Translated by

Rosbank increased the level of protection of infrastructure of applications using Prisma Cloud

Customers: JSB Rosbank

Moscow; Financial services, investments and audit

Contractors: Jet Infosystems
Product: Palo Alto Networks Prisma Cloud (ранее Twistlock)

Project date: 2019/08  - 2020/01
Number of licenses: 20

2020: Implementation of the Prisma Cloud platform

On February 13, 2020 Rosbank announced implementation together with IT- the company "Jet Infosystems" the project on implementation of the platform Prisma Cloud for protection infrastructures applications. Using it the credit institution already ensures safety of two applications remote banking and is going to scale the solution on new developments.

Office of Rosbank. Photo:

Automation of safety features allows Rosbank to increase quality of services with the minimum influence on the speed of their release — time-to-market. A broad set of means which in total allow to accelerate development process and deliveries of software to end users is applied to reduction of this parameter in credit institution. For example, programmers actively interact with IT infrastructure specialists and operation of solutions. At the same time different commands apply uniform approaches to creating applications and identical automation equipment of development and testing of the code. Phased transition from monolithic architecture of applications on microservice became one more component of acceleration of time-to-market in Rosbank: for this purpose the credit institution uses container environments based on the platform of management of the containers OpenShift.

To build the reliable protection of infrastructure which is meeting all requirements for information security and having the minimum impact on time-to-market in bank the decision to implement the Prisma Cloud platform — the solution of Palo Alto Networks was made.

"Use the practician and instruments of acceleration of development process of software opens great opportunities for development of bank services. At the same time it puts before us new calls: classical means are not suitable for protection of constantly changing microservice architecture, besides security should not slow down release of applications. With respect thereto the decision on start of the project on implementation of Prisma Cloud for protection of infrastructure of applications was made",

At implementation the project team was faced by a task to protect architecture on which in bank development of two applications was conducted: 80 microservices unrolled on 543 containers. For this purpose experts Jet Infosystems developed own framework on formation of complex model of protection of the environment of containerization taking into account all stages of lifecycle of a container — Jet Container Security Framework (JCSF). Being guided by the best practices in the field of cybersecurity, specialists broke into all threats and control of security on three levels: cluster, orkestrator and containers.

"That security did not become threat for time-to-market, it needs to be integrated seamlessly into all development stages of the software by the principles of DevSecOps. Quite so we approached the project on protection of the microservice architecture used in Rosbank. The developed framework helped us even prior to the main works to understand what bottlenecks could be closed using the implemented platform what risks could be accepted and that was required to be finished",

For determination of points of embedding of the solution and formation of requirements to it specialists of integrator together with representatives of Rosbank analyzed the pipeline of development (pipeline). Building of processes, including on management of vulnerabilities and compliance, took place at close interaction of cybersecurity experts Jet Infosystems with development teams of Rosbank. The scheme at which information on the most critical vulnerabilities in the application is added to a JIRA instruction space was as a result developed, and problem definition on their elimination happens within planning of the next sprint (sprint). Also specialists of integrator and credit institution jointly studied a target solution architecture.

"At design of the solution Prisma Cloud it was necessary to consider features of a cluster of OpenShift in bank. The specifics consisted in fulfillment of requirements of the international standard of security of the PCI DSS payment cards regarding isolation of certain data types. It complicated process of receiving images and data on vulnerabilities of a cloud of Palo Alto Networks. It was succeeded solve this and other uncommon problems to us thanks to productive interaction with specialists of Rosbank",

'Anastasia Ditenkova, the senior design engineer of Information Security Center of Jet Infosystems company noted'

Installation of the solution at capacities of credit institution through joint efforts of a project team of integrator, IT and cybersecurity specialists of Rosbank became the final stage of the project. The implemented platform protects containers in real time and allows to reveal and prevent timely vulnerabilities for all lifecycle of the application. As of February, 2020 about 20 users, in the closest plans of Rosbank — to scale the solution on other development teams can work with a system at the same time.