SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Information security tools - types and description

Information security tools - types and description
15.04.2024

Ruslan Rakhmetov, Security Vision

Information security means are means of technical information protection (abbreviated as STPI, SPSI or SZI) and means of information technology security (abbreviated as SOBIT), which ensure the security of company assets and business processes by reducing the level of cyber risks through the implementation of technical measures and appropriate IS processes. According to the standard GOST R 50922-2006, an information security tool is defined as a technical, software, software and hardware tool, substance and (or) material designed or used to protect information. Protection means perform actions to detect, analyse, eliminate cyber threats, as well as monitor the state of systems, networks and entities. In practice, it is customary to divide PPE into different categories, which have certain unifying features. In this article, we will list these categories and the types of protection systems they include, indicating the Russian and foreign (if applicable) names of the categories and a brief description of the functionality to simplify understanding. It should be noted that this division is very arbitrary, and the same product may fall into different categories depending on the functionality used. In addition, this list will be inexhaustive, since almost every quarter new technologies appear on the IS market, new classes of protection systems are formed, which evolve over time, change the focus of their protective functionality, and move from one category to another.


1. Infrastructure protection, including local (on-prem) and cloud:


- Network Traffic Analysers (NTA, Network Traffic Analyser) - solutions for monitoring network traffic flow to identify signs of VPO, traffic anomalies or violations of IS policies;

- Gateways for building virtual private networks (VPN, Virtual Private Network) - software or hardware solutions for secure network communication between corporate networks, offices, data centres, as well as for secure remote access of employees;

- Next-Generation Firewall (NGFW, Next-Generation Firewall) - software or hardware solutions for network security, traffic filtering, protection against VPO, which are also often equipped with built-in intrusion detection modules (IDS/IPS);

- Security Gateway (UTM, Unified Threat Management) - software or hardware solutions for network security, similar in functionality to NGFW, but providing more out-of-the-box settings and fewer opportunities for deep customisation;

- SWG (Secure Web Gateway) - software or hardware-based network security solutions that focus on web traffic filtering, protection against VPO, network threat prevention, application control, SSL inspection, DNS protection, and data leak protection;

- Network Access Control systems (NAC, Network Access Control) - solutions for ensuring network security by controlling network access of devices and its level depending on various conditions (presence of correctly working protection systems on the device, version of the installed OS, presence of unresolved IS incidents on the device, etc.);

- Content Filtering systems (Content Filtering) - solutions for controlling and restricting user access to certain categories of websites (fraudulent and malicious websites, social networks, advertising, etc.);

- Intrusion Detection Systems (IDS, Intrusion Detection System), Intrusion Prevention Systems (IPS, Intrusion Prevention System) - software or hardware solutions for network security that analyse network traffic and device RAM, installed at the network level or on end devices to detect attempts to launch exploits, VPOs, unauthorised access to resources, IDS only detect such facts, while IPS allow blocking malicious traffic and VPOs;

- Application-level firewalls (WAF, Web Application Firewall) - software or hardware solutions for network security designed for deep analysis of network traffic at the L7 level and behavioural analysis of clients' work with a web application with blocking of suspicious actions and installation of virtual patches;

- Anti-DDoS (Anti-DDoS) systems - high-performance solutions to provide protection against DDoS attacks by filtering and cleaning rubbish traffic, blocking malicious or unwanted web requests;

- Endpoint protection systems (EDR, Endpoint Detection and Response) - solutions for endpoint protection (servers, workstations, laptops) with extended functionality relative to classic antiviruses, which includes not only protection against VPO, but also monitoring of device status and behaviour, saving event logs, the ability to perform active response and recovery actions on the device.

- XDR (Extended Detection and Response) systems - solutions for comprehensive protection of information infrastructure, including components installed on devices, servers (mail, proxy, web servers), network and cloud infrastructure elements, with a single management console, a common policy of threat detection and response, a built-in correlation kernel and IS event analysis tools;

- Sandbox systems - solutions for creating an isolated, controlled environment for testing suspicious files and scanning them for signs of VPO;

- Mobile Device Management (MDM, Mobile Device Management or EMM, Enterprise Mobility Management) - solutions for controlling portable devices (smartphones, tablets, laptops) with the ability to check the device for security threats and compliance with security policies, with support for enterprise software installation and restricting user access to critical device settings;

- Security tools for industrial Internet of Things devices and ACS segments - specialised solutions for the protection of systems, networks and devices used in industry, with support for proprietary and industrial data transfer protocols, taking into account the peculiarities of the functioning of industrial devices, usage scenarios relevant to industry cyber threats;

- Cloud Access Security Brokers (CASB, Cloud Access Security Broker) - solutions for controlling users' work with cloud services, managing data processing policies and access to applications in the cloud, detecting malicious or unwanted activity;

- Cloud Workload Protection Platforms (CWPP) - a tool for monitoring cloud applications, environments, servers, containers, functions, with support for vulnerability management, VPO and exploit detection, network microsegmentation, cloud application permission list management, integrity monitoring, anomaly detection, cyber threat response;

- Cloud Security Posture Management (CSPM) platforms - a tool for identifying cyber risks in cloud infrastructure, detecting vulnerabilities in cloud configuration, performing compliance checks of cloud infrastructure components (e.g., controlling and restricting user and application access to personal data in the cloud);

- Zero Trust Network Access (ZTNA) - solutions for providing network access (remote and local) based on continuous verification of the subject's (user, service, entity, device) access rights to an object (information resource, asset) with verification of the subject's cyber security status and granular network access rules (only to a specific application, service, IP address, port);

- Secure Access Service Edge (SASE, Secure Access Service Edge) platforms - a solution to ensure network security of cloud and remote access by applying SWG and CASB security solutions, ZTNA and SD-WAN (software-defined networking) networking technologies;

- Vulnerability Management, Vulnerability Scanner - tools for finding vulnerabilities in the infrastructure, accounting for them, prioritising them, controlling remediation tasks, and managing assets and configurations;

- Attack Surface Management (ASM, Attack Surfare Management) - solutions for continuous search, analysis, prioritisation, and management of vulnerabilities and potential cyber attack vectors;

- Code analyzers, including solutions for static code analysis (SAST, Static Application Security Testing), dynamic code analysis (DAST, Dynamic Application Security Testing), interactive code analysis (IAST, Interactive Application Security Testing), behavioural code analysis (BAST, Behavioral Application Security Testing), runtime application security protection (RASP, Runtime Application Security Protection), software composition analysis (SCA, Software Composition Analysis), Open Source Analysis (OSA, Open Source Analysis), API Security Testing (API Security Testing) - products for ensuring software security by means of source code analysis for errors and vulnerabilities, analysis of software behaviour during execution and use, analysis of software dependencies on third-party components, control of API interactions.


2. Cybersecurity event management:


- Security Information and Event Management (SIEM, Security Information and Event Management) systems - solutions for collecting IS events, storing, analysing, enriching, correlating, and reporting on IS incidents;

- IS Incident Response Platforms (IRP, Incident Response Platform and SOAR, Security Orchestration, Automation and Response) - systems for automating IS incident management (preparation, detection, analysis, containment, cyber incident management and cyber incident recovery);

- Threat Intelligence Platforms (TIP) - systems for acquiring, analysing, enriching, and applying cyber threat analytics data (e.g., indicators of compromise, indicators of attacks, descriptions of cybercriminal group tactics and techniques);

- UEBA (User and Entity Behavior Analytics) systems - solutions for identifying anomalies in the behaviour of user accounts and entities (devices, applications, services, etc.) to detect cyber incidents;

- SGRC (Security Governance, Risk Management and Compliance) automation platforms - systems for managing and automating IS processes, including high-level IS management, cyber risk management, compliance, with functionality for asset management, vulnerability management, configuration management, cyber risk management, audits, internal IS documents, business continuity, data visualisation and reporting;

- Decoy systems and decoy networks / resources (DDP, Distributed Deception Platform and Honeynet / Honeypot) - solutions for creating a controlled, isolated infrastructure similar in properties to a company's real information infrastructure, but used to mislead and learn from attackers, detect malicious activities and the ultimate targets of cyberattacks;

- Computer forensic investigation (forensic research) platforms - software and hardware solutions to conduct in-depth analyses of devices affected by a cyber incident or used to commit cybercrime;

- Anti-fraud systems (anti-fraud systems) - solutions for detecting and preventing fraud (computer, telephone, banking, etc.), which allow, based on a number of signs and properties of events, to make an assumption about probable illegal or unauthorised actions and block their execution;

- Cybersecurity awareness and training platforms (Awareness-platforms) - solutions for educating employees on corporate cybersecurity rules and identifying threats (phishing, VPO, fraud) using web portals, gamification, immersive learning.


3. Data Protection:


- Credential management platforms (IAM, Identity and Access Management and IGA, Identity Governance and Administration) - solutions for authentication and authorisation of user and entity accounts with control, analysis and revocation of access rights;

- Privileged Account Management (PAM) - systems for controlling and analysing actions performed by privileged users (e.g. administrators) by recording privileges granted, actions performed on information resources, authentication with additional checks, and recording actions performed;

- SSO (Single Sign-On), multifactor authentication, biometric authentication - systems for account protection, simplification and additional control of the user authentication process;

- Cryptographic information protection means - systems that use cryptographic transformations to ensure the integrity, confidentiality, authenticity, unrecoverability of information, including products for information encryption (in storage, transmission, use) and electronic signature;

- Application control tools - solutions for software control (installation, removal, launch, execution), which function by building a list of authorised and unauthorised applications and controlling their actions after installation and launch;

- Secure Email Gateway (SEG, Secure Email Gateway) - solutions for filtering spam, phishing messages, VPO, data leaks, additional authentication of email messages (SPF, DKIM, DMARC);

- Data Diodes - hardware devices that isolate network segments or devices by physically controlling the interface pins used to receive or send information;

- DLP (Data Loss Prevention) systems - solutions for controlling the processing of confidential information in information systems, including its use and transmission through various channels, with the application of policies to block or allow the processing of information depending on its confidentiality level;

- Employee Productivity Monitoring systems (Employee Productivity Monitoring) - solutions for monitoring, recording and analysing the actions performed by employees on corporate devices in order to assess the efficiency of working time usage and protect against data leaks;

- Unstructured Data Audit and Protection Platforms (DCAP, Data-Centric Audit and Protection and DAG, Data Access Governance) - solutions for controlling the processing of unstructured data with the functionality of data classification, storage location detection, control and restriction of access rights to them, data processing journaling;

- Database Security platforms (Database Security) - solutions for protection of control over processing of structured data processed in databases, with the functionality of setting and applying data processing policies, control and restriction of access rights to them, data processing journaling;

- Hardware Trusted Boot Modules (TPM, Trusted Platform Module) - hardware solutions to protect devices (servers, workstations, laptops) from unauthorised OS booting from external media, control the integrity of OS files, store key information, perform cryptographic operations;

- Information protection against unauthorised access (IPS against intrusion) - solutions for technical implementation of a set of measures to protect against unauthorised access, including modules for user authentication, access control and document marking, creation of a closed software environment, logging of IS events, integrity control, control of access to peripheral equipment, guaranteed data destruction.


information security IRP SIEM SOAR

Recommended

Security of transfers and payment for goods via SBP. Part 1
Security of transfers and payment for goods via SBP. Part 1
information security

06.06.2022

What social engineering is and how to protect yourself from it
What social engineering is and how to protect yourself from it
information security

29.07.2024

New approaches and new opportunities for network infrastructure monitoring
New approaches and new opportunities for network infrastructure monitoring
information security

16.05.2022

Web Application Security: WAF
Web Application Security: WAF
information security SOAR

07.11.2022

XDR - eXtended Detection and Response
XDR - eXtended Detection and Response
information security SOAR UEBA (User and Entity Behavior Analytics)

28.11.2022

Why you need user monitoring and how it works
Why you need user monitoring and how it works
information security UEBA (User and Entity Behavior Analytics)

05.09.2022

New generation of reports
New generation of reports
information security IRP SOAR

07.08.2023

How the data leakage protection system understands what to protect
How the data leakage protection system understands what to protect
information security

29.08.2022

Information security trends. Part 3
Information security trends. Part 3
information security

16.08.2021

SSDL: Dev vs Sec
SSDL: Dev vs Sec
information security

25.09.2023

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
information security SOC MITRE

02.05.2023

The Three Elephants of Windows Logging
The Three Elephants of Windows Logging
information security

14.11.2024

Recommended

Security of transfers and payment for goods via SBP. Part 1
information security

06.06.2022

Security of transfers and payment for goods via SBP. Part 1
What social engineering is and how to protect yourself from it
information security

29.07.2024

What social engineering is and how to protect yourself from it
New approaches and new opportunities for network infrastructure monitoring
information security

16.05.2022

New approaches and new opportunities for network infrastructure monitoring
Web Application Security: WAF
information security SOAR

07.11.2022

Web Application Security: WAF
XDR - eXtended Detection and Response
information security SOAR UEBA (User and Entity Behavior Analytics)

28.11.2022

XDR - eXtended Detection and Response
Why you need user monitoring and how it works
information security UEBA (User and Entity Behavior Analytics)

05.09.2022

Why you need user monitoring and how it works
New generation of reports
information security IRP SOAR

07.08.2023

New generation of reports
How the data leakage protection system understands what to protect
information security

29.08.2022

How the data leakage protection system understands what to protect
Information security trends. Part 3
information security

16.08.2021

Information security trends. Part 3
SSDL: Dev vs Sec
information security

25.09.2023

SSDL: Dev vs Sec
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
information security SOC MITRE

02.05.2023

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
The Three Elephants of Windows Logging
information security

14.11.2024

The Three Elephants of Windows Logging

Other articles

Review of the publication NIST SP 800-167 "Guide to Application Whitelisting"
Review of the publication NIST SP 800-167 "Guide to Application Whitelisting"
information security

11.10.2022

MITRE: followers and antagonists
MITRE: followers and antagonists
information security

23.10.2023

Overview of information security tools: users and data
Overview of information security tools: users and data
information security IRP SOAR

19.09.2022

Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
information security IRP SOAR

01.12.2022

Quality metrics for dynamic playbooks
Quality metrics for dynamic playbooks
information security MITRE

11.07.2024

More alive than ever: business continuity
More alive than ever: business continuity
information security

16.05.2024

Interaction module with NCCI on the Security Vision platform
Interaction module with NCCI on the Security Vision platform
information security

30.08.2022

SSDL: ML for code and behaviour testing of opensource solutions
SSDL: ML for code and behaviour testing of opensource solutions
information security

30.05.2024

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
information security SOC MITRE

17.07.2023

Other articles

Review of the publication NIST SP 800-167 "Guide to Application Whitelisting"
information security

11.10.2022

Review of the publication NIST SP 800-167 "Guide to Application Whitelisting"
MITRE: followers and antagonists
information security

23.10.2023

MITRE: followers and antagonists
Overview of information security tools: users and data
information security IRP SOAR

19.09.2022

Overview of information security tools: users and data
Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
information security IRP SOAR

01.12.2022

Threat analysis and cyber intelligence: what problems the updated Security Vision TIP solves
Quality metrics for dynamic playbooks
information security MITRE

11.07.2024

Quality metrics for dynamic playbooks
More alive than ever: business continuity
information security

16.05.2024

More alive than ever: business continuity
Interaction module with NCCI on the Security Vision platform
information security

30.08.2022

Interaction module with NCCI on the Security Vision platform
SSDL: ML for code and behaviour testing of opensource solutions
information security

30.05.2024

SSDL: ML for code and behaviour testing of opensource solutions
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’
information security SOC MITRE

17.07.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #11 ‘Increase Efficiency by Expanding SOC Functionality’

This website uses cookies to ensure you get the best experience.