In July 2017, Softline launched a MaxPatrol SIEM-based cybersecurity event management system that can respond to detected incidents in real time for GTLK.
The customer needed to strengthen its current security systems. After a review of all potential threats, risks, and costs inherent to a range of Russian as well as imported systems, a modular solution from Positive Technologies (USA) was selected as the most dependable, streamlined and economical. Also, this solution was certified by the Russian Federal Security Service, included into the Russian Software Register, and therefore exempt from the current import restrictions.
In today’s world, however, a single project would hardly ensure information security forever, as intruders are getting smarter, security regulations are tightened and companies keep expanding. The customer soon realized that even an optimal configured SIEM solution was no longer sufficient for early detection of cyberattacks and fast incident analysis in multiple information systems. A major revamping of the system was needed.
Moreover, as Positive Technologies engineers in 2018–2019 improved the automated analysis of data from physical security systems and perimeter security systems, GTLK realized that simple data correlation and processing workflows also needed to be continuously improved.
In this situation the company decided to establish a Security Operation Center. However, neither an on-premise SOC, nor a cloud version were not an option: the client wanted a hybrid SOC that would employ the existing SIEM system from Positive Technologies as a source of events.
The company considered and tested several SOC solutions and providers. Softline ISOC was chosen due to its obvious advantages:
- Best price/quality ratio (brand-name development + automation);
- Personalized approach;
- Hybrid implementation based on PT SIEM (a key point for considerable savings);
- High-level SLA (24x7x365 response time);
- Official corporate center status with regulators;
- International certification by Carnegie Mellon University.
"GTLK is a high-tech company with a sound approach to cybersecurity strategy and high expectations about our contractors as well as their systems. Benchmark tests have demonstrated that ISOC has several advantages over competitors. It is a truly comprehensive automatic monitoring system for prompt detection and efficient investigation of cybersecurity incidents of any complexity. It means we will be able not only to keep up with the times but also remain one step ahead,"—said Sergey Bessarabov, Deputy CEO for Government Relations at GTLK.
"We are pleased that a high-tech and innovation-oriented company such as GTLK chose us as the main partner for cybersecurity incident and response services. Our skilled experts successfully completed the project as scheduled," commented Kirill Solodovnikov, CEO at Infosecurity, Softline Group.
"As a result, we have received an efficient cybersecurity monitoring and response center that can be easily adapted to any of our requests. In addition, SOC as a service can be modified fast, which is just as important to us as the reliable protection of the corporate infrastructure. Now the service has been commissioned and shows superb results," — said Sergey Rysin, Head of the Information Security Directorate at GTLK.