SOT
SOAR
Security Orchestration, Automation and Response
NG SOAR
Next Generation SOAR
AM
Asset Management
VM
Vulnerability Management
FinCERT
Financial Computer Emergency Response Team
GovCERT
Government Computer Emergency Response Team
Questions and answers
What are Security Vision products for?
Each Security Vision product solves its own individual problems, but in general, Security Vision solutions are suitable for automating IT and information security tasks, digitalization and increasing process transparency. The goal of automation itself, as a rule, is to reduce personnel labor costs for solving operational and strategic problems.
We highlight 3 areas of development for developments that can be used as separate products, or as modules as part of a general installation in arbitrary combinations.
We highlight 3 areas of development for developments that can be used as separate products, or as modules as part of a general installation in arbitrary combinations.
What areas and products does Security Vision have?
We identify 3 areas of development of the Platform, products (securityvision.ru/products) of which can be combined with each other, not limited to one:
The technological direction includes products for managing (orchestrating) various solutions (including third-party ones) that are suitable for solving applied technical problems of information security and automation in IT:
- incident management, SOAR
- advanced incident management, NG SOAR (SOAR + AM + VM + SIEM + security scanner)
- asset management, AM
- vulnerability management, VM
- bilateral interaction with NKTsKI, GosSOPKA
- bilateral interaction with the Central Bank, FinCERT
The process area includes solutions aimed at solving audit and compliance problems, meeting regulatory requirements and other “paper” security tasks:
- compliance with the requirements of Federal Law-187, KII
- cybersecurity risk management, RM
- operational risk management, ORM
- management of compliance of arbitrary NMD, CM
- business continuity management, BCP
The analytical direction includes products for analyzing big data, conducting complex analytics and simplifying the work of specialists using technology sets including machine learning:
- Threat analysis, cyber intelligence and threat hunting, TIP
- Behavioral analysis, UEBA
- Anomaly detection with machine learning, AD + ML
The technological direction includes products for managing (orchestrating) various solutions (including third-party ones) that are suitable for solving applied technical problems of information security and automation in IT:
- incident management, SOAR
- advanced incident management, NG SOAR (SOAR + AM + VM + SIEM + security scanner)
- asset management, AM
- vulnerability management, VM
- bilateral interaction with NKTsKI, GosSOPKA
- bilateral interaction with the Central Bank, FinCERT
The process area includes solutions aimed at solving audit and compliance problems, meeting regulatory requirements and other “paper” security tasks:
- compliance with the requirements of Federal Law-187, KII
- cybersecurity risk management, RM
- operational risk management, ORM
- management of compliance of arbitrary NMD, CM
- business continuity management, BCP
The analytical direction includes products for analyzing big data, conducting complex analytics and simplifying the work of specialists using technology sets including machine learning:
- Threat analysis, cyber intelligence and threat hunting, TIP
- Behavioral analysis, UEBA
- Anomaly detection with machine learning, AD + ML
What affects the cost? How is the product licensed?
The cost of the final solution consists of:
1) functionality (set of modules, products);
2) the number of connectors (integrations with third-party solutions and services) or the number of processed events per second from external systems (this metric is used for a number of highly loaded modules);
Advanced options:
3) additional nodes (for fault tolerance, load balancing, separation of installations or for other reasons);
4) level of technical support – standard or extended;
5) type of license – permanent, temporary (Capex, Opex);
6) multi-tenancy – the number of legal entities connected to the service, serviced within the framework of a common installation (for holdings and MSSP providers).
1) functionality (set of modules, products);
2) the number of connectors (integrations with third-party solutions and services) or the number of processed events per second from external systems (this metric is used for a number of highly loaded modules);
Advanced options:
3) additional nodes (for fault tolerance, load balancing, separation of installations or for other reasons);
4) level of technical support – standard or extended;
5) type of license – permanent, temporary (Capex, Opex);
6) multi-tenancy – the number of legal entities connected to the service, serviced within the framework of a common installation (for holdings and MSSP providers).
How much do Security Vision products cost?
Contact us by writing to sales@securityvision.ru for consultation, filling out a questionnaire and receiving an individual calculation.
We don't have money for Capex, but we do have Opex. Can you sell us fixed-term licenses?
Yes, of course, it is possible to purchase both fixed-term licenses (Opex) and perpetual licenses (Capex).
What is the validity period of Security Vision licenses?
By default, the validity period of licenses is not limited - permanent (Capex), from the second year the subscription is extended (technical support). However, the Customer has the option of purchasing time-limited licenses (Opex) with support included.
What is the validity period of Security Vision licenses?
By default, the validity period of licenses is not limited - permanent (Capex), from the second year the subscription is extended (technical support). However, the Customer has the option of purchasing time-limited licenses (Opex) with support included.
How much does it cost to extend support?
The cost of technical support depends on the selected service level. The cost of each level has a percentage dependence on the cost of software licenses and is:
1) In license format (software update):
a) 25% standard technical support;
b) 33% extended technical support;
2) In the form of a certificate (including VAT - included in the price):
a) 30% standard technical support;
b) 40% extended technical support;
3) When providing services (including VAT - included in the price):
a) 35% standard technical support;
b) 45% extended technical support;
1) In license format (software update):
a) 25% standard technical support;
b) 33% extended technical support;
2) In the form of a certificate (including VAT - included in the price):
a) 30% standard technical support;
b) 40% extended technical support;
3) When providing services (including VAT - included in the price):
a) 35% standard technical support;
b) 45% extended technical support;
Does your system have an API?
Yes, the platform has an API. The interaction of the platform with technology partners is carried out using the platform API and technology partners’ API.
How is Security Vision implemented?
The implementation of Security Vision products can be carried out both by integrator partners and by the own resources of Intellectual Security LLC.
Typically the work includes:
— software supply;
— pre-project inspection and consulting;
— development of design documentation;
— installation of the system and configuration of its components;
— conducting consultations.
Typically the work includes:
— software supply;
— pre-project inspection and consulting;
— development of design documentation;
— installation of the system and configuration of its components;
— conducting consultations.
How many people are needed to operate the system?
At least one trained technician is required to perform the following tasks:
- administration of the Security Vision platform and solutions (0.5 FTE);
- development and management (minimum 0.5 FTE).
- administration of the Security Vision platform and solutions (0.5 FTE);
- development and management (minimum 0.5 FTE).
If we need to change something, will we need to contact you as a developer?
There is no need to contact the developer; most changes can be made independently within the framework of the basic functionality of the Platform.
Security Vision is the first information security platform with full support for low-code and no-code development and customization.
The platform is a modular designer that allows you to use a wide range of settings to customize the logic of work (data collection and analysis, connections between any objects, visibility and accessibility of information according to the role model) and the appearance of the solution (data composition and formatting when describing objects, cards and tabular views, nesting and names of menu items, connection graphs and other visualization).
Security Vision is the first information security platform with full support for low-code and no-code development and customization.
The platform is a modular designer that allows you to use a wide range of settings to customize the logic of work (data collection and analysis, connections between any objects, visibility and accessibility of information according to the role model) and the appearance of the solution (data composition and formatting when describing objects, cards and tabular views, nesting and names of menu items, connection graphs and other visualization).
What is low code/no code?
This is a development format in which, in order to customize and create your own solutions, you do not need to make changes to the source code and it is not necessary (although possible) to write your own scripts in various programming languages.
Customization can be done using the web interface.
Customization can be done using the web interface.
How is the data source connector different from the Security Vision Reaction Connector?
In the current version of Security Vision solutions, collection and response connectors are combined within a common configuration and transport, so one connector can be used for both tasks:
- collecting data from IT and information security systems;
- ensuring response to IT systems and information security tools in accordance with response scenarios.
- collecting data from IT and information security systems;
- ensuring response to IT systems and information security tools in accordance with response scenarios.
Is it necessary to install the agent part of the software (client on the host)?
Security Vision solutions can be either agentless (without the need for client software) or agent-based.
If necessary, third-party solutions with agents (for example, DLP or AV/EDR) can be used using the connector.
If necessary, third-party solutions with agents (for example, DLP or AV/EDR) can be used using the connector.
What operating systems can be used to install products?
The platform and all Security Vision products support the following operating systems:
- CentOS Stream 8 and higher;
- Red Hat Ent. Linux 8 and higher;
- Ubuntu 20.04 and higher;
- Debian 10 and higher;
- Astra Linux SE (Special Edition) release "Smolensk";
- Alto 8 SP;
- Alt Server 10 and higher;
- Oracle Linux 8 and higher;
- EDIT OS current version;
- ROSA "COBALT";
- AlmaLinux 9;
- AlterOS 7.5
- Microsoft Windows Server 2016 and higher.
The above list of supported operating systems is constantly updated and tested. For exact information on supporting the OS you need, please contact our managers (sales@securityvision.ru).
- CentOS Stream 8 and higher;
- Red Hat Ent. Linux 8 and higher;
- Ubuntu 20.04 and higher;
- Debian 10 and higher;
- Astra Linux SE (Special Edition) release "Smolensk";
- Alto 8 SP;
- Alt Server 10 and higher;
- Oracle Linux 8 and higher;
- EDIT OS current version;
- ROSA "COBALT";
- AlmaLinux 9;
- AlterOS 7.5
- Microsoft Windows Server 2016 and higher.
The above list of supported operating systems is constantly updated and tested. For exact information on supporting the OS you need, please contact our managers (sales@securityvision.ru).
What is used as a container orchestrator in the platform architecture?
Security Vision solutions do not necessarily run in containers, but also do not impose restrictions on the use of orchestrators, provided that the necessary network interaction between components is ensured.
What DBMS can be used in the product?
The main DBMS is selected depending on the operating system and the desire to use a commercial analogue. In general, the Security Vision platform uses the following DBMS:
- PostgreSQL (default, free)
- PostgreSQL;
- Jatoba;
- MS SQL.
The above list of supported DBMSs is constantly updated and tested. For exact information on supporting the DBMS you need, please contact our managers (sales@securityvision.ru).
To solve additional problems (optional), additional free DBMSs are used, which are also included in the package:
- Elasticsearch – for storing events (optional);
- ClickHouse – for real-time analytical queries (optional).
- PostgreSQL (default, free)
- PostgreSQL;
- Jatoba;
- MS SQL.
The above list of supported DBMSs is constantly updated and tested. For exact information on supporting the DBMS you need, please contact our managers (sales@securityvision.ru).
To solve additional problems (optional), additional free DBMSs are used, which are also included in the package:
- Elasticsearch – for storing events (optional);
- ClickHouse – for real-time analytical queries (optional).
Is it necessary to purchase or use additional software for the platform to function?
The installer will install everything necessary on dedicated servers with the installed OS. The DBMS included in the product are free:
Commercial OS (for example, Astra Linux SE) or DBMS (for example, Postgres Pro) can be purchased separately (not necessary for operation).
Commercial OS (for example, Astra Linux SE) or DBMS (for example, Postgres Pro) can be purchased separately (not necessary for operation).
Are there any restrictions for performing backups?
There are no restrictions on database backups. The settings of the DBMS included in the final solution are used (see above)
Is there any downtime when updating the platform?
On average, we are talking about “downtime” of tens of minutes, on large projects – about an hour.
When upgrading, you actually need to stop, update, and restart the Security Vision services.
When upgrading, you actually need to stop, update, and restart the Security Vision services.
How is the security of Security Vision products ensured?
Each release is analyzed by a static (SAST) and dynamic (DAST) code analyzer.
There are no technical restrictions on the part of Security Vision software to use different encryption algorithms.
The default NGINX settings provide encryption (HTTPS), the default is the OpenSSL library.
Encryption of SSH sessions supports algorithms that are declared in RFC 4251.
There are no technical restrictions on the part of Security Vision software to use different encryption algorithms.
The default NGINX settings provide encryption (HTTPS), the default is the OpenSSL library.
Encryption of SSH sessions supports algorithms that are declared in RFC 4251.
What systems does Security Vision integrate with?
The set “out of the box” includes 100+ connectors to various information security and IT systems (examples of systems for various products can be studied in their descriptions securityvision.ru/products).
“Boxed” integrations can be supplemented during implementation and during operation; to collect data, the universal graphical tool Security Vision is used to connect any IP-based systems using common and less common data protocols:
- HTTP (API requests get, post, put, patch, delete) and DNS;
- Kafka (for example, for Hadoop integration);
- databases (SQL queries in the database: MS SQL, MySQL, Postgres and Oracle);
- files (read/write operations with machine-readable files);
- corporate mail (IMAP, POP3, SMTP, Exchange);
- directory services (LDAP, Active Directory);
- logs and logging events (Syslog, EventLog);
- remote execution of scripts (WMI, PowerShell, SSH, SshShell);
- local execution of scripts (on the SV server):
§ executable command
§ Shell script, SH
§ Bash, Unix shell commands
§ Windows command line commands, cmd
§ Windows batch files, bat
§ and other programming languages (Python, Java, JavaScript)
The current set of available types of data transport allows you to integrate 99% of existing systems, and if you need to use additional transport, you can contact us (sales@securityvision.ru) with the need for modification.
“Boxed” integrations can be supplemented during implementation and during operation; to collect data, the universal graphical tool Security Vision is used to connect any IP-based systems using common and less common data protocols:
- HTTP (API requests get, post, put, patch, delete) and DNS;
- Kafka (for example, for Hadoop integration);
- databases (SQL queries in the database: MS SQL, MySQL, Postgres and Oracle);
- files (read/write operations with machine-readable files);
- corporate mail (IMAP, POP3, SMTP, Exchange);
- directory services (LDAP, Active Directory);
- logs and logging events (Syslog, EventLog);
- remote execution of scripts (WMI, PowerShell, SSH, SshShell);
- local execution of scripts (on the SV server):
§ executable command
§ Shell script, SH
§ Bash, Unix shell commands
§ Windows command line commands, cmd
§ Windows batch files, bat
§ and other programming languages (Python, Java, JavaScript)
The current set of available types of data transport allows you to integrate 99% of existing systems, and if you need to use additional transport, you can contact us (sales@securityvision.ru) with the need for modification.
Get a demo of a
Security Vision product
Mail us to
sales@securityvision.ru
or request a demo