The response to the key information security challenges of the year was the large-scale updates of Security Vision products, which transforms cybersecurity from a manual response to an intelligent, proactive, and, importantly, accessible system. The updates affected the entire product line, making solutions smarter, more autonomous, and easier to implement for companies of all sizes. The company shared the key updates.
Direction modules Security Orchestration Tools traditionally focuses on technology, integration and practical security:
Security Vision SOAR
Security Vision SOAR integrated advanced AI and ML technologies to improve the efficiency of the SOC (Security Operations Center) and learned to automatically visualize the attack chain (Kill Chain), linking disparate events into a single object with automatic response.
Based on the context of the incident and the response history, the AI system now also suggests optimal next steps to the analyst, complementing the knowledge base of Security Vision experts. There is also additional integration with external LLM models (unlike cloud GPT models, Security AI assistants Vision systems operate locally, ensuring data privacy. Built-in AI assistants help analysts formulate hypotheses and search for information in the knowledge base, analyze unstructured data and bulletins, use machine learning models to assess the likelihood of an incident being a false positive, generate an incident summary, and enable similar incident searches.
The solution has acquired an agent part: built-in EDR Enables enhanced on-site response. The built-in assistant responds to queries based on the context of a specific incident: its phase, related objects, action history, associated bulletins, etc., helping analysts interpret events and make decisions more quickly.
Security Vision SIEM
Security Vision SIEM has completed its migration to version 5, taking full advantage of the No-Code architecture. This means that correlation rules, data parsers, and dashboards can now be configured by analysts through a visual interface without writing code.
For operation in complex distributed networks, support for autonomous agents has been implemented. These agents can accumulate events locally when communication with the central control center is lost and transmit them in batches when the connection is restored. This solution is indispensable for monitoring remote branches or segments with unstable communication channels (for example, in industrial or retail environments). Data can be transmitted through a chain of intermediate connector services, allowing for secure log retrieval from isolated network segments (such as DMZs and process control system segments) without the need for direct network access to the SIEM core.
Built-in mechanisms for synchronizing event times across different time zones and retrospective event chain recovery ensure the integrity of the incident picture, while the built-in correlation engine allows you to supplement the database of over 1,000 correlation rules with your own.
Security Vision VS and VM ensure that vulnerabilities are identified and eliminated before they are exploited by attackers.
The algorithms for calculating vulnerability severity and remediation deadlines have been fully aligned with the FSTEC methodology of June 30, 2025. The system automatically generates recommendations for remediation deadlines, ensuring organizations meet regulatory requirements. Close integration with the BDU and the National Center for Critical Information Security (NCCI) allows for automatic updating of records. International catalogs, such as CISA, are also supported. KEV (Known Exploited Vulnerabilities) and EPSS (Exploit Prediction Scoring System), which allows us to predict the likelihood of exploiting a vulnerability.
Audit mode (White Box) supports a large number of application and system software, operating systems, containers and their images, and the Pentest mode (Black Box includes over 80 expert scripts for exploitability testing. Bruteforce allows you to test password resistance to brute-force attacks, and the scanner also automatically detects the web technology stack being used, allowing you to precisely apply attack vectors to web applications. Scans are supported for Cisco, Huawei, Juniper, PaloAlto, and Check equipment. Point, Fortinet via SSH and SNMP protocols, and the system automatically collects vulnerability data and recommendations for elimination directly from vendors.
The vulnerability management module has been transformed from a technical audit tool into a comprehensive infrastructure risk management system, tightly integrated with Russian regulatory requirements. The system can automatically initiate software updates to patch vulnerabilities (auto - patching), and supports automatic rollback of changes if a patch disrupts system functionality. This eliminates the fear of automatic updates in production environments.
Security Vision AM
Security Vision AM has been updated as a CMDB with support for new resource-service model objects and AI tools. For GRC products, the asset and inventory management module has become a common foundation for a risk-based approach and the assignment of risks and consequences to specific objects.
Using data from network equipment (Cisco, Usergate, Continent), the module builds reachability graphs. This enables prioritization of vulnerabilities: a vulnerability on an internet-accessible server automatically receives a higher priority (SLA) than a similar vulnerability on an isolated segment. Network availability and attacker route graphs are also used during incident response, allowing for interactive command execution and the launch of information security tools with a complete picture in object cards.
For isolated segments, an agent has been developed that automatically requests tasks when a connection with the management server is established, performs scanning, and uploads the results.
The Security Data Analysis division has received an updated product for cyber threat analysis, cyber intelligence, and threat hunting.
Security Vision TIP
Security Vision TIP has received a new deep cyber threat analytics engine, Second Match, which reduces false positives by enriching the context of indicators of compromise. The product comes with a comprehensive package of free feeds (50,000 IoCs daily), including feeds from the Federal Service for Technical and Export Control (FSTEC), the National Center for Cybercrime (NKTsKI), and FinCERT. Given the isolation of the Russian internet segment and the unique threat landscape, relying on global cyber intelligence feeds has become insufficient. Therefore, the updated solution is focused on proactive threat hunting tailored to the specific market.
Retrospective search tools allow for the detection of compromises in historical data when new indicators emerge, AI is used for DGA algorithms, and indicators as a whole are automatically classified into levels of the "pain pyramid":
· Technical level: Hashes, IP, URL.
· Tactical level: TTPs (tactics, techniques, procedures), registry keys.
· Operational level: Vulnerabilities, malware.
· Strategic level: Data on factions and campaigns.
This ensures complete coverage of all threat levels for infrastructure search and enrichment.
The modules of the platform's third development area, Governance, Risk Management, and Compliance, have also been updated: legal requirements in the Compliance Management module and methodologies in the Critical Information Infrastructure module have been updated. A new information security management process (Governance) has been added, enabling a hierarchical organization of information security processes – from high-level business goals to specific technical procedures (this addresses one of the industry's key challenges: the gap between management's strategic vision and the operational activities of information security departments). New modules have also been added.
Security Vision SA
A self-assessment portal for managing tax compliance for holdings and groups of companies with multi-tenancy support. This module leverages all the advantages of a unified platform and no-code builders, enabling flexible management of vast data sets with clear separation of roles and responsibilities.
Security Vision ASOC
The rise of supply chain attacks has made secure development (AppSec) a priority for 2025. Therefore, Security Vision has introduced Security Vision ASOC, the first domestic secure development platform designed to unite disparate DevSecOps tools into a single, manageable pipeline.
This product implements an umbrella approach, integrating with development tools across all stages of the software development life cycle (SSDLC): design (architecture, design, threat modeling according to STRIDE, OWASP, LINDUNN), development (SAST orchestration, SCA secrets search, Code Review policy management), build and infrastructure (analysis of containers, system packages and Infrastructure-as-Code), deployment (dynamic DAST analysis, fuzz tests, integration with OWASP ZAP, etc.) and operation (continuous monitoring of applications in a production environment).
ASOC deeply integrates with the DevOps ecosystem, supporting CI/CD tools (GitLab, Azure DevOps, Jenkins), code repositories, and scanners (PVS-Studio, Trivy, Semgrep). A key feature is the implementation of the Policy-as-Code approach: security policies are defined centrally in the platform and automatically deployed to all development projects, ensuring a uniform security standard.
New Security Vision Basic product line
A notable event in 2025 was Security Vision's entry into the small and medium-sized business (SMB) segment. While professional information security tools had previously been available primarily to large corporations, the new Security Vision Basic product line represented an excellent opportunity.
To lower the entry barrier, the delivery architecture was revised: unlike the Enterprise versions, which use a distributed microservices architecture with infinite horizontal scalability, the Basic line products utilize an all-in-one model: all system components (database, application server, web interface, collectors, connectors, handlers, and other services) are pre-installed on a single physical or virtual server running a single operating system. This minimizes hardware requirements and simplifies administration.
A specialized version of the Security Vision 5 platform is used, with restrictions on the use of builders, protecting the system from configuration errors. Solutions are delivered with pre-configured content (cards, processes, reports), allowing for immediate deployment, eliminating the lengthy and costly implementation phase.
The flagship product of the line became Vulnerability Scanner (VS ) Basic , which Addresses one of the most pressing issues facing small businesses: the lack of a systematic approach to vulnerability management. The product includes not only a scanner but also vulnerability management (VM) and asset and inventory management (AM) modules. This allows SMBs to achieve a comprehensive process: from inventory and vulnerability detection to IT department-led remediation through a built-in ticketing system.
The KII Basic and SGRC Basic solutions, available not only on-premise but also in the cloud.
 (2).png 2.png)
.png)
