Varonis has implemented solutions for automated cybersecurity and cyber risk management in VBRD

2021: Implementing Cyber Risk Management Automation Solutions

On March 22, 2021, Varonis announced the implementation of solutions to automate cyber risk management and increase the level of cybersecurity at the All-Russian Regional Development Bank (VBRR).

As a result of the project, it was possible to bring banking processes in line with the requirements of the international PCI DSS security standard, establish event monitoring and reduce the time required to detect cyber threats and investigate incidents.

The proposed technical solutions helped to ensure the control of access to unstructured data, to fix the perimeter of finding critical parameters. To do this, the Varonis cybersecurity platform module for monitoring file servers and the classification module for searching for sensitive data were introduced.

Even at the pilot project stage, the bank set us specific tasks - first of all, the customer needed to get an idea of ​ ​ where the critical data are and who has access to them, "said Mikhail Figin, director of business development at Varonis in Russia. - Then build and automate the process of monitoring this data - who turns to them, which files work with, what activity leads, track suspicious activity and receive alerts about violations. During the pilot project, we showed how we can solve these problems.

In this way, the EBRD has worked to automate control procedures by implementing a module for automatic migration/transfer of data according to a set of criteria set by the customer. This allows you to search for critical data and move it to quarantine or folders where it should be stored automatically. As a result, the control of access rights to data and the control of the data itself have become faster and less labor-intensive.

Compliance assessment is one of the main applications for information security creditnofinancial organizational units. This is usually a rather complex and resource-intensive process, but not for us. As part of the project with Varonis, about 30 internal reports related PCI to DSS were implemented. Now, in order to ensure annual confirmation of the implementation of individual procedures that comply with security standards Payment service providers and requirements, it Bank of Russia is enough for us to form and upload ready-made reports, ensure the periodic work of the operators of the Varonis complex according to the specified regulations and periodically optimize the implemented procedures for monitoring information security, "comments a Igor Popov representative of the information security unit of the All-Russian Regional Development Bank (IBRD).

The bank also introduced a behavioral analytics module, which allows you to instantly record abnormal events, whether it is an attempt to "break through" to inactive data, an unusual download or mass deletion of files, and respond to incidents or violations of security policies.

In addition, the implementation of Varonis solutions allowed the customer to bring the security system to compliance with the model of least privileges (or the model of zero trust). This became possible thanks to the optimally selected stack of Varonis solutions, the capabilities of which meet the philosophy of the zero-trust model. They classify and analyze information flows, segment IT infrastructure in terms of access rights, and continuously analyze storage systems for abnormal behavior.

It is worth noting the high professionalism and responsibility of the bank's team responsible for information security, "said Vladimir Vechirniy, leading Varonis system engineer in Russia. - Due to active interaction, the entire project took only two months from procurement to industrial operation. During this time, we not only conducted initial training for employees in working with platform modules, but also assisted in the development of regulations for implementing the Zero Trust model and achieving full compliance with PCI DSS requirements.