The project of defense of perimeter of technology network for EVRAZ

The company announced the Ural Center of Security systems in June, 2017 project completion on creation of a system of defense of perimeter of technology networks at the enterprises of EVRAZ - Nizhniy Tagil Iron and Steel Works (EVRAZ of NTMK) and West-Siberian Metallurgical Plant (EVRAZ of ZSMK), executed in cooperation with Evraztekhnika company.

As premises to project implementation results of independent penetration test which showed that technology and corporate networks are rather densely bound and insufficiently protected from external destructive influences served.

Development and implementation of the unified architecture of the security tool of perimeter of technology networks and networks of the shop level providing a safe, reliable and controlled method of separation of the corporate network and technology networks which is effectively neutralizing potential threats of information security became a main objective of work.

Achievement of the goal was performed for the realization account of the mediated personnel access to subjects to protection, application of means of network security and the strengthened authentication.

First of all the security tool was implemented in workshops with increased requirements to security, namely where there is a work with liquid metal and where violation of technology process can lead to serious effects.

"When choosing the company integrator for implementation of this project we first of all aimed to find the contractor having real ̆ experience of implementation of protection of an APCS, - Nuykin Andrey, the head of department of security of information systems, the block of the vice president for IT, EVRAZ comments. - The company was selected from the tender course where were considered experience of similar projects, quality of the proposed solution and it is a lot of other parameters. As a result we selected UTsSB company which specialists helped to separate as much as possible corporate and technology networks, to provide safe ̆, the access and interaction between systems controlled ̆. Work was carried out big and to a short time".

Upon completion of the project took place repeated ̆ penetration test which ̆ showed correctness of the selected approach and its implementation. Auditors could not get into technology network.