MaxPatrol SIEM provides the continuity of work of information systems of authorities of the Komi Republic

On June 18, 2019 the Positive Technologies company reported that the Public autonomous institution of the Komi Republic "Center of information technologies" (GAU RK "CIT") which is responsible for development of information society and formation of the electronic government in the region uses MaxPatrol SIEM for identification of incidents. The information security department of the center possesses the complete information about infrastructure, traces events of cybersecurity and network traffic and also in real time reveals critically dangerous incidents. For the first week of operation of a system seven malware in the state systems of the Komi Republic were revealed and localized.

As of June, 2019 infrastructure of GAU RK "CIT" includes 2600 workstations, 600 servers and information security tools. On servers are processed the system of a citizens' appeal in public authorities and the state information systems of the Komi Republic from 1 on 3 classes of security. Violation of security of these systems can entail negative effects in social, political, international, economic, financial and other spheres of activity of the region. Earlier for the analysis of events of cybersecurity the organization used the SIEM system of foreign production, but because of difficulties when receiving technical support and requirements of the legislation the leaders of the center decided to replace a system. Won against the offer on delivery of the MaxPatrol solution of SIEM the held competition. The product maintains a large number of sources, constantly is replenished to examination packets with new rules of correlation and also is included in the register of domestic software. The division of cybersecurity managed to implement and configure independently in three weeks MaxPatrol SIEM. Sources of events for monitoring were during this time defined, processes of interaction with IT service are built, regular audit of infrastructure, acceptance of network traffic for its complex analysis is configured. Workstations and sources with the greatest number of events, among them — intrusion detection systems, anti-virus solution, firewalls were connected to a SIEM system.

Also specialists of GAU RK "CIT" independently wrote rules of correlation for identification of incidents — with it they were helped by the training materials Positive Technologies on the portal of technical support. During the project Positive Technologies technical support service quickly reacted to requests of GAU RK "CIT" and helped to configure sources of events.

"On GAU RK "CIT" responsibility for smooth operation of information systems, significant for the Komi Republic, lies. For us ensuring their information security and rapid response to cyberthreats — tasks number some. Implementation of MaxPatrol SIEM allowed us to create the effective system of identification of incidents in the shortest possible time and for the first week of operation to reveal and prevent serious threats", noted Denis Rychkov, the head of department of information technical protection of management of security of GAU RK "CIT"

In plans expansion of area of monitoring MaxPatrol SIEM — connection of all workstations and servers on Windows. Also MaxPatrol SIEM will become a security system core in the regional center State system of detection, prevention and elimination of consequences of computer attacks which will be constructed based on GAU RK "CIT". The State system of detection, prevention and elimination of consequences of computer attacks center will perform monitoring of events of cybersecurity, to reveal and investigate incidents in information systems of authorities of the Komi Republic and to announce them in the National coordination center for computer incidents.