MaxPatrol SIEM and MaxPatrol 8 helped protect Universiade 2019 from cyber attacks

2019

On March 25, 2019, Positive Technologies announced that in accordance with the agreement with VOLS-VL Management JSC, IDGC of Siberia PJSC created a system for collecting, correlating and managing information security events based on MaxPatrol SIEM.

According to the company, within the framework of preparatory measures to ensure monitoring of the protection of information and telecommunication infrastructure (ITKI) of key power supply facilities of the 2019 Winter Universiade, specialists of IDGC of Siberia PJSC and VOLS-VL Management JSC integrated the SIEM system, connected additional sources of events from almost all ITKI technical means, which subsequently made it possible to use the SIEM system as one of the main tools for monitoring security. The use of the MaxPatrol 8 scanner for analyzing ITKI vulnerabilities was carried out virtually on a daily basis, which made it possible to control the security status of ITKI nodes.

MaxPatrol Data SIEM came from detection systems, attacks ITKI controls, security tools, sandboxes, antiviruses tools, cryptographic protection information controllers domains and network equipment. This allowed, before the start of the main event, to discover the information security vulnerabilities of the ITKI, assume the likely vectors of attacks computer and work to prevent them.

During the Universiade, a 24-hour information security monitoring center was organized at the office of IDGC of Siberia PJSC in Krasnoyarsk with the involvement of the cybersecurity department of IDGC of Siberia PJSC, a group of information security experts from the Novosibirsk branch of FSUE NTC Atlas and JSC VOLS-VL Management.

The monitoring center throughout the event, around the clock, recorded abnormal activity aimed at implementing denial of service attacks. During the monitoring process, numerous attacks on sites accessible from the Internet were discovered using external penetration tools (attacks on public web resources, attempts to exploit vulnerabilities), using scanners (network scanning and application scanning), using social engineering (phishing emails). In addition, an analysis of malicious attachments from phishing emails showed that some of the emails were allegedly sent by groups of attackers specializing in energy companies.

In total, with the help of MaxPatrol SIEM and MaxPatrol 8, about ten thousand information security events were recorded during the universiade. All events were processed by the monitoring center staff. There were no information security incidents that resulted in violations in the operation of the power supply facilities of the event.

The specialists of the monitoring center note that working at the Universiade has become a good opportunity to test the means of protection and monitoring, as well as to detect weaknesses in the protection of infrastructure facilities.

As our experience shows, large-scale events of the All-Russian and international level require serious preparation from the point of view of information security. And this is not just about working during such events. From early infrastructure audits, application testing, and correction to continuous perimeter security monitoring, threat detection, and application technology and protection, you need to have a full lifecycle. It is necessary to constantly monitor information security before, during and after the event, aimed at prompt and timely detection of incidents, response to them and their detailed investigation. Previously, our products and experts have already worked as part of the monitoring centers of the 2018 World Cup, the Olympics in, Sochi the Universiade Kazan in and helped to avoid information security incidents at these events. Maxim Filippov, Director of Positive Technologies for Business Development in Russia