Genbank (PT Network Attack Discovery (PT NAD))

2022: PT Network Attack Discovery to protect Genbank

JSC Genbank"" has chosen a behavioral traffic system to protect the network perimeter and control internal traffic Positive Technologies -. PT Network Attack Discovery (PT NAD) This was announced by Positive Technologies on December 12, 2022.

An important criterion when choosing PT NAD among other NTA (network traffic analysis) class products for the information security service of Genbank was functionality, namely behavioral and statistical traffic analysis, the use of machine learning technologies and the automated experience of the Positive Technologies Security Expert Center (PT ESC) to counter attacks.

"As a tool for an information security specialist, PT NAD destroys the IT service's monopoly on the all-seeing eye. Each week, the system handles about 150 million sessions with about 400,000 nodes, detecting at least 3,000 attempts to penetrate the bank's infrastructure, including mass attacks. Almost a third of the detected attacks are high-risk attacks, "says Igor Seregin, head of the information protection department of GENBANK JSC.

PT NAD allows you to quickly identify and investigate complex targeted attacks on enterprises and provides tools for proactive detection of malicious actions on the network (threat hunting), making the network infrastructure transparent to the SOC (security operations center) analyst.

Thanks to PT NAD, the bank's specialists have identified the use of dictionary passwords. After that, password policies were adjusted and educational communication with the company's divisions on this issue was established. The transfer of credentials in clear text between infrastructure components was found. Currently, communication has been switched to secure protocols. Also, a number of hosts were recorded accessing APT group command servers. As part of countering cybercriminals, the bank's specialists have updated the signatures of firewalls and security tools. New unaccounted nodes within the network (about 30) were also protected by host means.

"In the" Ribbon of Activities "during the work of PT NAD, 5700 potential threats were recorded, including 90 high-risk threats. At the same time, the results of monitoring the Genbank network did not reveal successful penetrations into the organization's network. This proves the responsible approach of Genbank to ensuring its own information security, when the management, instead of waiting for a collision with a real threat, warns possible attacks on the company's network, "says Dmitry Larin, head of the information security department of GENBANK JSC.