The Eurasia drilling company has strengthened its protection against cyber threats with Russian solutions

2024: Strengthening protection against cyber threats by Russian solutions

On March 10, 2024, iTPROTECT announced that Eurasia Drilling Company, one of the largest drilling companies in Russia, has transferred the processes of antivirus protection of 3,500 automated workplaces and servers, intrusion detection and monitoring of information security incidents (IS) in the head office and 7 branches to Russian solutions. The project to implement and configure products from the vendors UserGate and Kaspersky Lab was implemented by a specialized information security integrator iTPROTECT.

source = BKE profile in the social network "VKontakte"

As reported, the company decided to implement Information Security Tools (IPS) to achieve two goals - import substitution foreign, ON the support and extension of which became unavailable, as well as to ensure the protection of the built processes from. cyber threats To do this, BKE chose to transfer antivirus protection to Kaspersky Endpoint Securityдля the Advanced (KES Advanced) business product, intrusion detection (IDS) to virtual VE firewalls UserGate 4000, and information security incident tracking and their relationship () - based on SIEM the platform. Kaspersky Unified Monitoring and Analysis Platform (KUMA)

The Eurasia Drilling Company operates in several regions of Russia, the company's employees are located both in offices and at facilities in hard-to-reach areas where satellite connection and complex network architecture are used. Taking into account the peculiarities of the company's business, it was necessary to carry out all work in compliance with 4 main principles: ensuring the continuity of the company's technical processes, increasing the level of security of the IT infrastructure, maximum stealth of implementation for users, as well as the absence of technological windows when hosts (servers and workplaces) are not protected by anything.

iTPROTECT specialists studied the previously used solutions and their settings, after which they implemented the products and set them up as close as possible to their predecessors. First, the team focused on virus protection, after which it installed and configured the network intrusion detection tool based on UserGate virtual firewalls.

The final step was the implementation of the KUMA SIEM system, for which a collection information of 12 types of sources was connected, including operating systems, network devices, systems virtualizations and information protection tools.

{{quote 'author
= noted Kai Mikhailov, Head of Information Security iTPROTECT'For large companies operating in key sectors of the economy, malware protection and network security are one of the main information security areas. In the absence of support and the possibility of renewing licenses for previously used solutions, the implementation of IDS, SIEM and host protection systems must be carried out in a short time and with minimal changes. Work on the transition to UserGate and Kaspersky Lab solutions was completed on time and by moving the settings "as is," which allowed the Eurasia Drilling Company to continuously continue its activities both during implementation and after, in the same mode as before.}}

In total, as a result of the project, 3500 hosts of the Eurasia Drilling Company received antivirus protection based on the Russian product, including hosts on the industrial network. The protected infrastructure of the company is geographically distributed to the head office in Moscow and 7 branches of the company, in the cities of Kogalym and Perm, as well as remote regions of the Khanty-Mansi and Nenets Autonomous Districts, the Komi Republic, Perm Territory and Volgograd Region. A complex hierarchical model of access and rights was set up for different levels of information security specialists, which do not allow "on the ground" to change centralized security policies, while maintaining the ability to promptly respond to information security incidents and troubleshooting.

Thanks to the implementation of the SIEM system based on KUMA, the BKE information security team was able to track critical information security events in the IT infrastructure and respond faster to potentially dangerous activity. For March 2024, events from most IT and IT systems flock to the system for analysis for suspicious activity. The UserGate solution, in turn, helps Eurasia Drilling Company check a copy of all incoming and outgoing traffic (with a bandwidth of up to 2.1 Gbps) for signs of intrusion and hacker scanning.

The work of our company is connected with one of the key sectors of the economy, strategically important. Therefore, organizations like ours are subjected to a large number of attacks, primarily online and using malware. Thanks to the solution implemented by iTPROTECT specialists based on products from Kaspersky Lab and UserGate, we managed to switch to updated protection systems without downtime and complications. commented Evgeny Nekiplov, Head of the Information Technology and Systems Department of the Eurasia Drilling Company

In the future, the systems are planned to scale, in particular, by connecting additional sources for SIEM and developing firewall functionality.