Solar JSOC experts helped protect the infrastructure of Rosseti Ural

2020: Rosseti Ural Infrastructure Incident Monitoring and Response Project

The company Rostelecom Solar"" implemented a project to monitor and respond to incidents in the infrastructure Interregional Distribution Network Company of the Urals (operates under the brand name "Rosseti Ural"). In just 1 month cyber attacks Solar JSOC , all 3 branches of the company were connected to the monitoring and response center, providing and, electric power Sverdlovsk Chelyabinsk areas as well. At Perm Krai the same time, Solar J SOC implemented - IB monitoring not only the network IT, but also the technological segment (), INDUSTRIAL CONTROL SYSTEM and also performed Rosseti the function of the center for Ural, establishing GOSSOPKA data exchange with the system. This was reported on February 18, 2021 in -Solar.Rostelecom

The interaction in the project was built on a hybrid model. Rosseti Ural provided hardware capabilities and identified priorities for monitoring and responding to incidents. On the side of Solar JSOC experts - support of information security event management system (SIEM) and control of continuity of data transmission to it from all protection systems, as well as identification and analysis of cyber incidents and notification of them to the customer.

Solar JSOC services were provided by Rosseti Ural based on the SIEM MaxPatrol installed on the customer's infrastructure. As sources of information about events, not only employee workstations and servers were used, but also sources in the segment of the company's technology network (APCS). The flow of data transmitted from information systems and security tools to the SIEM system amounted to more than 5.6 thousand events per second.

During the implementation of the project, Solar JSOC replaced the standard attack detection rules prescribed in SIEM with scenarios adapted to the requirements of the power grid company. In total, more than 30 such scenarios were launched.

"Usually, organizations representing, industry, oilgas to the power engineering specialist are afraid to let contractors into their APCS. At the same time, cyber attacks on industrial networks are significantly different from attacks on, and IT Infrastructure attackers most often use complex and castomized ones, malicious software so it is extremely difficult to detect their actions without the help of external specialists. Colleagues from the electric grid company, on the contrary, understand the need for full monitoring, including APCS, and we are pleased that they chose Solar JSOC as partners, "said Rostelecom-Solar, Vladimir Dryukov director of the Solar cyber attacks JSOC monitoring and response center.

"Our first priority in the field of cybersecurity, as an infrastructure company, is to adopt the best and most effective software, actively introducing domestic developments. A successfully jointly implemented project will allow us to provide a qualitatively new level of protection for our information systems, "said Sergey Bondarenko, Deputy General Director for Security of Rosseti Ural.