Kazan City Hall defended IT infrastructure with the help of SearchInform SIEM

2024: Implementation of SearchInform SIEM

Kazan Mayor's Office has introduced "SearchInform SIEM" - monitoring and management system information security events. The program accumulates information from various sources, analyzes it, records incidents and notifies the information security service about them. The system was tested in 2022 for part of the infrastructure. And in September 2023, after a successful pilot, SearchInform SIEM was entrusted with the protection of the entire IT infrastructure. The decision will allow the mayor's office to process a large stream of events and identify information security threats. SearchInform (SearchInform) will report this on March 18, 2024.

Kazan City Hall includes several dozen institutions and adheres to the policy of centralizing security management. In this regard, an SIEM system was purchased and the creation of a municipal SOC is planned.

When choosing a system, we focused primarily on the ease of installation and deployment of the product. It was also important for us to have certain connectors and pre-installed correlation rules. SIEM from SearchInform met all the criteria. The collaboration proved effective. We were especially pleased with the operational work of the implementation and technical support department of SearchInform, "said Timur Sapegin, deputy head of the Information Technology and Communications Department of Kazan, head of the information security department.

The main task that the Kazan mayor's office sets for SIEM is to manage information security events in real time. Even during the test, "SearchInform SIEM" helped identify unused accounts with administrative privileges, more than 200 accounts with expired and expired passwords in various municipal systems, as well as modify more than 20 firewall rules, the mayor's office noted.

We have known the solutions of SearchInform for a long time and see a positive trend in expanding the product line, - said Timur Sapegin. - I note the functionality of the SIEM system: the availability of incident management tools for early identification of the prerequisites for negative scenarios, reducing the likelihood of failure of IT infrastructure elements, the ability to send notifications to Telegram.

According to our annual study, in 2022, 39% of government organizations recorded an increase in the number of cyber attacks on corporate networks. Soberly assessing the risks, we see that gradually state institutions are introducing specialized systems. Against this background, the decision of the Kazan mayor's office to implement SIEM is a significant step indicating a responsible approach to protecting the IT infrastructure, "said Alexei Parfentiev, head of the SearchInform analytics department. - Our SIEM system not only performs basic tasks for processing the flow of events and identifying threats, but also helps to eliminate them. If the system detects suspicious events, then according to security policies it will stop the incident, and the information security specialist will receive a notification about it.

Work on the project for the introduction of an information protection system in the Kazan mayor's office continues. The plans are to increase the number of municipal institutions covered by SIEM, as well as to fulfill the tasks of exchanging data with the systems of higher government bodies.