The Urals FD bank creates an event management system of information security

On November 19, 2013 the Jet Infosystems integrator announced creation of a system of collecting and event management of the information security (IS) on the ArcSight HP platform in Urals FD bank.

Project Tasks

The business development strategy of bank considers presence of the IB due level and its compliance to modern standards of security. Therefore creation of a technology platform for automation and centralization of collecting, storage and the analysis of events of cybersecurity – the planned actions aimed at increase in real information security of bank.

Project Progress

The partner in the project - the Jet Infosystems company having experience of successful implementation of several tens projects in the field of incident management of cybersecurity. Experts of the company inspected IT infrastructure of bank, described the existing sources of events on degree of their criticality in terms of cybersecurity.

HP ArcSight configured log shipping of audit from telecommunication equipment for identification of incidents of cybersecurity as connection of not authorized devices to network of bank.

Collecting of events from the systems of protection is organized: firewalls and server of control of secure access Cisco Secure Access Control Server. It helped to configure a number of filters, critical in terms of cybersecurity, on identification of violations of policy of interaction with external networks. Also collecting of logs from the level of server operating systems for detecting of unauthorized activity of privileged users was configured. Control of emergence of incidents of cybersecurity on the filters created in a system is exercised thanks to the configured settings of sending the corresponding messages for the administrator's e-mail.

In the created system experts Jet Infosystems configured more than ten filters controlling vectors of the attacks, the most relevant for bank. Among them: detection of botnet-networks, unauthorized attempts of an input in server operating systems and applications launch, changes of configurations of network devices, etc.

"The events processed by a system are presented in the form of five reports and five graphic panels with the different level of visualization. It allowed cybersecurity specialists of bank to reduce many times time spent for carrying out the corresponding analytics. In particular, now formation of analytical reports takes several minutes whereas earlier manual collecting and the analysis of logs from each source required to 5–7 days", – Elman Beybutov, the head of protection of databases and SOC of Jet Infosystems company noted.

Alexander Roppert, the head of department of information security of Urals FD bank, emphasized: ""The Urals" more than 20 years successfully work as FD at the market of Perm Krai. The secret of demand of our services not only that the Bank aims to propose to clients really profitable and convenient finance solutions, but also in what provides the maximum reliability of all financial transactions, creates conditions for stable business. System implementation of collecting and event management of cybersecurity on the ArcSight HP platform, certainly, became one more important stage in work on increasing the level of security of services of Urals FD bank and consequently, and the important instrument of increase in loyalty of our clients".

Project Results

A system is on support of Jet Infosystems company which renders services in format 24х7.

For November 19, 2013 60 sources of the events of cybersecurity functioning in central office of bank are connected to a system. System architecture also provides a possibility of its further scaling on all infrastructure of bank, including a branch network.