"Intellectual security" automated information security of Russian Post

2020: Implementation of an automated system of response to cyber security incidents

The Intellectual Security company, the resident Klastera of information technologies of Skolkovo Foundation, completed implementation in Russian Post of an automated system of response to incidents of cyber security of Security Vision IRP/SOAR. The Skolkovo Foundation reported about it on November 11, 2020.

The Russian Post announced tender among the Russian and foreign IRP systems in 2019. The Security Vision Incident Response Platform system (IRP/SOAR) became the winner. It allowed to implement the managed process of response to cyberincidents which conforms to requirements of standards of security and the best practices in information security field (cybersecurity).

Using Security Vision IRP/SOAR 11 integration with external systems are implemented, activity of staff of Information Security Service within 10 scenarios of response to cyberincidents and 6 management processes of cybersecurity is automated.

For accumulation of operational efficiency the Russian Post concentrates on implementation of innovations, digitalization of the current product portfolio and improvement production and business processes. It is obvious that this activity "goes hand in hand" with ensuring reliable protection of information resources of our enterprise and its clients. Considering scales of Russian Post, this task can be solved only using an efficient product of ensuring cyber security – such as Security Vision IRP/SOAR. A system was implemented quite recently and shows good results.

Implementation of Security Vision IRP/SOAR provided:

• consolidation in uniform structure of all events of information security, with control of processing and elimination of the revealed incidents;
• existence of a uniform workplace on processing of incidents of cybersecurity;
• process automation of response to cybersecurity incidents: collecting of optional data on an incident, enrichment of initial data of incidents, automation of standard scenarios of reaction;
• reduction of time of reaction due to automation of set of in advance developed procedures and scenarios of reaction;
• the automated accounting and data visualization, the concerning key metrics of process of work with cybersecurity incidents;
• reduction of force of influence of incidents of cybersecurity by IT assets of Russian Post due to reduction of time of identification, localization and response to incidents;
• the automated maintaining the register of the revealed vulnerabilities and formation of statistics and reporting under it and also control of terms of elimination of vulnerabilities;
• collection of data on automatic checks of compliance of infrastructure of Russian Post to internal regulations of cybersecurity, formation of analytics and statistics on running state of requirements of compliance;
• reduction of risk of a human factor (human errors, involved with incidents of information security).

Security Vision IRP/SOAR repeatedly proved the efficiency in ensuring cyber security of large geographically distributed structures. It is convinced that for Russian Post it will also become the reliable and efficient instrument of data protection.

For November, 2020 the Intellectual Security company performs technical support of a system. In plans – scaling and replication in branches of Russian Post.