SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

All products

VM

Vulnerability management

security analysis, vulnerability, CVE, CVSS

Product overview

Building a discovery process and elimination of technical vulnerabilities, information acquisition from available security scanners, update management platforms, expert external services and other solutions.

SV VM provides a complete picture of vulnerabilities, their relationships and recommendations from various sources, building a continuous cyclic process with automation of alerts, reports and other necessary actions.

When one or more security scanners are connected, it automatically creates and categorizes vulnerability descriptions for further remediation. The full cycle of work is possible both using a third-party ITSM/SD system and using the built-in ticketing and SLA management system.

Application

Integration with security scanners


Analysis of scanner reports (e.g. XML), API integration (data collection and running a scan) and other methods of describing, grouping and deduplication technical vulnerabilities, as well as establishing relationships and using The Data Security Threats Database FSTEC of Russia, NVD, Microsoft bulletins and other sources.

The application of external sources of expertise


Static/updated knowledge bases from external analytical services (The Data Security Threats Database, VulDB, Vulners, AttackersKB, OpenCVE, etc.) that complement the quality of the initial reports from scanners.

Managing the elimination policy


Defines SLA in vulnerability remediation requests on a set of different parameters (e.g. CVSS and IT asset data) with ticket creation both within the solution and in third-party ITSM/SD systems (Jira, Naumen, etc.).

Examples and integrations

Dimensions of vulnerabilities

Vulnerability cards can be generated independently via the built-in editor or using pre-configured metrics:

  • CVSS v2.0/3.0/3.1 (baseline and probationary evaluation) • Basic vector (Attack Complexity, User Interaction, Scope, Confidentiality and Integrity Impact, attack vector, required privileges)
  • Temporal vector (Exploit Code Maturity, Remediation Level, Report Confidence)

The full card displays detailed information about the vulnerability (ID, creation date, criticality) with the ability to use tags (by matching part of the description text with one of the entries in the custom reference book). General information includes the CVE code, dates of first and last detection, and other information from all available sources.

Requests for elimination

Requests generated by the system and assigned to executors are searchable and displayed in a tabular presentation with the ability to sort by each parameter, filter by any properties of cards and related objects.


In addition to these vulnerabilities, applications are managed through specific performers or incident response teams and have a separate life cycle that includes status changes, confirmation requests, and execution and SLA tracking. The progress bar clearly shows the current status and remaining time for performers and their managers for load balancing.

Autopatching and automatic task confirmation

The system can update vulnerable software to the latest version and roll back changes in case of unsuccessful application either by pressing buttons or fully automatically.


The functionality also includes automatic checks for actual vulnerability remediation when you close tasks: if vulnerabilities are not detected during re-scanning, , the system will set the task to "Confirmed" status, and otherwise it will return the task to work and mark it accordingly.

Full user control

Users can choose different scenarios for creating tasks and groupings: for example, create separate tasks for specific vulnerabilities and objects, group all vulnerabilities by one asset in other tasks, and for individual vulnerabilities create one task for each vulnerability across all assets where it was found, etc.


The tasks themselves are managed both within the solution (with a full life cycle and automation capabilities) and with transfer to external Service Desk / ITSM systems (Naumen SD, Jira OTRS, Redmine, etc.) and monitoring the status of requests in them.

Vulnerability analysis and linkage graph

Depending on the applied security scanners, external and internal analytical services, the solution builds links between objects for quick navigation through cards or link graphs (vulnerability groups, remediation requests, assets and other objects).


Additionally, clickable links to remediation guides and vulnerability descriptions from various sources are provided.

Report generation

For vulnerabilities and trouble tickets, you can generate a report using your own template for uploading as a file in various formats:


• pdf;
• txt;
• docx;
• xlsx;
• ods;
• odt;
• csv.

Reports can contain any properties obtained in the vulnerability remediation cycle.


The appearance can be customized granularly with the choice of fonts, colors, images and logos, diagrams, indents, numbering, headers and footers, and other characteristics.

Get a demo of a
Security Vision product

Mail us to sales@securityvision.ru
or get a demo

Media

 

 

 

Other products

Other products

SOAR

Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR

Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

TIP

Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

AM

Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

RM

Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

VS

Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

UEBA

User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

ORM

Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM

Compliance Management

Audit of compliance with various methodologies and standards

AD + ML

User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

BCP

Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

FinCERT

Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT

Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

OTS

Operational Technology Security

Operational Technology Security

Still have questions?

Mail us to sales@securityvision.ru or get demo