Ingosstrakh secured a documents acceptance online service

On December 22, 2016 Positive Technologies company announced integration of a system of detection of the harmful PT MultiScanner files with a documents acceptance online service on insured events (KASKO and the CMTPL) to SPAO "Ingosstrakh".

Project Tasks

Earlier the procedure of submission of documents assumed personal visit of office of insurance company. After integration of systems the Ingosstrakh company offers the clients an online service, considerably reducing time for receiving insurance payments. It is enough to users to load necessary files by means of terminals at offices of insurance company or through a personal account on the website and to send them to insurance company.

Advertizing Ingosstrakh, (2016)

One of the most widespread methods of gaining access to confidential data — attacks to web service with the subsequent infection of infrastructure with the malicious software. Experts note growth of the targeted attacks directed to computer hacking or accounts of users of the specific companies recently. In 2015 in 30% cases of the attack were made on corporate resources. Because insurers should load independently files on service, risk that the infected document will be loaded, it is very high. Therefore one of the tasks facing us — to provide operational detection and timely blocking of spread of viruses. The system of detection of the harmful PT MultiScanner files of Positive Technologies company was for this purpose selected. Integration of a system with our online service and other systems of protection allowed to increase security of our corporate resources. Andrey Polomoshnov managing the sector of operation of information security tools of SPAO "Ingosstrakh"

Project Progress

Experts of Positive Technologies analyzed work of an online service of Ingosstrakh company and created a number of recommendations about security of the created service. According to them experts of Ingosstrakh with assistance of specialists of Positive Technologies implemented support of the ICAP protocol, set and configured the ICAP client.

Further specialists of vendor adapted and configured PT MultiScanner taking into account architecture of an online service and IT infrastructure of insurance company. As a result the PT MultiScanner system is integrated into the operating infrastructure.

Project Results

We were faced by a serious problem — to help Ingosstrakh company to increase the level of security of an online service on documents acceptance about insured events. We it is the most productive and in short terms performed expert evaluation of information security of service. Besides, we considered the existing technical restrictions of the developed service which demanded from our party of operational completion of PT MultiScanner. Joint work with specialists of Ingosstrakh allowed to finish quickly a product and to effectively integrate a system into the existing customer's infrastructure. We consider, it is good practice when issues of information security are resolved at early development stages of new services. Participation in the project gave us invaluable experience of creation of a system of protection for insurance companies. Evgenia Krasavina, head of protection against purposeful threats, Positive Technologies

The implemented system allows insurance company to control the arriving content, to counteract threats, to reveal distributed in attack time and to investigate incidents by means of integration with other security systems. Safe loading of files via terminals at offices of the company and also through a personal account of the user is as a result provided.