Security Vision, a leading Russian information security company, receives data from three key regulators within the framework of concluded cooperation agreements regarding the exchange of information about information security threats: the National Computer Incident Coordination Center (NCCC), the Federal Service for Technical and Export Control (FSTEC of Russia) and the Center for Interaction and Response of the Information Security Department. The Bank of Russia (FinCERT).
The Security Vision Analytical Center receives up-to-date compromise indicators (IOCs) from these agencies, which include hash amounts of suspicious files, their names and locations, IP addresses, DNS server names on the Internet and specific URLs of potentially dangerous resources, as well as other critical data indicating possible cyber threats. The information may indicate threats directed both at individual segments of the economy and at Russian companies in general.
The information received is promptly processed and integrated into the daily updates of the expertise packages for the products Security Vision NG SOAR (Next Generation Security Orchestration, Automation and Response), Security Vision SIEM (Security Information and Event Management) and Security Vision TIP (Threat Intelligence Platform). These packages contain up-to-date correlation rules, including special mechanisms for detecting activity related to identified threats. Overall, the integrated package of daily updated Security Vision feeds now includes more than 50,000 compromise indicators.
To ensure maximum efficiency in processing such a volume of data and responsiveness, products based on the Security Vision platform actively use artificial intelligence technologies. They are the first in their classes to be recognized as AI systems and have corresponding marks in the Russian Software Registry. In the Security Vision platform, AI technologies are used to detect anomalies, detect hidden attacks, triage and incident scoring, as well as to select the most effective actions for their effective processing. Artificial intelligence is also used to automatically process security bulletins, assess the criticality of vulnerabilities, predict the attackers' further progress, and automatically generate reports. In addition, the system provides an AI incident assistant that answers both questions about a specific incident and general questions about cybersecurity and information security terms.
Receiving information from the NCCC, FSTEC and FinCERT ensures that users of Security Vision products will be promptly aware of the most critical threats, will be able to respond to incidents at an early stage and effectively prevent the development of attacks, significantly increasing their cyber resilience.
Integration with key national regulators not only enriches Security Vision's internal expertise with unique, Russian-specific threat data, but also confirms its role in the national cybersecurity architecture. Thanks to the symbiosis of up-to-date data and advanced technologies, the Security Vision platform is officially recognized as a prominent element of the state system.: it is included in the registry of the State Pension Fund (https://gossopka.ru/lists/facilities /) as a means of eliminating the consequences (according to FSB Order No. 196 dated May 6, 2019). This status allows GosSOPKA Centers and subjects of the critical information infrastructure (CII) of the Russian Federation to apply this solution in order to ensure the security of their infrastructure.
"Promptly communicating information about current cyber threats and vulnerabilities is a critically important element of the counteraction system. The integration of data provided by regulators — FSTEC, NCCI and FinCERT, and intelligent data analysis allow organizations to respond as quickly as possible to identified attack vectors and eliminate risks in a timely manner, significantly strengthening their cybersecurity," says Ruslan Rakhmetov, CEO of Security Vision.
An important feature of Security Vision NG SOAR, Security Vision SIEM and Security Vision TIP is their exceptional flexibility due to the Low-Code/No-Code platform and constructors. The products support combining feeds from any vendor without the need to purchase "linked" connector licenses for specific vendors or versions. They have built-in "boxed" integrations with the ability to develop new ones, more than 300 sources and more than 1,100 correlation rules are supported. These features ensure maximum freedom of choice and cost optimization for Customers.
.jpg)
