SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Deepfake protection technologies

Deepfake protection technologies
01.12.2025

In a previous article, we talked about deepfakes, AI models that attackers can use to fake audio, images, and videos. These technologies can be used for entertainment purposes (aging faces, replacing celebrities' faces, funny collages), but they can also be tools for attacking companies. Therefore, in this article we want to analyze various security tools and technologies that can be used to protect organizations and their employees.


Table of contents
1. The connection between deepfake and social engineering
2. Technical means of analysis and protection
3. Protection of biometric systems
4. What organizational and technical measures can be taken
5. How can I verify a fake video in the request-response format?
6. Why is it important to regularly update systems and how to automate it
7. Conclusions and extension of the zero-trust methodology


The connection between deepfake and social engineering


First of all, let's briefly say that deepfake itself is one link in social engineering techniques. The attack is successful because it exploits three fundamental aspects of human psychology:

1. Trust in authority: if the order comes from the supervisor;
2. Trusting visual information: The human brain is programmed to trust what it sees;
3. Trusting the social consensus: if scammers create deepfakes of several executives, the victim will be in the minority, which will suppress the last doubts.


Technical analysis and protection tools


Now let's focus on the technological aspect.


There is a tool developed by Microsoft ResearchMicrosoft Video Authenticator. This is a technology that analyzes a static photo or video and outputs a "confidence score" in percentages, indicating the likelihood that the media file has been artificially altered. In the case of video, this assessment can be provided in real time for each frame, or it can be complex for the entire file.


This tool searches for traces that are invisible to the human eye.: she is trained to detect the "mixing boundaries" of a deepfake. When the AI overlays one face on another, it "mixes" pixels around the edges to make the transition smooth. And Video Authenticator finds these areas of blending, as well as the "subtle fading or gray elements" that remain after this process. In fact, he is looking for microscopic "scars" at the pixel level, left over from the digital "operation" of substitution.


Intel has developed a technology that demonstrates a second, more advanced approach, the search for the "pulse of life." Intel FakeCatcher, instead of looking for errors, is looking for positive confirmation that there is a live person in the video. He does this by analyzing the "blood flow".


Domestic developers have also made a great contribution to the protection of the ringers. For example, MTS Web Services released a detector this year that combines sound analysis using MWS AI, a fake detector from VisionLabs and other developments. A distinctive feature is the focus on media, social networks and instant messengers, which helps to prevent the spread of dangerous fakes and their impact on the mass audience.


For journalists and media professionals, there is a WeVerify plugin for browsers that does not need to be installed as a separate program. It is often used in OSINT and for fact-checking, as well as for detecting deepfakes in the form of pictures and videos.


Another web application, Deepware Scanner, allows you to check a video by simply copying a link to it.


And for commercial users and criminology specialists, there are solutions on the market like Truepic and Sensity, which are also based on technologies for analyzing face replacement, generating text scripts, and cloning voices.


Manufacturers of information security tools also offer AI-based solutions, some of which, like the McAfee Deepfake Detector, help detect scam emails and pages, analyze video materials and audio files by simply playing audio with an interactive scanner enabled.


When the human heart beats, it pumps blood through the veins. This process causes microscopic, invisible to the eye changes in the color of the skin of the face. Conventional video cameras are able to capture these subtle changes in pixels (this method is called photoplethysmography, or PPG). Despite the fact that the creators of deepfakes spend all their computing power on accurately imitating facial expressions, hair and lighting, they cannot simulate the heartbeat and blood flow under the skin. If there is no "pulse of life" in pixels, it is a deepfake.


In the banking and financial sectors, a broader class of technologies known as Liveness Detection is used to protect biometric authentication. These systems (for example, those included in the Luna Pass platform) are designed to determine that there is a real person in front of the camera, and not an imitation of him.


They can use a combination of analysis methods: 3D facial structures (to cut off a 2D photo), textures and reflections (to cut off a mask), micro-eye movements and special challenges.


Finally, there are proactive methods such as Digital Watermarking. The idea is not to detect forgery, but to prevent it when an invisible digital label is embedded in the original, authentic content (for example, in a video of a politician's speech). If someone tries to use this video to create a deepfake, the tag will be damaged or destroyed, which will immediately prove the fact of falsification.


Protection of biometric systems


The AI Security Group of the European Telecommunications Standards Institute (ETSI) has already issued a warning that the level of protection of existing biometric systems and their ability to withstand deepfake attacks varies greatly. Research shows that about 40% of companies or their clients have already experienced fraud attempts using AI images.


Losses from deepfake attacks can be prevented not by the best antivirus, but by the best protocols:


What organizational and technical measures can be taken?


Training and protocols


Conduct regular training, tell your employees, especially in the financial and HR departments, about the existence of deepfakes. Take the Arup case out of the last article on the topic with them. They should know that a video call from a scammer is a reality.


Multifactor authentication (MFA) for transactions should become an immutable law. No major or unusual financial transaction should ever be approved based on just one communication channel, be it an e-mail, a call, or even a video conference. Implement a strict protocol that requires confirmation through a second, independent and pre-established channel (for example, through a secure banking portal or an internal ERP system).


How can I verify a fake video in the request-response format?


Request-response challenges


This is the most effective and low-tech way to defeat deepfake in real time: if you need to use video or audio to verify your identity, implement a request-response protocol that breaks static or pre-recorded forgery. For example, ask the person on the other end of the "wire" to perform a non-trivial, random action in real time. Not just a "nod your head," but something that deepfake can't generate on the fly. "show three fingers of your right hand," "slowly turn your head 90 degrees to the left," "name the object that stands to your left in the room," etc.


For voice identification, ask them to pronounce a complex, randomly generated phrase. Not "I confirm the operation," but something like: "A pink hippopotamus eats lilac blackberries." Voice cloning models will not be able to synthesize this instantly with the correct intonation.


Why is regular system updates important and how to automate them?


Auditing and updating of systems


If your company uses biometric authentication, contact your suppliers. Ask them a direct question: how do their systems resist deepfake attacks? Update the authentication system and use autopatching if we are talking about software that you can control in the perimeter (as it is, for example, arranged in the asset and vulnerability management modules of Security Vision AM and VM).


Support and implement technologies that help label AI-generated content. This is part of a broader corporate and government policy to combat disinformation, but it can prove effective with the growing capabilities of artificial intelligence.


Conclusions and expansion of the zero trust methodology


We have officially entered an era when the principle of Zero Trust is applied to digital content. The old formula of "seeing is believing" no longer works: deepfakes are not just a fan technology for FaceSwap applications, but a powerful tool in the "arms race" of AI. They pose a direct and immediate threat, from financial scams like the Arup case to the fundamental undermining of biometric authentication systems on which digital trust is built.


The solution to this problem lies in a hybrid approach: on the technological front, companies and researchers will improve deepfake detection methods using the advanced tools described in the article, and at the household level, you can use other tips that we gave in the last review of deepfake technology for images, video and audio materials.


We wish you and your data maximum protection, and the systems that provide this protection maximum transparency and manageability so that they can adapt to new threats in time.

Recommended

Technical knowledge of a first-class SOC specialist
Technical knowledge of a first-class SOC specialist

28.10.2024

How hardening works and how it is integrated into information security processes
How hardening works and how it is integrated into information security processes

23.06.2025

CyBОК. Chapter 3. Laws and regulations. Part 3
CyBОК. Chapter 3. Laws and regulations. Part 3

02.10.2025

What are sniffers and how are they used
What are sniffers and how are they used

16.09.2024

What skills a SOC specialist should master
What skills a SOC specialist should master

21.10.2024

Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation
Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation

05.06.2025

No - code development and ML assistants are the next generation of SOC analyst tools
No - code development and ML assistants are the next generation of SOC analyst tools

19.06.2025

Comparative Review: Shodan, ZoomEye , Netlas , Censys , FOFA and Criminal IP. Part 3
Comparative Review: Shodan, ZoomEye , Netlas , Censys , FOFA and Criminal IP. Part 3

10.07.2025

Investigation of incidents and use of specialized tools
Investigation of incidents and use of specialized tools

27.01.2025

Confidentiality, integrity and availability of information
Confidentiality, integrity and availability of information

12.01.2026

Autonomous approach to SOC: applying SRE lessons to Security Operation Center
Autonomous approach to SOC: applying SRE lessons to Security Operation Center

04.09.2025

Compliance in information security
Compliance in information security

16.12.2024

Recommended

Technical knowledge of a first-class SOC specialist

28.10.2024

Technical knowledge of a first-class SOC specialist
How hardening works and how it is integrated into information security processes

23.06.2025

How hardening works and how it is integrated into information security processes
CyBОК. Chapter 3. Laws and regulations. Part 3

02.10.2025

CyBОК. Chapter 3. Laws and regulations. Part 3
What are sniffers and how are they used

16.09.2024

What are sniffers and how are they used
What skills a SOC specialist should master

21.10.2024

What skills a SOC specialist should master
Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation

05.06.2025

Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation
No - code development and ML assistants are the next generation of SOC analyst tools

19.06.2025

No - code development and ML assistants are the next generation of SOC analyst tools
Comparative Review: Shodan, ZoomEye , Netlas , Censys , FOFA and Criminal IP. Part 3

10.07.2025

Comparative Review: Shodan, ZoomEye , Netlas , Censys , FOFA and Criminal IP. Part 3
Investigation of incidents and use of specialized tools

27.01.2025

Investigation of incidents and use of specialized tools
Confidentiality, integrity and availability of information

12.01.2026

Confidentiality, integrity and availability of information
Autonomous approach to SOC: applying SRE lessons to Security Operation Center

04.09.2025

Autonomous approach to SOC: applying SRE lessons to Security Operation Center
Compliance in information security

16.12.2024

Compliance in information security

Other articles

CyBОК. Chapter 3. Laws and regulations. Part 4
CyBОК. Chapter 3. Laws and regulations. Part 4

30.10.2025

Cloud-based versions of information security solutions: pros and cons
Cloud-based versions of information security solutions: pros and cons

25.11.2024

CyBOK. Chapter 1: Introduction
CyBOK. Chapter 1: Introduction

20.02.2025

Out of the box: alienable correlation mechanism
Out of the box: alienable correlation mechanism

26.06.2025

The two pillars of Linux monitoring
The two pillars of Linux monitoring

12.12.2024

Features of the updated Security Vision FinCERT product
Features of the updated Security Vision FinCERT product

30.10.2024

Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts
Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts

13.10.2025

CyBOK. Chapter 2. Risk management and information security management. Part 2
CyBOK. Chapter 2. Risk management and information security management. Part 2

30.04.2025

Capabilities of the updated Security Vision KII product
Capabilities of the updated Security Vision KII product

25.02.2025

Other articles

CyBОК. Chapter 3. Laws and regulations. Part 4

30.10.2025

CyBОК. Chapter 3. Laws and regulations. Part 4
Cloud-based versions of information security solutions: pros and cons

25.11.2024

Cloud-based versions of information security solutions: pros and cons
CyBOK. Chapter 1: Introduction

20.02.2025

CyBOK. Chapter 1: Introduction
Out of the box: alienable correlation mechanism

26.06.2025

Out of the box: alienable correlation mechanism
The two pillars of Linux monitoring

12.12.2024

The two pillars of Linux monitoring
Features of the updated Security Vision FinCERT product

30.10.2024

Features of the updated Security Vision FinCERT product
Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts

13.10.2025

Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts
CyBOK. Chapter 2. Risk management and information security management. Part 2

30.04.2025

CyBOK. Chapter 2. Risk management and information security management. Part 2
Capabilities of the updated Security Vision KII product

25.02.2025

Capabilities of the updated Security Vision KII product

This website uses cookies to ensure you get the best experience.