SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

FSTEC certification

FSTEC certification
08.04.2024

Ruslan Rakhmetov, Security Vision

When implementing cyber security projects, care should be taken when selecting information protection means, especially when protecting restricted access information protected in accordance with the requirements of Russian legislation, including personal data, data of critical information infrastructure and state information systems, as well as state secrets. The means of technical information protection (abbreviated as TPSI, SPSI or SIZ) and means of ensuring the security of information technologies (abbreviated as SOBIT) are designed to reduce the level of cyber risks of an organisation through the implementation of technical measures and appropriate IS processes that ensure the security of assets and business processes. The defences themselves are designed, among other things, to perform actions to detect, analyse, remediate cyber threats, as well as monitor the state of systems, networks and entities (interfaces, applications, devices, user accounts, etc.).


In Russian regulatory practice, there is a division of anti-virus protection systems into anti-virus protection systems, intrusion detection systems, firewalls, trusted downloading systems, protection against unauthorised transfer of protected information, removable storage media control systems, IS event management systems, etc. Organisations should also take into account the requirements of Russian regulations when selecting solutions that, from a legislative point of view, will implement the correct security functions to protect information and counteract certain threats. Such protection systems are called certified, because they have undergone certification procedures for compliance with information security requirements; such certification is carried out by government agencies (FSTEC of Russia, FSB of the Russian Federation, Defence Ministry of the Russian Federation) or commercial structures (for example, there is a system of voluntary certification ‘Gazpromsert’). In this article we will tell you about the most popular certification system of FSTEC of Russia, about classes of certified solutions, levels of trust and levels of control.


So, the fundamental document in the certification system of the FSTEC of Russia is the Regulation on the system of certification of information protection means, approved by the Order of the FSTEC of Russia №55 from 03.04.2018. This document describes the general procedure for certification of means of countering foreign technical intelligence, means of technical protection of information, means of ensuring the security of information technologies, as well as means of controlling the effectiveness of these solutions. It is separately emphasised that the certification is not carried out for foreign-made anti-intrusion systems - in the realities of 2024 this is obvious, but even before 2022 foreign vendors very rarely dared to undergo domestic certification procedures (mainly due to the need to provide the regulator with extensive information about the products). Participants in the procedure of certification of an ASI are:


  • The direct manufacturer of the solution (develops the solution, submits it to the testing laboratory for verification, generates supporting documentation, as well as eliminates identified vulnerabilities and undeclared capabilities, issues updates, and updates the documentation);
  • Testing laboratory (conducts certification tests of the protection systems);
  • Certification body (conducts certification and issues a certificate of conformity);
  • Federal Certification Body (FSTEC of Russia organises and controls the entire system of certification of protection systems).


FSTEC certification is carried out for a single sample or a batch of an ASI (if there is no serial production of the solution), as well as for serial production of an ASI (tests are carried out on sample samples of the solution, the process of its production and support is also checked). The document emphasises that, within the framework of the certification system, testing laboratories and certification bodies must ensure the protection of information received from the manufacturer of a protection system, as well as protect information about the methods of certification testing.


The certification process itself includes the following stages:


  • Submission of an application for certification;
  • Adoption of a decision to certify an ASI;
  • Certification testing of the protection equipment;
  • Drawing up an expert opinion on the results of certification;
  • Issuance of a certificate of conformity.


In addition, additional and related actions may be performed, such as reissuance of the certificate, extension of its validity, suspension or termination (revocation) of the certificate. A certificate may be suspended for a period not exceeding 90 days for various reasons, including the identification of vulnerabilities or undeclared capabilities in the certified solution or the termination of technical support provided by the vendor to users of the product. If the vendor fails to eliminate the identified deficiencies or to resume technical support, the certificate of conformity may be withdrawn. The regulator keeps and maintains the state register of certified information protection products, available at https://reestr.fstec.ru/reg3.


Next, let's move on to the description of classes of certified solutions, we will tell you about trust levels and control levels - these terms are described in the document ‘Information Security Requirements Establishing Trust Levels for Means of Technical Information Protection and Means of Information Technology Security’, approved by the Order of FSTEC of Russia No. 76 dated 02.06.2020. This document defines 6 levels of confidence in FIS and SOBIT, which characterise the safety of their application for processing and protection of restricted access information and for ensuring the security of significant objects of CII of the Russian Federation. The lowest level of trust is the sixth, the highest - the first, and they are differentiated as follows:


  • FIS and SOBITs corresponding to the 6th level of trust can be used at ZOKII with the 3rd category of significance, in GIS with the 3rd class of security, in automated process control systems with the 3rd class of security, in ISPDN if it is necessary to ensure the 3rd and 4th levels of protection of personal data;
  • FIRS and SOBITs corresponding to confidence level 5 may be used on ZOKII with the 2nd category of significance, in GIS with the 2nd security class, in automated process control systems with the 2nd security class, in ISPDNs if it is necessary to ensure the 2nd level of personal data security;
  • FIRS and SOBITs corresponding to the 4th confidence level can be used on ZOKII with the 1st category of significance, in GIS with the 1st security class, in automated process control systems with the 1st security class, in ISPDN if it is necessary to ensure the 1st level of protection of personal data, in public information systems of the 2nd class;
  • NWIs and SOBITs corresponding to the 1st, 2nd, 3rd confidence levels are used in information systems processing state secrets.


The document also establishes the correspondence between the classes of FPS and SIT (computer hardware) and the levels of trust: Class 6 FPS must correspond to the 6th level of trust, Class 5 FPS - to the 5th level of trust, Class 4 FPS and Class 5 SIT - to the 4th level of trust. The text also provides a set of requirements for the development, production, testing (as part of certification), and support of FPSIs and SOBITs. The requirements for the development and production of FAS and SOBIT include requirements for the development of the security model, design of the solution and its security architecture, development of the functional specification and documentation (design, operational, secure development), as well as development tools and solution configuration management. Testing requirements include requirements for testing solutions, for testing to find vulnerabilities and undeclared capabilities, and for analysing hidden control and data channels in the solution. Finally, requirements for solution security support include requirements to remediate solution flaws (including vulnerabilities and undeclared capabilities), to install updates and provide updated documentation, to notify users of the end of support or production of the solution, and to document procedures for installing updates and remediating flaws.


In addition, the work to find vulnerabilities and undeclared capabilities in FIS and SOBIT is subject to additional control level requirements:


  • Testing of solutions compliant with confidence level 6 must be conducted according to level 6 controls, including checking the solutions' hardware platforms for chips that could affect security functions or could be used to implement threats;
  • Testing of solutions complying with confidence level 5 shall be performed according to the 5th level of control, including additional to the 6th level verification of correctness of structural and functional schemes of the hardware platform, as well as verification of correctness of data from the solution form;
  • Testing of solutions complying with confidence level 4 shall be performed according to control level 4, including additional to level 5 verification of hardware platform components for compliance with structural and functional schemes, as well as verification of potentially dangerous hardware components that may affect security functions or may be used to implement threats.

Recommended

Logins, passwords and other authentication methods: description, features, threats
Logins, passwords and other authentication methods: description, features, threats
information security

10.06.2024

Overview of information security tools: users and data
Overview of information security tools: users and data
information security IRP SOAR

19.09.2022

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
information security SOC MITRE

04.07.2023

Security automation with the MITRE matrix variety
Security automation with the MITRE matrix variety
information security SOAR SOC

11.09.2023

Review of NIST Publication SP 800-184, Guide for Cybersecurity Event Recovery
Review of NIST Publication SP 800-184, Guide for Cybersecurity Event Recovery
information security IRP SOAR

27.06.2022

Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
information security IRP SOAR

01.12.2022

What trusted boot tools are and what they are used for
What trusted boot tools are and what they are used for
information security

01.04.2024

Role-based security model and its differences from the attribute-based access control model
Role-based security model and its differences from the attribute-based access control model
information security

26.08.2024

SGRC by law. Finance
SGRC by law. Finance
information security

08.11.2021

Security Vision's ‘tricks’: objects and processes
Security Vision's ‘tricks’: objects and processes
information security

27.02.2023

Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
information security IRP SOAR

18.07.2023

IRP/SOAR by law. Finance
IRP/SOAR by law. Finance
information security

18.10.2021

Recommended

Logins, passwords and other authentication methods: description, features, threats
information security

10.06.2024

Logins, passwords and other authentication methods: description, features, threats
Overview of information security tools: users and data
information security IRP SOAR

19.09.2022

Overview of information security tools: users and data
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
information security SOC MITRE

04.07.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #9 ‘Communicate, Interact, Share Information’
Security automation with the MITRE matrix variety
information security SOAR SOC

11.09.2023

Security automation with the MITRE matrix variety
Review of NIST Publication SP 800-184, Guide for Cybersecurity Event Recovery
information security IRP SOAR

27.06.2022

Review of NIST Publication SP 800-184, Guide for Cybersecurity Event Recovery
Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
information security IRP SOAR

01.12.2022

Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
What trusted boot tools are and what they are used for
information security

01.04.2024

What trusted boot tools are and what they are used for
Role-based security model and its differences from the attribute-based access control model
information security

26.08.2024

Role-based security model and its differences from the attribute-based access control model
SGRC by law. Finance
information security

08.11.2021

SGRC by law. Finance
Security Vision's ‘tricks’: objects and processes
information security

27.02.2023

Security Vision's ‘tricks’: objects and processes
Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
information security IRP SOAR

18.07.2023

Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
IRP/SOAR by law. Finance
information security

18.10.2021

IRP/SOAR by law. Finance

Other articles

Review of the publication NIST SP 800-207 "Zero Trust Architecture"
Review of the publication NIST SP 800-207 "Zero Trust Architecture"
information security

22.03.2022

Features of the new version of the Security Vision UEBA product
Features of the new version of the Security Vision UEBA product
information security SOAR UEBA (User and Entity Behavior Analytics)

04.04.2024

How to learn how to build a Kilchain
How to learn how to build a Kilchain
information security IRP SOAR

20.11.2023

SGRC by law. Finance
SGRC by law. Finance
information security

08.11.2021

The usefulness of IT systems in the work of an IS analyst
The usefulness of IT systems in the work of an IS analyst
information security SOC

26.02.2024

IDE for development of no-code security features
IDE for development of no-code security features
information security SOAR SIEM

06.06.2024

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
information security

12.07.2021

Open software supply chain attack reference (OSC&R)
Open software supply chain attack reference (OSC&R)
information security MITRE

02.05.2024

Logins, passwords and other authentication methods: description, features, threats
Logins, passwords and other authentication methods: description, features, threats
information security

10.06.2024

Other articles

Review of the publication NIST SP 800-207 "Zero Trust Architecture"
information security

22.03.2022

Review of the publication NIST SP 800-207 "Zero Trust Architecture"
Features of the new version of the Security Vision UEBA product
information security SOAR UEBA (User and Entity Behavior Analytics)

04.04.2024

Features of the new version of the Security Vision UEBA product
How to learn how to build a Kilchain
information security IRP SOAR

20.11.2023

How to learn how to build a Kilchain
SGRC by law. Finance
information security

08.11.2021

SGRC by law. Finance
The usefulness of IT systems in the work of an IS analyst
information security SOC

26.02.2024

The usefulness of IT systems in the work of an IS analyst
IDE for development of no-code security features
information security SOAR SIEM

06.06.2024

IDE for development of no-code security features
Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
information security

12.07.2021

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
Open software supply chain attack reference (OSC&R)
information security MITRE

02.05.2024

Open software supply chain attack reference (OSC&R)
Logins, passwords and other authentication methods: description, features, threats
information security

10.06.2024

Logins, passwords and other authentication methods: description, features, threats

This website uses cookies to ensure you get the best experience.