People conducting incident management are supported with dedicated Workflow, Playbook, Collaboration, Dashboard and Reporting tools offering capabilities of SOAR – Security Orchestration, Automation and Response.

SecureVisio cooperates with any available incident detection tools like SIEM and UEBA. SecureVisio also has its own incident detection tools based on SIEM with Behavioral Analysis and Threat Intelligence.

Unique value of SecureVisio is real-time Business Impact Analysis conducted automatically for all detected incidents to prioritize security operations activities and identify issues that require immediate response.

People managing incidents in one graphical console have all needed tools and information:

• system description,
• current system vulnerabilities and other events related to the system,
• business priority of incident,
• presentation of the incident environment,
• risk for relevant attack vectors,
• potential consequences of security breach,
• SLA tracking,
• Threat Intelligence information,

as well as Workflow and Playbook tools for collaboration and handling the incidents.

SecureVisio allows to manage all incidents in traditional way like in typical SIEM and SOAR prioritizing incidents only based on technical severity of the events.

The organizations have free choice to introduce risk assessment with business prioritization and focus on the incidents that are the most important to the organization’s business.

For managers, SecureVisio calculates business-relevant key performance indicators and key risk indicators. These metrics allow to predict new emerging threats to proactively improve protection of the most valuable assets.

KPIs inform people accountable for IT security about events that have already affected the organization (e.g., number of incidents handled, time from detection to containment/eradication). KRIs show risk trends that can help to better monitor potential future shifts in risk conditions or new emerging risks (e.g., monthly increase of incidents and vulnerabilities related to critical business processes or sensitive data). Thanks to business-relevant KPIs and KRIs the business owners of IT systems are aware of security risks and they are early notified about situations requiring immediate decision and response. KPIs and KRIs are particularly useful for planning the security improvements.

Security management like other processes in the organization requires optimization and cost-effectiveness. SecureVisio allows the organizations in one platform to unify and automate essential security management operations – incident management, vulnerability management and risk management. Thanks to SecureVisio the organizations optimize time and costs of the security operations. People managing the security make better decisions as in one place they have complete information about incidents, vulnerabilities and associated risks.

SecureVisio platform contains the following modules:

• Incident Management offering the tools for incidents detection, analysis and response,
• Vulnerability Management offering the tools for vulnerability detection, analysis and response,

and real-time Integrated Risk Management tools to prioritize incidents and vulnerabilities and inform people what events are the most important to the organization and require immediate response.

Modular architecture of SecureVisio allows the organizations to use all modules or only selected modules. SecureVisio easily integrates with third-party tools. In case the organization has a SIEM or vulnerability scanner they can be integrated with SecureVisio.

SecureVisio manages incidents and vulnerabilities with dedicated Workflow and Playbook and enriches these tools with integrated Risk Management and other useful information like Threat Intelligence.

Automation and orchestration optimize time and costs of the security operations. When managing technical issues SecureVisio is aware of the most important assets that support critical business processes and sensitive data. Business impact assessment is conducted automatically in real-time.

Thanks to SecureVisio the organizations can effectively manage all the incidents and vulnerabilities and immediately recognize and respond to the events that when unattended will cause huge damage and legal consequences to the organization.

Early detection and mitigation of vulnerabilities in IT systems processing personal data, financial data and other sensitive data as well as IT systems necessary for important business processes are the priority of IT security. The use of these vulnerabilities by cybercriminals can mean great losses for the organization.

SecureVisio uses variety of scanners and CVE feeds to discover vulnerabilities in IT and OT environments.

From the people’s point of view, this is done automatically. Vulnerability Assessment Scheduler defines days and time as well as the tools for automated vulnerability scanning.

SecureVisio offers independence and flexibility in vulnerability management as the organizations can use commercial scanners as well as open-source tools.

Due to large number of vulnerabilities, the issues critical to the organization’s business often are not identified until visible security breaches occurred. SecureVisio finds a solution to this difficulty. SecureVisio ensures that people responsible for managing vulnerabilities are immediately notified about new vulnerabilities with a critical business priority.

All discovered vulnerabilities are automatically prioritized based on CVSS Score technical severity as well as potential business damage for the organization.

Estimation of potential business damage resulting from exploiting the vulnerability by cybercriminals is conducted automatically for all vulnerabilities and it is the unique value that SecureVisio gives the organizations.

SecureVisio provides interactive panel presenting the vulnerabilities collected from variety of tools. The vulnerabilities are automatically or on-demand enriched with relevant information, for example, contacts to administrators and business owners.

Workflow defines the tasks and paths of people’s work, including vulnerability analysis and response. Workflow helps people to conduct required actions, and provides case management, tracking of status, SLA and useful metrics like average time to resolve vulnerabilities of defined business priority. Playbook offers predefined actions to automate the analysis, response and other activities related to vulnerability management.

SecureVisio addresses one of the most difficult problems of vulnerability management. What to do in case a patch for discovered critical vulnerability cannot be installed? How long can the organization take this risk?

In such cases, using IPS or WAF, we can deploy virtual patches that make it difficult for cybercriminals to exploit vulnerabilities. With SecureVisio we can use Network Map to visualize all network attack paths to vulnerable IT system and based on this information quickly identify appropriate safeguards where virtual patches can be effectively deployed.

SecureVisio through the Personal Data Protection (PDP) module helps organizations maintain compliance with GDPR requirements. PDP maintains the registers of processing activities required by the GDPR, as well as records of access, entrustment and information about training received by employees. Helps the Data Protection Officer organize an effective personal data protection system.

The information and tools contained in SecureVisio PDP will facilitate daily work and performance of duties. The PDP module makes it easy and transparent to grant authorization to process personal data. Thanks to the built-in document workflow, we automate the determination of permissions and the approval of authorizations.

PDP presents a full picture of the security of processed personal data. The risk analysis contained in the PDP allows to estimate the risk from the implementation of organizational and technical security measures throughout the entire process of personal data processing in the organization – it is a continuous process of monitoring the level of threats and ensuring accountability.

Thanks to the correlation of information contained in the PDP we know exactly what happens to personal data (e.g. on what resources they are processed, what processes they relate to, what is the scope of this data, who was authorized to process them), and at the time of the security incident we immediately receive complete information and ready to use incident response scenarios.

Managers accountable for IT security like CISO, CIO, SOC manager, etc. should be immediately notified in case of new incidents and vulnerabilities that can cause huge business damage, e.g. new vulnerability in a database in financial system, malware activities in SCADA operator workstation in industrial infrastructure.

Main goal of IT security – that is protection of the organization’s business – is difficult to achieve because most of the technologies responsible for management of IT security like SIEM, SOAR and vulnerability scanners, do not understand the business context of security events.

To assess business impact, SecureVisio implemented risk management methodology of international standard ISO/IEC 27005.

SecureVisio introduces business context and integrates with existing incident detection systems (e.g. SIEM, UEBA, NBAD), incident management systems (e.g. ticketing system, SOAR) and vulnerability scanners.

For the managers accountable for IT security, SecureVisio works as Cyber Crisis Management system.

Particularly, the following SecureVisio’s features are used to make work of managers accountable for security more effective and less stressful:

• SecureVisio in real-time conducts business impact analysis (BIA) and based on potential impact it prioritizes all security alerts and vulnerabilities. It works even for thousands of generated alerts and detected vulnerabilities. People managing IT security focus on the most important events and they will do not overlook the situations that can cause damage to the organization.
• SecureVisio automatically supplements the knowledge of people managing IT security with the information required to understand the situation and make proper decisions, i.e. potential costs of security breach, vulnerabilities of important assets, etc.

SecureVisio conducts threat modeling and attack simulations, and based on the results on the Network Map visualizes all potential network paths where cybercriminals can attack the assets critical for the organization.