The Otkrytiye bank and Neoflex implemented the analytical platform on Big Data technologies

On January 22, 2020 the Neoflex company, the developer of IT platforms for digital transformation of business, announced project completion on implementation of the analytical platform of monitoring of events of the information security constructed on BIG DATA technologies in Otkrytiye bank. The bank received the reliable and convenient tool allowing continuously, to register, analyze and react in real time to different sorts incidents.

Monitoring of events and information system protection for financial institution of such scale is one of key problems of security of business. In the Russian credit and financial organizations approach to the solution of this task becomes more and more system. It is caused by emergence of new software products and the general growth of the importance of the analysis and risks assessment and also need to conform to accepted standards of security of financial systems.

Within the project solutions based on a technology platform of Oracle Big Data Appliance, the including Cloudera Data Platform (Hadoop, Kafka, Spark Streaming, Kudu, Parquet, Avro, Impala and other products of an ecosystem) were used.

Using high-performance stream analytics of Spark Streaming there is a capture of logs and the continuous analysis about 60,000 messages per second regarding potentially dangerous or abnormal situations. A log are structured and gather in show-windows of Kudu, Parquet and Avro to which analysts of divisions of the information security (IS) can execute ad-hoc requests, using syntax of SQL. All abnormal situations are grouped in show-windows of incidents with the reference to the source of events in logs. A system supports loading of logs from eight data sources, day volume - about 1 Tb a day. The platform can extend c use of flexible opportunities of horizontal scaling of Big Data of a cluster.

Thus, the staff of department of information security of bank gets online access to data of monitoring at the expense of what they can trace more effectively cybersecurity events in real time. At the same time the platform allows to store history of events from where it is possible to obtain data for assessment and the subsequent risk analysis and acceptance of reasoned decisions on information security support.

Within project implementation flexible development approaches of the platform were applied. Implementation of the analytical platform will allow bank to refuse expensive and difficult scalable eventing systems of cybersecurity in the future. The project comprised several calls on a joint of technologies and data domain with which the joint command of Neoflex and Otkrytiye bank successfully coped at once, having got invaluable experience and the solution which is used by bank. The got experience is replicated and can be applied in other companies of the financial and non-financial sector, – Vadim Shilak, the head of Competence Center of Big Data "Neoflex" emphasized

In Otkrytiye bank complex approach is applied to information security support. Use of the analytical platform allows to automate and systematize process of monitoring of events of security that leads to increase in efficiency of all security system of bank. Use of Big Data technologies allows to receive and react to security events in real time. Work of specialists of Neoflex company differs in complex approach to solving of tasks, high professionalism and technology examination that allowed to implement the project in only 7 months with the good quality level and studies, – Ilya Korotkin, the head of service of monitoring and response to incidents of information security of management of monitoring, methodology and control of department of information security of Otkrytiye bank commented