Ingosstrakh and Angara group create the center of information security monitoring

2020: End of the main stage of creation of the center of information security monitoring

The Angara group reported on February 28, 2020 that together with SPAO "Ingosstrakh" completed the main stage of works on creation of a core of the center of monitoring and response to incidents of information security (Security Operations Center, SOC). For the period of its construction SPAO "Ingosstrakh" uses MSSP services in operational monitoring and incident management of the Center of cyberstability of Angara Cyber Resilience Center (SOC ACRC). Own development of Angara Professional Assistance — a monitoring system of events of information security of "ATsRTs of Platforms" became a core of SOC.

Protection of data assets — one of key tasks of SPAO "Ingosstrakh". SOC will facilitate accomplishment of the vista strategic plan on management of threats of the information security (IS), including collecting, identification, prioritizing by consideration of cybersecurity threats, interaction of divisions of the organization at response to incidents of cybersecurity and reporting for the management, commented the head of department of monitoring and reaction of SPAO "Ingosstrakh" Andrey Polomoshnov

Ingosstrakh imposes high requirements to system availability of monitoring, the continuity of collecting of events, observance of temporary restrictions of identification and reaction. For meeting requirements and providing financial guarantees of their observance, experts of Angara Professional Assistance company together with employees Ingosstrakh handle an issue of fault tolerance of a cluster architecture for the ATsRTs of Platforms platform and the system of penalties at non-performance of SLA. The developed architecture will allow to process the predicted flow more than 30,000 EPS with a possibility of seamless increase. For February, 2020 the event stream which storage requires about 25 Tb a month is processed, commented the CEO of Angara Professional Assistance Oksana Vasilyeva

For the purpose of decrease in total cost of ownership without decrease in functionality data were separated into operational and archive, the high-speed data access is provided. Also the Angara group makes completion of "ATsRTs of Platforms" on requests of SPAO "Ingosstrakh". As a result of productive interaction of two companies other type of rules of correlation allowing to reveal chains of events and considerably reducing the number of false positive operations is implemented in operation.

Relying on ours own experience, we helped to train a team of operators of SOC. Experts of Angara Professional Assistance developed the plan of professional growth for the staff of SPAO "Ingosstrakh" that they could reveal and neutralize independently threats of cybersecurity in mode 24х7х365 and also manage effectively means of the center of monitoring, reported Oksana Vasilyeva

We are faced still by a number of tasks: — connection of additional non-standard types of sources of events, improvement of model of a core of the center of monitoring, creation of processes of threat hunting, connection to the state centers of monitoring and automation of data exchange with them, ensuring regular checks of analysts of SOC with involvement of experts of Red Team, further scaling of a scope of monitoring with gradual decrease in participation of Angara group in the course of identification and response to incidents. But it is already possible to tell that in a year huge work and its results completely is done conform to the imposed requirements. We can note the high level of professionalism of all SOC ACRC command, their harmonious work and flexibility during the work with non-standard tasks, added Andrey Polomoshnov