Customers: Mobile TeleSystems (MTS) Moscow; Telecommunications and Communications Contractors: DialogNauka Product: HPE ArcSight ESM (Security Information and Event Management, SIEM)Project date: 2015/04
|
April 13, 2015. The DialogNauka company announced project completion on delivery and system implementation of event management of information security based on HP ArcSight for JSC Mobile TeleSystems.
Choosing a Solution
Effective protection of a multi-service and geographically distributed corporate network of the largest mobile operator of Russia against modern threats of information security requires strict observance of information security policies and also ensuring monitoring of events of information security, timely identification of possible incidents and functioning in real time of the mechanism of response to incidents of information security. Only implementation of such complex approach for process management of information security can provide the adequate level of protection.
Therefore for providing a comprehensive protection of JSC Mobile TeleSystems with technical specialists the decision on implementation of one of the leading world SIEM solutions was made.
The system of HP ArcSight ESM allows to automate process of collecting and information analysis about security events and also to increase efficiency of decision making on response to the incidents connected with security violation. ArcSight ESM within the project of JSC Mobile TeleSystems were selected by the main sources of events of information security for HP: application software, network devices, firewalls, means of antivirus protection, analysis system of vulnerabilities and operating systems of servers. The choice of DialogNauka was caused by wide experience of implementation of the HP ArcSight systems in the territory of Russia and the CIS, existence of the high partner status on the products HP ArcSight in Russia and staff of the certified specialists.
Project Progress
At the first stage on system implementation of monitoring of events of ArcSight ESM in the Moscow region examination for the purpose of collection of information on the connected sources of events and for setup of the necessary modes of audit on sources of the events defining the list of the registered incidents was conducted. The list of the reports demanded from a system was specified and sources of events for which development of connectors is necessary are defined. Also technical solutions on creation of a monitoring system were developed and it is designed system architecture, programs and techniques of acceptance tests are created. Directly implementation of HP of ArcSight ESM included installation and setup of all its program a component and also integration with corporate systems, connection of sources of events of information security and development of connectors for sources of the events which are not supported regularly. The followed trial and commercial operation of HP of ArcSight ESM included setup of rules of correlation for identification of critical events and incidents and also creation of screen forms and reports for Information Security Service. Also in end of a stage complex training of specialists of JSC MTS who will operate HP ArcSight ESM was provided.
At the second stage of implementation on already fulfilled technology for collecting and storage of events in other six macro-regions of JSC MTS the HP solution of ArcSight Logger was used.
Result
Thus, the ArcSight ESM HP platform acted as a monitoring system core, and HP solutions of ArcSight Logger in macro-regions were used as a subsystem of collecting, storage and the analysis of events. At the same time the central server of storage of events of information security of HP ArcSight ESM accepts and processes only those events which are used in correlation analysis for generation of incidents of information security. Unlike it a HP server of ArcSight Logger are used in each macro-region for long-term storage of events including events which are not transferred to ArcSight ESM for one reason or another at once, representatives of the company integrator reported TAdviser.
"The status of the chief mobile operator performing the huge volume of transactions with clients obliges us to pay to questions of information security special attention, – Mikhail Kurzin, the head of department of information security support of JSC Mobile TeleSystems notes. – Therefore among the most important problems of implementation of HP ArcSight there was an organization of continuous control of all aspects of security of corporate network MTS and external perimeters of MTS through integration with critical IT systems and the systems of IT security with sale of the mechanism of control of execution of information security policies of the company. A system was planned for use as a uniform point of monitoring of IT and cybersecurity infrastructure for ensuring functioning in real time of process of response to incidents of information security. Also for us the organization of long-term storage of events of information security and deployment of process of the regular reporting on the basis of the received audit events with visualization of magazines was important for pro-active monitoring of a situation".
"When choosing the technological solution we unrolled pilot projects, studied materials of vendors and the accumulated experience of successful implementations of SIEM solutions at a number of system integrators. After the analysis of offers from possible suppliers the decision to purchase and implement HP ArcSight monitoring system was made" - Mikhail Kurzin, the head of department of information security support of JSC Mobile TeleSystems gave the comment.
"Due to use of such architecture from two systems of HP implementation solved three global problems: long storage, quick search and correlation in real time, – Mikhail Kurzin, the head of department of information security support of JSC Mobile TeleSystems notes. – System implementation allowed to reduce significantly risks of IT security, to react proactively to cybersecurity incidents, preventing them at an origin stage, to perform quick search of events for long time frames. Due to automation of correlation actions the efficiency of department of information security support and speed of investigation of incidents significantly increased".
"Today the product line of HP ArcSight is one of the most effective solutions intended for monitoring of events of information security. Our specialists, together with the staff of JSC MTS, spent a full stroke of complex works on automation of process of collecting and information analysis about the events of security including carrying out inspection, delivery and setup of HP solutions and also training of specialists. Results of implementation of HP of ArcSight ESM in JSC MTS from our point of view will allow to provide more effective management of incidents of information security. We thank JSC MTS for the put trust and we hope for further mutually beneficial cooperation" – Victor Serdyuk, the CEO of DialogNauka company notes.