RTK-Solar protects the industrial segment of the Commonwealth infrastructure from cyber attacks

2022: Connecting the industrial segment of the enterprise to Solar JSOC

The Sodruzhestvo agro-industrial group has expanded cooperation with the center for countering cyber attacks Solar JSOC of RTK-Solar, which announced this on November 2, 2022. Now not only the corporate network is connected to the information security monitoring service, but also the industrial segment of the enterprise (hosts and servers). This will effectively protect the entire distributed infrastructure of the company, including factories in the Kaliningrad and Kursk regions, from targeted attacks and quickly identify violations of security policies.

Cooperation between RTK-Solar and Sodruzhestvo Group of Companies began in 2018. As of November 2022, 60 sources of information security events in the closed (industrial) segment and 383 sources in the corporate segment were connected to monitoring. To identify incidents, Solar specialists JSOC launched about 80 scenarios that allow, among other things, to determine the suspicious activity of users in non-working hours, time the launch of illegitimate ON and TOR, changing the access settings of network equipment, violation of the integrity of the industrial segment, violation of technological processes. At the same time, the list of scenarios is constantly being finalized and updated, which helps to significantly reduce false system positives.

The data flow from information systems and security to the SIEM system is 2700 events per second. When suspicious activity is detected, Solar JSOC experts conduct an initial investigation and issue a detailed incident card with response recommendations to the customer's information security service. In addition, RTK-Solar analysts periodically send recommendations to the customer to close critical vulnerabilities and, if necessary, are involved in investigations of information security incidents. In general, this significantly reduces the burden on the service of information security of the Sodruzhestvo Group of Companies.

Usually, organizations in the industrial sector are afraid to let contractors into closed segments. At the same time, cyber attacks on industrial networks differ significantly from attacks on IT infrastructure. Usually, highly qualified attackers are behind them, who carefully prepare for an attack and use a complex HVE, so it can be extremely difficult to detect their actions without the help of external specialists. And against the background of an increase in the number of cyber attacks, the protection of such significant and large subjects of KII as the Sodruzhestvo Group of Companies becomes a priority task. And it is especially important that colleagues from the production holding also understand this, "said Vladimir Dryukov, director of the Solar JSOC Cyber ​ ​ Attack Center at RTK-Solar.

For several years now, Solar JSOC has been conducting information security monitoring of our infrastructure and assisting in the investigation and elimination of the consequences of incidents. Connecting the industrial segment to the provider's service was an important step for us, and we are confident that this will significantly increase the safety of our production processes and protect against unauthorized influence from the outside, "commented Pavel Zapanov, IT Director of Sodruzhestvo Group of Companies.