SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCP
Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCP

Business Continuity Plan
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCP

Business Continuity Plan

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

NG SOAR

Product overview
Application
Examples

NG SOAR

Product overview
Application
Examples

All products

NG SOAR

Next Generation SOAR

Advanced incident management

a ready-made solution that includes a combination of packaged* and auxiliary Security Vision products: NG SOAR = AM* + VM* + Vulnerability Scanner (VS) + SOAR* + Security Information and Event Management (SIEM)

IRP, SOC, incidents, information security events, Kill Chain, playbooks, correlation, ticketing, response, vulnerabilities, NIST

Product overview

Automating response to information security incidents with built-in basic correlation, collection of raw events directly with means of information protection, dynamic playbooks, building an attack chain and an object-oriented approach.

SV NG SOAR includes both a correlation mechanism and a set of basic correlation rules, providing a baseline for incident detection with the possibility of expansion. This is necessary on infrastructures where purchasing stand-alone systems (SIEM, VM, IRP, SOAR, etc.) is impossible for infrastructural or commercial reasons.

Application

Built-in SIEM, monitoring of information security events


100 correlation rules with the ability to store only those events that are needed for work and restore the chain of events (even if there was no communication with the source in the moment and the data was received later).

NIST Incident Handling Phases


1) Preparation — description of services, means of information protection, exceptions lists, SOC team member and other tools and processes.

2) Detection — enrichment with data near the incident.

3) Containment — containment and isolation of accounts, hosts, URLs/Emails/domains.

4) Investigation — analysis and classification, collection of digital evidences.

5) Eradication — response based on key objects.

6) Recovery — restoration of compromised objects from backup, unblocking.

7) Post-Incident — work on errors.

Object-oriented response


Automatic attack chain building and object-oriented response that selects actions based on object types (internal/external host, account, email address, URL, malware, process, vulnerability)

Examples and integrations

AI-assistants

Built-in machine learning models to analyze incident verdicts and help manage new tasks, the system analyzes all incidents and their lifecycle conditions to identify possible false positives and reduce staff workload.


Integration with external LLM models (for example, YandexGPT and ChatGPT) allows you to access chatbots as part of incident handling and teamwork to analyze indicators of compromise and help solve problems.

The most frequent sources of report incidents

Information about events and incidents is collected, for example, from:


  • SIEM (including with connected audit logs);
  • NGFW (network telemetry, host management);
  • WAF (logs);
  • Proxy servers (logs);
  • Email servers (anti-spam lists, blocking);
  • End nodes (node ​​snapshot, installed software);
  • Vulnerability scanners (technical vulnerabilities, criticality);
  • IoC enrichment tools (hash, IP, email, domain);
  • analytical services (MITRE, VirusTotal, LOLBAS, URLScan, WhoisXML, etc.);
  • LDAP (OpenLDAP, MS AD);
  • Antivirus solutions (AV, EPP, EDR);

and other IS/IT systems.

External enrichment services

Additional information about indicators is updated, for example, from:


· VirusTotal;
· WhoIsXMLAPI;
· URLScan;
· IPInfo.io;
· IPgeolocation.io;
· AbuseIPDB;
· LOLBAS;
· Kali tools;
· Shodan;
· ChatGPT;


and others.

The most frequent sources of asset data

Information about assets is enriched, including from third-party solutions, files and databases, for example:


· SIEM;
· uCMDB;
· AV/EDR;
· DLP/EM;
· Vulnerability scanners;
· LDAP directories, AD, open LDAP;
· Lansweeper;
· MS SCCM;
· WSUS;
· VMware;
· nslookup;

and other information security/OT systems

Building Kill Chain and interaction with the regulators

Automated attack chain building and object-oriented response that selects actions depending on object types (internal/external host, account, email address, URL, malware, process, vulnerability).


Information security event monitoring and incident management work together with bilateral integration with regulatory response centers.

Remote control

Different actions can be performed for multiple assets using bulk operations or for each asset, e.g.:


- locking/unlocking a user;

- ending the session;

- version check and software update;

- deleting software;

- obtaining a list of local admins;

- getting a list of permissions for a folder;

- getting a list of network connections;

- routing table;

- firewall rules;


etc.

Get a demo of a
Security Vision product

Mail us to sales@securityvision.ru
or get a demo

Media

 

 

Other products

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

VS

Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

UEBA

User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM

Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP

Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT

Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT

Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

OTS

Operational Technology Security

Operational Technology Security

Other products

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

VS

Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

UEBA

User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

VM

Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP

Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT

Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT

Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

OTS

Operational Technology Security

Operational Technology Security

Still have questions?

Mail us to sales@securityvision.ru or get demo

This website uses cookies to ensure you get the best experience.