Background
In July 2017 GTLK in partnership with Infosecurity commissioned MaxPatrol SIEM platform, the information security event management system capable of detecting and responding to incidents in real time.
In the process of product choosing the capabilities of several products of the same class were analyzed in detail. The customer considered both Russian and foreign solutions, since the company wanted a comprehensive solution complementing the existing security systems used at GTLK.
Solution
After analysis of all potential threats, risks and costs, the solution of "Positive Technologies" CJSC was confirmed as the best option for implementation. The modular architecture allows a system configuration that meets the highest requirements and offers distinct functionality, thus the company can achieve significant savings when implementing the solution. Another benefit was the corresponding certification of the Russia's FSB security agency and listing in the Register of Domestic Software, which is important taking into account the existing imports phase-out requirements.
However, in the modern world the information security cannot be a single implemented project. Cybercriminals' technologies are also evolving. Therefore, our strategic goal is the constant development and optimization of solutions and processes for ensuring cyber security.
The new regulatory requirements of the State Law 187-FZ and GosSOPKA (State system for detecting, preventing and eliminating the consequences of computer attacks) as well as the rapidly growing branch network have become drivers for the solution development; also this meant that a SIEM solution, even with the optimal configuration, is no longer sufficient to detect cyberattacks at early stages and to resolve incidents quickly in the majority of IT systems.
The current need is the analytical system, the methodology and incident management processes, the system for monitoring and responding to info security incidents 24/7.
In addition, partnership with "Positive Technologies" PJSC in 2018-2019 resulted in improvement of the automated analytics in physical security systems and perimeter-based security systems. These improvements proved that there was the need for upgrading the simple data processing and correlation system, and constant system analysis efforts were made for deeper data parsing.
Results
All these circumstances resulted in the choice of a provider offering the cyber security monitoring and response services, i.e. the Security Operation Center. Not just an on-premise or cloud SOC, but a hybrid SOC capable of using the existing GTLK's SIEM by "Positive Technologies" PJSC as an event source.
The company considered several SOC solutions and providers. Based on the results of validation, pilot testing and comparison, the ISOC offered by Infosecurity was chosen due to several obvious advantages:
- Optimal value for money (proprietary solutions + automation);
- individual approach to client's requirements;
- hybrid implementation based on PT SIEM (a key factor for us when choosing a provider, since it gives significant cost reduction due to involving the existing SIEM);
- high-level SLA (response time 24/7/365);
- status of the official corporate center of GosSOPKA (State system for detecting, preventing and eliminating the consequences of computer attacks);
- international Infosecurity CERT by Carnegie Mellon University.
Example of ISOC technologies interaction