Executive directorate of the XXVII Universiade of 2013 about a monitoring system implementation project in the field of cybersecurity

On July 28, 2014 it became known of an implementation project of an information security monitoring system on the platform of the product HP ArcSight for the Universiade in Kazan. The complete solution is created by request of Executive directorate of the XXVII Universiade of 2013. Integrator in the AF ICL-KPO project.

Project Tasks

It was required to hold the Kazan Universiade at the highest level, ensuring physical security of guests and athletes, as well as security of information infrastructure.

The situation in the field of cyber security was complicated by factors of keen interest in an event, record attendance of the website of the Universiade, a huge number of users of the internal information systems working including far off. In addition - the world status of competitions meaning high reputational risks in case of serious incidents in the field of cybersecurity.

After in-depth examination of the offers presented at the market, optimal recognized a cybersecurity monitoring system – HP ArcSight, integrator - AF ICL-KPO company.

"Thanks to highly skilled approach of specialists of the companies HP and ICL-KPO OF AF in short terms we received the reliable system of operational round-the-clock monitoring which allowed to reduce significantly risks of emergence and development of incidents of information security. At the same time It should be noted that any serious incident for all the time of holding Student's Games was not allowed" — noted Vladimir Leonov, the CEO of executive directorate Kazan 2013.

Project Progress

The project on system implementation of information security monitoring on the ArcSight HP platform is carried out to a short time in two DPCs of the Universiade which actually represented hundreds of units of the multivendor equipment, servers, the software.

Less, than in two weeks connected more than two tens IT systems containing about 300 data sources to HP ArcSight. Such speed of works managed to be reached due to active and harmonious actions of engineers of AF ICL-KPO company with specialists of the companies contractors responsible for specific IT systems.

"Based on HP ArcSight the project team created a powerful tool of monitoring of events of security on all rovnyakh, allowing to exercise effective control of use of IT systems: collecting, analysis and storage of journal information, detection of the attacks on crucial elements of infrastructure and also automation of activities of personnel for monitoring of cybersecurity of IKTI Universiades-2013, - Andrey Kutukov, the director of HP Software in Russia told. - The feature of a system consisted that it allowed to select from all lot of events really important and to quickly notify on them responsibles that gave the chance considerably to lower load of personnel".

In DPC Universiades-2013 are unrolled components:

• server of management ArcSight Manager;
• 3 servers of agents of ArcSight SmartConnector for the sources placed in a network segment of personal data processing, segments of general purpose, segments of security aids.
• ArcSight Console management consoles in Command center information security of the Universiade-2013 (further SOC).
• the agents of ArcSight SmartConnector performing collecting and preprocessing of the events of security of DPC, RDPC and MKPD given from sources.

Basic functions of an information security monitoring system based on HP ArcSight software:

• collecting of events of security from sources of SIB and ICT of infrastructure of the Universiade of 2013;
• processing (classification, normalization, aggregation and correlation) of collected events of security;
• registration of incidents of cybersecurity;
• the operational notification of personnel about cybersecurity incidents;
• the centralized protected storage of collected events of security and the registered cybersecurity incidents;
• providing the interface for selection and the analysis of collected events of security and the registered cybersecurity incidents.

Project Results

The HP ArcSight system became that tool which the Command center of cybersecurity of the Universiade of 2014 implemented operational monitoring in mode 24х7 using the minimum number of employees.