RTK-Solar helps Rovi fintech platform repel cyber attacks

2022: Over 2,000 Cyber Incidents Detected with Solar JSOC

Fintech-platform ROWI (included in) financial QIWI Group uses the service to cyber attacks Solar JSOC of the company's counteraction center "" RTK-Solar for from. protection cybercriminals INFORMATION SECURITY Platforms are connected to monitoring IT infrastructure , which made it possible to fix more than 2 thousand in 2022. All cyber incidents of them were reflected and did not affect the performance of the platform in any way. This was announced by the company "-Solar" RTK on March 14, 2023.

According to RTK-Solar experts, over the 2022 year the number of cyber attacks on Russian companies has grown 2 times. The finsector has always been the focus of cybercriminals due to the possibility of direct withdrawal of money from user accounts, as well as a large amount of sensitive personal data. In such conditions, it is extremely important to detect a threat at an early stage so that the hacker does not have time to gain a foothold in the infrastructure and begin to develop his attack.

The platform carries out financial, credit transactions, processes a large number of transactions and should guarantee customers both the safety of data and finance. To protect against cyber threats, the company chose the SOC service model. This option allows you to best control the IT infrastructure and make the most of the external team. It is important to distribute the load and analyze the information received from Solar JSOC in time. This will make it possible to make the right decisions in terms of operational response measures, emphasized the general director of ROWI.tech Evgeny Rodionov.

The monitoring service is provided to the customer according to the cloud model. A collector is installed on its infrastructure to collect events that are processed in the SIEM system located in the RTK-Solar cloud. Key elements of the customer's IT infrastructure are connected to the service - network devices, information protection tools, domain controllers, critical servers and other elements of the basic infrastructure. To ensure the monitoring process, scenarios for detecting incidents of different categories were launched: control of network access, software use, data integrity, NSD detection, network attacks, exploitation of vulnerabilities. And a separate Threat Hunting group combines more than 200 scenarios for identifying signs of infrastructure compromise using techniques that attackers use based on Mitre ATT&CK. Solar JSOC experts provide 24-hour detection, analysis, enrichment and notification of potential incidents. Thus, the customer receives comprehensive information and recommendations on countering a specific threat.

As part of the SOC service model, the provider takes on all tasks of monitoring incidents based on its own rules for detecting and enriching information security incidents, setting up and maintaining SIEM performance. However, without the coordinated work of the Solar JSOC monitoring lines and the customer's information security service, which perform steps to localize and further respond to incidents, the company could not ensure a high level of security and cyber resistance of the company. It is important that ROWI colleagues understand this and engage in a timely manner on all issues and identified incidents. This makes it possible to significantly improve security in the company and the quality of monitoring, concluded Alexey Pavlov, Business Development Director of the Solar JSOC Cyber ​ ​ Attack Counteraction Center of RTK-Solar.