfers and payment for goods via SBP. Part 2
information security

14.06.2022

Security of transfers and payment for goods via SBP. Part 2
Dynamic playbooks
information security MITRE UEBA (User and Entity Behavior Analytics)

21.02.2024

Dynamic playbooks
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
information security SOC MITRE

29.05.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
IRP/SOAR by law. CII
information security

25.10.2021

IRP/SOAR by law. CII
How the technical side of data leakage protection is organised
information security

22.08.2022

How the technical side of data leakage protection is organised
Dark sides of containers: risks and security measures
information security

22.08.2024

Dark sides of containers: risks and security measures
IRP/SOAR by law. GIS, PDN, GOST project
information security

01.11.2021

IRP/SOAR by law. GIS, PDN, GOST project
Web Application Security: WAF
information security SOAR

07.11.2022

Web Application Security: WAF

Other articles

What is an authentication factor, why do you need a second one and how many are there in total
What is an authentication factor, why do you need a second one and how many are there in total
information security

17.04.2023

The IT/IS interface: defence tools
The IT/IS interface: defence tools
information security SGRC SIEM

28.12.2023

Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
information security

15.02.2022

Vulnerability Management module on the Security Vision platform
Vulnerability Management module on the Security Vision platform
information security

28.04.2022

Practical protection of personal data. What are the information protection means that have undergone the conformity assessment procedure in accordance with the established procedure
Practical protection of personal data. What are the information protection means that have undergone the conformity assessment procedure in accordance with the established procedure
information security

28.06.2021

Information security trends. Part 3
Information security trends. Part 3
information security

16.08.2021

MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
information security SOC MITRE

13.06.2023

Internet of Things and security
Internet of Things and security
information security

22.07.2024

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #2 ‘Ensure the SOC has the authority it needs to fulfil its mission’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #2 ‘Ensure the SOC has the authority it needs to fulfil its mission’
information security SOC MITRE

10.05.2023

Other articles

What is an authentication factor, why do you need a second one and how many are there in total
information security

17.04.2023

What is an authentication factor, why do you need a second one and how many are there in total
The IT/IS interface: defence tools
information security SGRC SIEM

28.12.2023

The IT/IS interface: defence tools
Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
information security

15.02.2022

Review of the publication NIST SP 800-218 "Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities"
Vulnerability Management module on the Security Vision platform
information security

28.04.2022

Vulnerability Management module on the Security Vision platform
Practical protection of personal data. What are the information protection means that have undergone the conformity assessment procedure in accordance with the established procedure
information security

28.06.2021

Practical protection of personal data. What are the information protection means that have undergone the conformity assessment procedure in accordance with the established procedure
Information security trends. Part 3
information security

16.08.2021

Information security trends. Part 3
MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
information security SOC MITRE

13.06.2023

MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
Internet of Things and security
information security

22.07.2024

Internet of Things and security
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #2 ‘Ensure the SOC has the authority it needs to fulfil its mission’
information security SOC MITRE

10.05.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #2 ‘Ensure the SOC has the authority it needs to fulfil its mission’

This website uses cookies to ensure you get the best experience.