UBRD has selected the X-Config solution to ensure the security of software configurations

2023: Implementation of the X-Config software configuration management system

Spacebit has implemented the X-Config software configuration management system at the Ural Bank for Reconstruction and Development (UBRD). The partner in the project was the Ural integrator of the SIB. This was announced on January 23, 2024 by Spacebit.

UBRD is one of 25 large banks of the Russian Federation. In order to comply with regulatory requirements (FSTEC and) Bank of Russia the customer needs to ensure the safety of ON their configurations. To IT infrastructure In addition, like any financial institution, UBRD pays increased attention to the practical, first of information security all, protection of confidential information and the safety of its personal data clients. Attackers are increasingly using incorrect software settings for hacking and - attacks IT informulations, and effective control over the security of resource configurations used in the organization requires significant financial costs and the involvement of highly qualified personnel.

The introduction of the X-Config solution allowed UBRD to build a constant automated security management process for system and application software configurations that are critical for the main, business processes bank primarily Russian operating systems OS and family. Windows

X-Config monitors the compliance of the entire customer's IT infrastructure with mandatory regulatory requirements, as well as the best generally recognized safe configuration practices. The system takes an inventory of monitored resources, checks them according to the configured scenario, automatically prioritizes the elimination of detected inconsistencies and monitors their elimination. Informative reports provide information security specialists with the opportunity to filter the most critical vulnerabilities of configurations and bring them into compliance with the policy in the first place, and the flexible profiling mechanism allows them to form their own corporate policies for secure software configuration.

As a result of the implementation of X-Config, the customer received an effective tool for managing the security of their software configurations, which significantly reduced information security risks, significantly reduced labor costs for information security employees, and also met the requirements of regulators and industry standards for financial institutions.

As part of the development of the project, it is planned to scale the system, expand the list of application software protected by X-Config, as well as ensure security control of network device configurations. In addition, on the basis of the customer's business requirements, special standards for safe configuration are being developed to solve tasks beyond the basic functionality of X-Config. These standards will appear in the next product release and will be loaded into the bank's system during updates.

Faced with the requirements of regular monitoring of the state of configurations for their vulnerabilities, at a certain point we realized the difficulty of implementing this control manually, as the process required increasing resources of IT and information security specialists. After analyzing the market, we opted for the X-Config solution as the most suitable for us in terms of architecture and individual approach of Spacebit to our requirements, - said Alexander Paderin, Vice President for Information Security of PJSC KB UBRR.

The topic of information security in financial institutions is one of the key ones, and customers from this industry are primarily aware of the importance of controlling software configurations, the vulnerabilities of which provide cyber fraudsters with additional opportunities to attack critical infrastructure. Thanks to effective interaction with the customer's team, we managed to implement X-Config in the bank as soon as possible and receive valuable recommendations that have already been taken into account in the upcoming product development plans, "said Vyacheslav Trembitsky, Commercial Director of Spacebit.