Customers: Group-IB (Group of information security)
Contractors: Positive Technologies Product: PT Application FirewallProject date: 2016/03 - 2016/05
|
On July 12, 2016 the Positive Technologies company announced software implementation of PT Application Firewall in Group-IB IT infrastructure in the Forensic mode for investigation of incidents.
Project Tasks
For detailed investigations of the attacks on web resources, experts of Group-IB needed the convenient tool of the passive analysis of magazines of the attacked servers. Specialists of the company stopped the choice on the protective screen of level of the PT Application Firewall applications.
Detailed investigation of the incidents connected with attacks on web resources of the organization is the complex and laborious work demanding considerable efforts even from the qualified cybersecurity specialists. PT Application Firewall helps to lower noticeably labor costs of team of experts — at simultaneous preserving (and in certain cases and increase) efficiency. It not only reveals and blocks attacks on web resources in real time, but also performs their retrospective analysis. At the technology level it is possible thanks to the Forensic mode which allows to analyze automatically event logs from potentially compromised Web servers and applications. |
Project Results
PT Application Firewall in the Forensic mode helps Group-IB to load on demand event logs of the attacked Web servers for the automated analysis and to prepare the conclusions about the reasons of incidents. Earlier experts of Group-IB carried out the analysis of such magazines manually, using instruments of own development, but the first tests showed that PT Application Firewall reduces time of investigation of an incident and allows experts to take operational measures for prevention of development of incidents.
Among our clients there are companies with the flow of network traffic measured by hundreds of gigabits. In the past when such clients became subject to the attack, we had to spend a lot of time for data analysis and recovery of chronology of events. And the speed and accuracy are the main components of effective response to incidents. Use of PT Application Firewall when conducting investigations allowed us to stop quickly development of an incident, three times to reduce time of the analysis and to successfully identify attacking. Development of technology partnership of Group-IB and Positive Technologies opens new opportunities in cyber crime counteraction. |