The Qiwi group took incidents of information security under control

On August 27, 2015 it became known of start in operation by the QIWI group and Jet Infosystems company of an automated system of control and monitoring of incidents of information security in infrastructure of a payment service of QIWI^[1].

Project Progress

The control system and monitoring of incidents of cybersecurity executes the centralized collecting, correlation and the analysis of events of information security from a set of sources, automates processes of protection of databases.

QIWI group, 2014

A system is implemented on the platform of solutions IBM Security QRadar SIEM and IBM Guardium. Its implementation helped to reduce time for search and the analysis of events of cybersecurity in a distributed infrastructure of QIWI, to execute monitoring of requests to databases and registration of events of information security in DBMS, it is essential to raise the overall level of security of corporate information infrastructure. A system helps to provide compliance to international standards, it PCI DSS as well as SOX.

"System implementation of control and monitoring of incidents of cybersecurity became a serious step in development of a complex of security of QIWI. This system allows to react in the shortest possible time to incidents and to keep track of all activity in our infrastructure. In total with a monitoring system of databases the complex allows to detect unauthorized activity at the earliest stage", – Kirill Ermakov, the Chief information security officer of the QIWI Group reported.

Project works partners covered three platforms in Moscow – two data centers and the central office of the customer.

Specialists of Jet Infosystems company conducted preproject examination of infrastructure of a payment service of the customer, created the project documentation and implemented solutions. More than 1800 sources of events of 20 different types are connected to a control system and monitoring of incidents of cybersecurity. Statistically, in day about 100 GB of events and 50 GB of network traffic are processed.

Agents of IBM Guardium are set on the main productive and test databases, the functionality of masking (partial concealment at display) the brought critical these clients of QIWI service works.

Project Results

"Bright feature of the project with QIWI – a large number of the connected sources. Part of them were non-standard, and development of special parsers was required, – Evgeny Akimov, the director of business development of Information Security Center of Jet Infosystems company noted. – This work was performed in close interaction with IT administrators and developers, some of the systems of QIWI were in addition optimized under this project".

The IBM QRadar single console allows to analyze the information flows passing through a control system and monitoring of incidents of cybersecurity, to create reports, notifications on security incidents in the mode close to real time.

For efficiency evaluation of the created system the QIWI Group carries out independent works of the external and internal analysis of security (pentest). Based on testing specialists of the QIWI Group highly appreciated possibilities of the implemented system on detection of threats of cybersecurity and suspicious activity in the infrastructure systems.

Notes