Software:Security Vision

Security Vision

Developer(s)	Trimetr Co
Initial release	2007
Stable release	3.3 / 2015
Operating system	Microsoft Windows, Red Hat Enterprise Linux (System requirements)
Available in	Russian
Type	Application
License	Proprietary
Website	www.securityvision.ru

Security Vision – software meant for automation of information security management system (ISMS) organisation.

Software of this kind is a representative of security operations center (SOC).

Functionality

The functionality of Security Vision renders Information Security processes comprising Information Security Management System of an organization automatic in compliance with international information security management standards ISO/IEC 27001:2013. Next Security Vision modules allow to make automatic the performance of standard requirements in the following sections:

• Information assets management;
• Information security regulatory documents management;
• Information security entries and logs management;
• Information security standards compliance management;
• Information security risk management;
• Computer security incident management;
• Knowledge management;
• Corporate system interaction management;
• Corporate information security awareness management;
• Monitoring and audit management;
• Vulnerability management;
• Change management in IT field;
• Business continuity management;
• Data storage device management;
• Limit management of security object;
• Physical security management;
• Backup management;
• Mobile client management;
• Cloud information security system management;
• Data visualization and information security status alert management;
• Information security status reports management.

Architecture

From the moment of creation of Security Vision software and up until now the creator of the system sticks to a three-level architecture – core level, collection level and management level.

Core level – made for collection, analysis and correlation of events generated by different sources of events in a corporate network.

Collection level – meant for:

• Collection, standardization and dispatch to the core level of events coming from the home information security systems;
• Inspection and control of hardware means integrity, of system and application software located at the servers and workstations.

Management level – made for rendering information security management process automatic and is basically a Russian-speaking system management portal.

Supported systems

Security Vision software collects events generated in the process of the following information security and information technology functioning:

• Information security systems:
  • Firewall;
  • Intrusion detection/prevention system;
  • Cryptographic information security system;
  • Unauthorized access security system;
  • Anti-virus security system;
  • Data loss/leak prevention system;
  • Content-control system and proxy server;
  • Anti-spam system;
  • Virtual infrastructure security system;
  • Database security system;
  • Access control system;
  • Other IP-oriented systems;
• Network equipment – routers, switches, etc.;
• Technical security systems:
  • Information leakage through technical channels security system;
  • Guard alarm system;
  • Fire alarm system;
  • Closed-circuit television system;
  • Access control system;
  • Warning system;
  • Security alarm system;
  • Area surveillance system;
  • Security lighting system;
  • Security smoke alarm system;
  • Emergency power system;
  • Heating, ventilation, and air conditioning system;
  • Other IP-oriented systems;
• Information technology systems:
  • Customer relationship management system;
  • Enterprise content management system;
  • Enterprise resource planning system;
  • Human resources management system;
  • Enterprise asset management system;
  • Business process management system;
  • Information lifecycle management system;
  • Service desk system;
  • Corporate e-mail server (Message transfer agent);
  • Database management system;
  • Workstation management system;
  • Web server;
  • Other IP-oriented systems;
• Industrial control system:
  • Building management system;
  • IT infrastructure engineering management;
  • Traffic management;
  • Power tracking management;
  • Corporate energy management, Power management center;
  • Central dispatcher unit, situational center of energy efficiency;
• Operation systems – server OS and workstation OS.

Regulatory requirements

Regulatory requirements associated with the necessity of the system of such a kind can be found in the mandatory legislation norms of the Russian Federation law as well as in the recommended international prescriptions for economic sectors in this area.

Regulatory security requirements:

• Personally identifiable information;
• Confidential information;
• Classified information;
• Key systems information.

Industry standards for:

• Energy industry;
• Finance sector;
• Public sector;
• Certificate authority.

International standards for:

• Information security management;
• Quality management;
• Information security risk management;
• IT service management;
• Business continuity planning;
• Occupational safety and health management;
• Sustainable development management;
• System integration management;
• IT management, audit and information security.

Certification

Software of the core level, which comprises the functionality of stocktaking and integrity control, is a certified means on the 4 level of control over absence of non-declared capabilities,^[1] that is listed in the National Catalog of Certified Information Security Means of the Federal Office for Technical and Export Control,^[2] and can be also used:

• In the automatic systems up to class 1G included («Management document. Automated systems. Unauthorized access security. Automated systems classification and information security requirements»);^[3]
• In the information systems up to security class 1 included (Decree of the Federal Office for Technical and Export Control dated 11.02.2013 No. 17 «Mandatory regulations on information security, not being classified information, held within national information systems»);^[4]
• In the personally identifiable information systems for maintenance of security level 1 included (Decree of the Federal Office for Technical and Export Control dated 18.02.2013 No. 21 «List and contents of the organizational and technical means to provide information security of personally identifiable information in the personally identifiable information systems»).^[5]

System requirements

Minimum system requirements for software operation on the core level
Operation system	Hardware requirements
Red Hat Enterprise Linux 5.7 64-bit	CPU – 2 quad-core 2.4 GHz RAM – 24 GB Free space on the hard drive – 3 TB (RAID10) Network adapter

Minimum system requirements for software operation on the management level
Operation system	Hardware requirements
Microsoft Windows Server 2012 (Essentials/Standard/Datacenter) Microsoft Windows Server 2008 R2 (Enterprise/ Standard/Datacenter) Microsoft Windows Server 2008 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter)	CPU – 2 GHz RAM – 4 GB Free space on the hard drive – 2 GB Network adapter

Minimum system requirements for software operation on the collection level (log functionality)
Operation system	Hardware requirements
Microsoft Windows Server 2012 (Essentials/Standard/Datacenter) Microsoft Windows Server 2008 R2 (Enterprise/ Standard/Datacenter) Microsoft Windows Server 2008 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter) Microsoft Windows Server 2003 R2 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter) Microsoft Windows Server 2003 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter) Microsoft Windows 8 32-bit/64-bit (Core/Pro/ Enterprise) Microsoft Windows 7 32-bit/64-bit (Home Basic/Home Premium/Professional/Enterprise/Ultimate) Microsoft Windows Vista 32-bit/64-bit (Home Basic/Home Premium/Business/Enterprise/Ultimate) Microsoft Windows XP SP3 32-bit/64-bit (Professional Edition)	CPU – 1.4 GHz RAM – 512 MB Free space on the hard drive – 500 MB Network adapter

Minimum system requirements for software operation on the collection level (stocktaking and integrity control functionality)
Operation system	Hardware requirements
Microsoft Windows Server 2012 (Essentials/Standard/Datacenter) Microsoft Windows Server 2008 R2 (Enterprise/ Standard/Datacenter) Microsoft Windows Server 2008 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter) Microsoft Windows Server 2003 R2 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter) Microsoft Windows Server 2003 SP2 32-bit/64-bit (Standard/Enterprise/Datacenter) Microsoft Windows 8 32-bit/64-bit (Core/Pro/ Enterprise) Microsoft Windows 7 32-bit/64-bit (Home Basic/Home Premium/Professional/Enterprise/Ultimate) Microsoft Windows Vista 32-bit/64-bit (Home Basic/Home Premium/Business/Enterprise/Ultimate) Microsoft Windows XP SP3 32-bit/64-bit (Professional Edition)	CPU – 800 MHz RAM – 512 MB Free space on the hard drive – 50 MB Network adapter

Awards

2013:

• InfoBez Award 2013. Nomination «E=mc2 – for creation of powerful applications and technology».^[6]

2012:

• InfoBez Award 2012. Nomination «Meteor – for speed of reaction, for quick right solutions»;^[7]
• Solution No.1 in Russia in monitoring and enterprise security management (based on the analysis results of the IT Expert magazine);^[8]
• Professional award in the area of information security «Silver dagger». Diploma and a medal for nomination «Realized projects in information security».^[9]

2011:

• Competition «Product of the year 2011» in the category «Information security» based on the LAN magazine votes;^[10]
• InfoSecurity Russia 2011. «Award 2011.itsec.award»;^[11]
• National field award for consolidation of security in Russia «ZUBR». Diploma and a gold medal.^[12]

2010:

• Innovation competition Cisco, nomination «Best solution «Network without limits». Prize-winning place.^[13]

Press

• «How to automate measurement of information security on the scale of an enterprise»;^[14]
• «IT Co protected personally identifiable information of the «ROSTELEKOM J.S.C.» Irkutsk subscribers»;^[15]
• «Virtual systems: security illusion or pointless fear?»;^[16]
• «Managed security»;^[17]
• «Creation of an automatic information security management system»;^[18]
• «The very SOC of an enterprise»;^[19]
• «How to automate information security management»;^[20]
• «Security Vision: to see security»;^[21]
• «Security Vision – information security management and monitoring»;^[22]
• «New version of Security Vision for information security»;^[23]
• «Security Vision from IT Co»;^[24]
• «IT Co presents a new version of the complex information security system Security Vision»;^[25]
• «Centers of operation information security management»;^[26]
• «Information security: Surfing… But do we know?».^[27]

References

External links

• Official website Security Vision

0.00 (0 votes)