What was received by service cybersecurity of Severstal as a result of implementation of SIEM

On October 16, 2015 the companies "Severstal" and "Jet Infosystems" announced start of the uniform tool automating process of collecting, storage, the analysis and event management of the information security (IS).

Project Progress

The event management system of cybersecurity is implemented on the basis of a product of HP ArcSight ESM. Under action of the project three platforms of Severstal company distributed geographically in the European part of the Russian Federation got.

Severstal (2013)

Experts of Jet Infosystems company, using data on IT infrastructure of Severstal company and the operating processes of providing and management of cybersecurity, created the project and implemented an event management system.

For October 16, 2015 more than 400 different sources are connected to it (including the OS, DBMS magazines, means of antivirus protection, network protection and so forth), more than 100 specialized rules are configured. For information enrichment integration with a number of systems for which additional connectors are developed is carried out: SAP Business Objects, ACS, portal of IT services, etc.

Integration with a control system of security and compliance to standards (MaxPatrol), the company which is previously implemented in IT infrastructure "Severstal" is executed (in total more than 4 thousand items of equipment, including workstations and servers running OS Microsoft Windows and Unix, network equipment, DBMS MS SQL i Oracle). The tool created on the basis of this system in the automatic mode according to the schedule carries out inventory of all infrastructure, determines the level of security of its components, reveals vulnerabilities of information resources and notifies on them, creates recommendations about their elimination according to the configured security policies (corporate and industry).

Project Results

"We received the single console of monitoring of events of cybersecurity from a large number of the diverse systems. From these events, according to the statistics, several tens are incidents with the different level of criticality, – Konstantin Ivanov, the manager of management of information security support of Severstal company told. – We also managed to minimize the volume of manual data processing, and now we have an opportunity to quickly make decisions on the basis of analytics depth before half a year".

As a result of implementation the cybersecurity service of Severstal company had an opportunity to proactively reveal the cybersecurity incidents connected with operation by malefactors of vulnerabilities of basic components of information systems, lack of updates or unsafe settings.

"The created system by the parameters is wider, than classical SIEM, – Evgeny Akimov, the director of business development of Information Security Center of Jet Infosystems company explained. – Due to deeper study of rules taking into account features of processes and IT infrastructure of the company (for example, on violations password the politician, to atypical user behavior in the domain, abnormal network activity and so forth) a system creates the incidents enriched with the additional information and the connected sequences of events that much simplifies and accelerates investigation process".

In a system the role model of access for users allowing to differentiate areas of responsibility and a set of work benches, available to use, according to the rights (the administrator or the analyst) appropriated to them is implemented. Along with a system about 10 people can work, using the single console or the web interface.