Customers: Tinkoff Bank
Contractors: DialogNauka Product: FireEye (platform)Project date: 2015/06 - 2015/08
|
On September 22, 2015 the DialogNauka company announced project completion of delivery and implementation of a hardware-software complex of FireEye for protection against the purposeful attacks in JSC Tinkoff Bank.
Project Tasks
Because for the last few years a number of the Russian banks were exposed to the purposeful attacks, technical specialists of Tinkoff of Bank made the decision on need of implementation of an end-to-end system of protection against threats of "zero day" (the purposeful attacks). For protection against such attacks consultants of DialogNauka offered the FireEye system.
Office "Tinkoff Bank", 2014
The FireEye platform uses the mechanism of the behavioural analysis of potentially dangerous objects which are at the same time started on a large number of the special virtual machines (submitting different versions of the Windows operating system with different versions of the application software). Such analysis reveals threats which are implemented on different vectors of the attacks – by means of access for the user to the compromised website, by e-mail, at file exchange, etc. In addition to suppression of attempts of invasion into network of the company, the FireEye system also analyzes outgoing network traffic for the purpose of detection of already infected nodes in network on which the malicious code receiving control instructions from the Internet and/or transferring in the hidden mode outside the confidential information collected in network was set earlier.
Project Progress
In the selected segment of corporate network Tinkoff Banka specialists of JSC DialogNauka together with the staff of department of information security of bank held FireEye system testing. Within a pilot project several real purposeful attacks which were detected by the FireEye system are revealed. Functional and stress testing took place successfully and following the results the final decision on need of system implementation of FireEye for protection against the purposeful attacks was made.
In the course of implementation the scheme of implementation, the program and a test procedure is developed, installation of equipment, connection and setup of the FireEye system is executed. During trial operation of FireEye included elimination of the revealed shortcomings of setup, conducting acceptance tests and also transfer of a system to operation by forces of the trained specialists of Tinkoff of Bank.
"In the course of practical testing the FireEye system carried out the analysis more than hundred thousand e-mails therefore about 20 attempts of transfer of the malicious software via e-mail were revealed. In the analysis of web access a system also recorded attempts of operation of vulnerabilities of OS. During technology testing a system showed the stated functionality on identification of the main stages of the purposeful attacks – attempts of use of vulnerability of software set at workstations (use of an exploit), loadings of the malicious software and connection setup with the server of management. The FireEye system implemented the deep analysis of the malicious software with demonstration of the caused OS functions, changeable registry keys, the created files and OS services. Our department of cyber security obtained detailed information on the detected malicious software and suspicious network activity. This information allows to make further investigation of the recorded incidents of cybersecurity and to take measures for elimination of the revealed vulnerabilities. For counteraction to the attacks of new generation we made the decision on use of the FireEye system in bank and we consider this technical solution the best in the market", - Stanislav Pavlunin, the vice president, the director of the department of security of Tinkoff of Bank told.
Project Results
"From our point of view FireEye is one of the most effective solutions for protection against the purposeful attacks. We thank Tinkoff Bank for the choice of our company as the partner in the implementing solution FireEye and we hope for further mutually beneficial cooperation within technical support of this solution and new projects" - Victor Serdyuk, the CEO of JSC DialogNauka noted.
Technical support of the FireEye system will be provided by specialists of DialogNauka.