| Customers: Moscow Hilt brewery (EFES Group in Russia) Contractors: Andek Product: McAfee Enterprise Security Manager (ESM)Project date: 2015/01 - 2015/04
|
On May 28, 2015 the Andek company announced project completion of system implementation of monitoring of events of information security on the McAfee ESM platform in virtual environment of Efes Rus company.
Project Tasks
Employees Andek booked audit of personal data processing in Efes Rus company. System implementation of monitoring of events (SIEM) - one of the recommendations which are taken out based on this project focused on execution of requirements for event management of information security in personal data information systems.
Warehouse Efes Rus terminal, 2014
Development of IT infrastructure, growth of number of users, expansion of a range of applications led to increase of the amounts of data requiring the analysis that as a result of steel the basis for outputs of company management about need of implementation of a SIEM system.
Project Progress
At a project definition phase to specialists of Andek the customer set the task not of simple implementation of a SIEM system - it is necessary to provide connection of specific sources of events, to execute monitoring of actions of privileged users and control of use of SAP applications.
In addition to standard sources of events (operating systems, network equipment, the anti-virus systems), especially for this project the contractor created custom processors of magazines for several systems:
- audit DBMS DB2,
- magazines of audit of SAP applications
- magazines of traffic of the MS Exchange 2013 system.
It helps with collecting of events from sources.
For control of privileged users integration of a system into several domains Active Directory is executed.
Using a SIEM system monitoring of appointment and use of privileges (roles) of SAP, monitoring of start of critical business transactions in real time and generation of the historical reporting is prepared. The rules of correlation which are automatically revealing critical incidents of cybersecurity and notifying responsible personnel of the customer on the events are configured.
Project Results
"The system of automatic informing proved positively. It allows to build automatic preventive control on a number of transactions and processes which can be considered critical, allows to react online to the arising threats regarding emergence of critical combination of powers. The implemented SIEM system is the additional, but not excess instrument of control" – Pavel Shvets, the manager on internal control of Efes Rus company emphasized.
The completed project increased the level of protection against external threats. Specialists of Efes Rus received the complete picture of the events in corporate network visualized and arranged.
A SIEM system performs the centralized collecting, processing and storage of events of information security, besides it gives opportunities to use the reporting of different extent of detailing and the period that facilitates conducting investigations of incidents.
Dmitry Nikiforov, the head of directorate of project implementation of Andek company commented on this project: "We are glad that an opportunity to participate in this project was provided to us, specialists of our company got unique experience of direct connection of magazines of audit of SAP without the aid of third-party means. We hope that our old and effective cooperation regarding implementation and development of the systems of information security support will continue and further".
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |