MTS RED SOC

The main articles are:

• Situational centers (definition, main tasks)
• Security Information and Event Management (SIEM)

MTS RED SOC is a center for monitoring and responding to cyber attacks. The center's specialists analyze what is happening in the customer's IT structure and scan for vulnerability to new threats, block malware and eliminate loopholes through which the attacker penetrated.

2024

Xello Deception Implementation

MTS RED entered into an agreement with the company. Xello Thanks to this technological partnership cyber attacks , the MTS RED Monitoring and Response Center SOC will help customers reduce the likelihood of damage even if hackers they penetrate the company's infrastructure. RED MTS announced this on June 26, 2024.

MTS RED will act as an MSSP-provider (Managed Security Service Provider) of the Xello Deception platform, which detects the activity of attackers, providing them with inaccurate information about the IT infrastructure. The solution creates a false layer of various data and information assets over the company's network, which are likely to be involved in cyber attacks.

Thus, if an attacker was able to bypass the company's perimeter security, Xello Deception technologies help guide him on a false trail in finding key infrastructure elements or confidential data of the victim company. This allows you to identify the presence of hackers in the customer's IT infrastructure before they reach the target and damage the company, as well as block the development of the attack in a timely manner.

The service is provided according to the cloud model with the placement of key system components at the customer's site. As part of the service, the Xello Deception platform transmits data on the actions of attackers in a false infrastructure to the MTS RED SOC cyber incident monitoring and response center. This data is processed by professional analysts who notify the customer of the incident and issue recommendations for responding to a cyber attack.

Cyber ​ ​ warfare systems are a highly trusted source of compromise for SOC centers and do not create a large stream of false positives. At the same time, when notified from the system, skills are needed for incident analysis and prompt response. MTS RED specialists have the necessary experience and competencies to provide service in all areas, - said Alexander Shchetinin, CEO of Xello.

In conditions when cybercriminals are improving techniques and methods to bypass classic means of protection and remain unnoticed for a long time in the victim's infrastructure, an additional level of protection in the form of cyber warfare systems becomes an important component in ensuring cybersecurity of critical business assets, "said Ilnaz Gataullin, technical head of MTS RED SOC at MTS RED.

Adding Kaspersky EDR

MTS RED, a member of MTS PJSC, has supplemented the services of the center for monitoring and responding to cyber attacks MTS RED SOC with technology for protecting workstations and servers based on the Kaspersky EDR (Endpoint Detection and Response) solution. MTS RED announced this on April 5, 2024. Read more here.

Availability in Hybrid Format

MTS RED, a member of MTS PJSC, announced on February 29, 2024 that the services of the MTS RED SOC cyber attack monitoring and response center are now available to customers in a hybrid format.

The hybrid format of using the services of the center for monitoring and responding to cyber attacks implies that its technological core - the SIEM system - is implemented directly in the customer's IT infrastructure. At the same time, only the functions of administration, monitoring, content development and the formation of instructions for responding to cyber attacks or the direct use of measures to technically block attacks are transferred to outsourcing.

Within the framework of the hybrid model, MTS RED SOC specialists implement the SIEM system at the customer's site and set up rules for correlation of incoming information security events to identify cyber threats in the early stages. MTS RED SOC specialists connect to the customer's SIEM system via a secure communication channel, and all incident data is stored and processed in the company's loop. At the same time, MTS RED SOC applies many years of expertise accumulated during projects to protect companies in various industries to support and develop rules for correlating information security events, identify cyber attacks, form instructions or implement measures to counter attackers, as well as provide in-depth analytics to further increase the level of customer security.

If the company already uses the SIEM system, MTS RED specialists help to audit its current state and assess the sufficiency of the volume of connected sources of information security events. In addition, MTS RED SOC provides customers with its own set of rules for correlating information security events, taking into account industry specifics and tested when detecting cyber attacks on the largest companies in Russia. After profiling incident detection scenarios, MTS RED SOC experts perform a full scope of work with the SIEM system - from tincture and support to round-the-clock detection and response to cyber attacks.

The demand for a hybrid model for the supply of services to monitoring and responding to cyber attacks is higher than ever. Large companies, especially banks and CII entities, prefer to outsource only those functions that require a large staff of highly qualified experienced specialists, leaving inside the IT infrastructure systems that directly store and process incident data, - said Ilnaz Gataullin, technical head of MTS RED SOC at MTS RED.