SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

New generation of reports

New generation of reports
07.08.2023

Security Vision


Introduction


Some of the oldest reports discovered by anthropologists belonged to the Incas and were complex rope weaves and knots made of alpaca or llama wool. Humanity has come a long way in just under five thousand years. Gadgets have rushed into our lives, and now no one will be surprised by the picture of a man studying diagrams and tables on a tablet, sitting in a chaise longue on the seashore. Let's take a look at what they are - modern digital reports, what new opportunities they open up, as well as dive into the specifics of reporting in the field of information security and consider several real situations with customers.


Advantages of ‘digital’


Electronic versions of reports appeared before printing was no longer necessary, and the first significant advantage of a digital report was the ability to preview. Data could be studied and, if necessary, tweaked before it was put on the boss's desk. But appetite, as you know, comes with the meal, and electronic media began to suggest new possibilities.


For example, do you remember from historical films the long scrolls on which heralds read out the tsar's will to the people? This kind of document was completely devoid of navigation: to find a particular place in the document, you had to run through it with your eyes, relying only on your own memory and the meaning of what was written. When people learnt to cut scrolls into equal pieces (A4 size) and number them, a table of contents and the possibility to refer to certain text fragments appeared. This is how navigation in documents was born. Electronic documents became even more convenient, because clicking on a hyperlink instantly took you to the right part of the text.


Digital reports went even further, abandoning two-dimensionality and gaining a third dimension - depth. From any pie chart, you can now, with just a couple of clicks, ‘fall through’ to the list of values, and from it - to the object card and back again. This has made the reports much more concise, highlighting the most important information in the easiest-to-understand format.


Personal experience


There are many different reports. For example, let's take the reports of the systems we know best - systems related to information protection tools such as IRP/SOAR, DLP, CMDB, VM. Let's first introduce a conventional classification of reports by purpose and belonging to one or another type of information protection equipment (IPE) and then consider each individual type of report.


Types of reports depending on the purpose and type of information protection systems:

- Per period - generated in asset management systems (CMDB) or vulnerability management systems (VM). Reflects the result of the software or team's work for a certain period.

- Monitoring - generated in DLP systems. Reflect time slices to highlight critical performance issues.

- Problem - generated in TIP or SOC class systems. Reflects an existing problem and, as a result, a request for action from decision makers. The report acts as a kind of ToR.


Reports for the period should provide answers to three questions as simply and quickly as possible: what to do, where to do it and how to do it quickly. Old-format reports, although they answer these questions, make the executor first flip through several pages, then, having waded through the maze of compound sentences, reread the task several times and only then proceed to its execution. Such verbal noise should be minimised in the new format reports, so that in the end it can be read in one approach, and a clear scheme ‘condition-action-result’ can be built in a person's mind, without the need to spend time on the independent development of such a scheme.


Reports with a monitoring function (using the example of reports provided by DLP systems) should be evidence-based and speak the language of facts. It is the evidence applications that play the main role in such reports, which are included in the report as they are, but it is also important to get the fact-based conclusions right, which is the job of the operator/analyst. In such reports, the structure of the report is already at the forefront, allowing for a logical and concise narrative of the incident.


Reports that report on a problem requiring a response are very diverse. The results can be either time slices or individual sets of information about resources (and the ‘resources’ can be both equipment and people). For example, it is necessary to prove and defend the choice of a protection system depending on the performance results or to form in business language the needs for new tools or resources based on performance indicators. In such cases, evidence alone is not enough; it must also be properly framed and presented in order to form a coherent chain of arguments for the manager reading the report that does not allow him or her to doubt the validity of the data. Usually, it is the inability of many high performers to ‘translate’ their well-founded concerns into the language of financial feasibility that becomes a problem. Based on the reports, serious decisions are made about budget levels, staff expansion, and other staffing challenges. Contractors report to the management and the customer, employees interact with each other using a universal language of reports, and the efficiency of many processes and people depends on how smoothly and qualitatively, without unnecessary ‘water’, it will be built.


Questions and solutions


Everything sounds great in theory, but real projects sometimes threw up problems and situations that would have been very difficult to foresee in advance. Of course, this raised questions, and the questions prompted solutions. Here's how it happened.




Do you really need a cover page?


In fact, that is exactly what the question to the customer sounded like. The problem was that in a large analytical report, the entire first page was taken up by information about which city, in which year and by whom the report was prepared, as well as the title of the report and the company name and logo. The second page was the table of contents, followed by the glossary, and the content of the report started on page five. People worked with the report all the time, but each time they started with the ritual flipping to page five.


We removed the company name altogether: the report was internal and people mostly remembered where they worked. The name of the report was placed in the centre of the top edge of the first page. The information about the period of the report and the author was reduced and placed in the upper left corner, and the logo was also reduced and placed in the upper right corner. The glossary and table of contents were moved to the last pages of the report. In this way, the useful information in the report started on the first page, and people found it easier and more enjoyable to work with it. This brought us to the next question.




Where do you look first?


When we asked for a demonstration of exactly how the report is handled, it turned out that the customer first looks at incident statistics, then at current assets with changes over the last year, and only then moves on to the recommendations of the information protection department and their justification. We simply rearranged the sections of the report, placing them in order of review, added cross-references and a few charts on key indicators. As a result, the ergonomics of the report improved significantly. Next, we started not just arranging and grouping information, but translating a set of concepts into the language of business - so we created an additional level of abstraction called ‘Conclusion’. The ‘Conclusion’ was different: it could be a big number, or beautiful intersecting graphs (where sometimes ‘the boa constrictor ate the elephant’), but one thing our conclusions had in common - a quick glance at an icon, word, paragraph or picture gave an unambiguous understanding of whether what we were seeing was good or bad. However, there is always room for improvement, so we asked the following question.




Surely the report should be black and white?


It turned out that monochrome reports were a relic of the past: previously, the company used laser printers without colour printing capabilities. However, over time they were replaced by MFPs, and the reports were no longer printed at all. The reports were prepared in the appropriate software, presented to the management on a projector and additionally sent to the meeting participants by mail. The customer did not understand why the report should be in colour: ‘You can see everything, all the information is there. It's not a comic book!’. Nevertheless, we added coloured bullets to each section of the report - after that it became much easier to navigate in the printed version, even without referring to the table of contents. We made the comparison charts in colour and highlighted the most important indicators. The report was perceived in a completely different way, and a week later the customer could not imagine how he had lived without it until now.


Conclusion


To summarise, the most important thing in preparing report layouts is to always take an analytical approach and start with the needs of the business. At the same time, the deeper you dive into the essence of the issue, the better the result will be. And you should always keep up with the times to use all the latest achievements of mankind, adapting the customer's work to new gadgets, technologies and current trends in design and styling.


information security SOAR IRP

Recommended

What social engineering is and how to protect yourself from it
What social engineering is and how to protect yourself from it
information security

29.07.2024

How the data leakage protection system understands what to protect
How the data leakage protection system understands what to protect
information security

29.08.2022

Interaction module with NCCI on the Security Vision platform
Interaction module with NCCI on the Security Vision platform
information security

30.08.2022

How malware works. Part 1
How malware works. Part 1
information security

19.11.2024

Why you need user monitoring and how it works
Why you need user monitoring and how it works
information security UEBA (User and Entity Behavior Analytics)

05.09.2022

Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
information security

08.02.2022

Response scenarios, or how IS/IT processes are like theatre
Response scenarios, or how IS/IT processes are like theatre
information security

15.11.2022

How the technical side of data leakage protection is organised
How the technical side of data leakage protection is organised
information security

22.08.2022

False or not false?
False or not false?
information security SOAR SOC

09.10.2023

Automating Routine Activities with Security Vision SOAR: A Case Study
Automating Routine Activities with Security Vision SOAR: A Case Study
information security SOAR

29.01.2024

Capabilities of the updated Security Vision SOAR and NG SOAR products
Capabilities of the updated Security Vision SOAR and NG SOAR products
SOAR

18.11.2024

The Hive. Parsing an open source solution
The Hive. Parsing an open source solution
information security IRP SOAR

07.12.2023

Recommended

What social engineering is and how to protect yourself from it
information security

29.07.2024

What social engineering is and how to protect yourself from it
How the data leakage protection system understands what to protect
information security

29.08.2022

How the data leakage protection system understands what to protect
Interaction module with NCCI on the Security Vision platform
information security

30.08.2022

Interaction module with NCCI on the Security Vision platform
How malware works. Part 1
information security

19.11.2024

How malware works. Part 1
Why you need user monitoring and how it works
information security UEBA (User and Entity Behavior Analytics)

05.09.2022

Why you need user monitoring and how it works
Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
information security

08.02.2022

Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
Response scenarios, or how IS/IT processes are like theatre
information security

15.11.2022

Response scenarios, or how IS/IT processes are like theatre
How the technical side of data leakage protection is organised
information security

22.08.2022

How the technical side of data leakage protection is organised
False or not false?
information security SOAR SOC

09.10.2023

False or not false?
Automating Routine Activities with Security Vision SOAR: A Case Study
information security SOAR

29.01.2024

Automating Routine Activities with Security Vision SOAR: A Case Study
Capabilities of the updated Security Vision SOAR and NG SOAR products
SOAR

18.11.2024

Capabilities of the updated Security Vision SOAR and NG SOAR products
The Hive. Parsing an open source solution
information security IRP SOAR

07.12.2023

The Hive. Parsing an open source solution

Other articles

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
information security

12.07.2021

SD-WAN - Orchestrator for large scale networks
SD-WAN - Orchestrator for large scale networks
information security SOAR SIEM

30.10.2023

Information security trends. Part 3
Information security trends. Part 3
information security

16.08.2021

Raising awareness on IS issues
Raising awareness on IS issues
information security

27.06.2024

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
information security SOC MITRE

29.05.2023

Penetration testing
Penetration testing
information security

04.12.2023

Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
information security

05.04.2022

The Hive. Parsing an open source solution
The Hive. Parsing an open source solution
information security IRP SOAR

07.12.2023

Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
information security IRP SOAR

01.12.2022

Other articles

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
information security

12.07.2021

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
SD-WAN - Orchestrator for large scale networks
information security SOAR SIEM

30.10.2023

SD-WAN - Orchestrator for large scale networks
Information security trends. Part 3
information security

16.08.2021

Information security trends. Part 3
Raising awareness on IS issues
information security

27.06.2024

Raising awareness on IS issues
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
information security SOC MITRE

29.05.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
Penetration testing
information security

04.12.2023

Penetration testing
Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
information security

05.04.2022

Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
The Hive. Parsing an open source solution
information security IRP SOAR

07.12.2023

The Hive. Parsing an open source solution
Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
information security IRP SOAR

01.12.2022

Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves

This website uses cookies to ensure you get the best experience.