Bank "St. Petersburg" automated IB processes using R-Vision technologies

2021: R-Vision Implementation

Bank "St. Petersburg" has introduced the R-Vision software complex to accelerate information security processes and reduce the burden on IB specialists. With the help of SGRC and IRP products, the IB team of the financial institution has already automated routine tasks for managing audits, cyber incidents and risks. This was announced by R-Vision on December 1, 2021. The bank's immediate plans are to expand the application of the platform to asset and vulnerability management processes, as well as implement cyber risk management based on it according to the requirements of the Bank of Russia.

IB specialists of Bank "St. Petersburg" regularly check the internal information security system for compliance with corporate regulatory documents, requirements of Russian legislation and international standards. To accelerate and simplify this activity, the IB team of the financial institution needed a specialized tool for automating IB audits. In addition, the bank decided to create its own center for monitoring and responding to cyber incidents (Security Operation Center, SOUND). Because the SOUNDteam operates around the clock with a large stream of security events, it needed a platform to accelerate its response to cyber attacks.

When choosing solutions, the bank's specialists focused on the presence of built-in algorithms for managing IB audits and incidents and supporting Russian banking standards. After analyzing the products presented on the market, the bank decided to stop on the R-Vision platform.

It was important for us to find a solution that was optimal in cost and functionality. R-Vision products did not require improvements on our part, we received everything we needed 'from the box'. The solutions are easy and easy to install because the vendor has provided us with well-documented, understandable implementation instructions. Our long-term cooperation also played in favor of R-Vision, during which the company continuously developed its products and shared accumulated expertise with us, "said Dmitry Babkov, Director of Information Security at St. Petersburg Bank.

The Bank uses the SGRC platform as a single tool for managing all checks of the information security system compliance with internal standards and regulatory requirements. Due to the response scenarios built into the IRP platform, the financial institution was able to significantly reduce the burden on first-line RAC analysts and minimize the risk of errors in incident processing due to the human factor. On the basis of the R-Vision IRP product, the bank also organized interaction with the Center for Monitoring and Response to Computer Attacks in the Credit and Financial Sphere of the Bank of Russia - FinCERT. Using the system, bank specialists send incident reports to the regulator on legal requirements. In addition, the R-Vision software complex allows the entire IB team of a credit institution to work in a single information space. This helps to ensure the transparency of the built IB processes for all specialists involved in them.

In the near future, Bank "St. Petersburg" will expand the use of R-Vision products. Specialists of the financial institution plan to build a cyber risk assessment system on the basis of the SGRC platform according to Bank of Russia Regulation No. 716-P. Before the appearance of special requirements of the regulator, the bank solved this problem on the basis of expert assessments. In addition, the IB specialists of the financial organization plan to use the R-Vision platform as a single master system for asset inventory and automate vulnerability management with its help. This will allow the IB team not only to timely identify security flaws in the systems used in the bank, but also to monitor their elimination.

At Bank "St. Petersburg" we realize the optimal life path of our products at the client, when with their development we constantly improve and expand the scope and depth of automation of IB processes in a particular organization. To do this, we regularly communicate with the IB service of the bank, working out new and current cases with the help of consultants, analysts and engineers, "said Vsoslav Solenik, director of the R-Vision Expertise Center. - Valuable feedback and wishes of colleagues over the years of cooperation have introduced into the "box" product a number of useful functions that are actively used by our other customers. And the implementation of the case for compliance with the requirements of Regulation No. 716-P "turnkey," as well as the advanced automation of the vulnerability management process, are one of the most sought-after innovations in the R-Vision platform in 2021, and here colleagues from Bank "St. Petersburg", as before, are at the forefront of increasing the maturity of the processes of IB and IT.