Infosecurity and PJSC STLC Transformed the Cyber Security Events Collection & Analysis System into a Full Scale SOС-as-a-Service

In July 2017, PJSC STLC jointly with Infosecurity launched the commercial operation of MaxPatrol SIEM platform as the cyber security event management system with the ability to detect and respond to incidents in real time.

The opportunities of several one-class products were analyzed in detail at the solution selection stage. The Customer considered both Russian and Western solutions, as the goal was to get a comprehensive solution additionally to the security systems that are already used in PJSC STLC.

Based on the analysis of all potential threats, risks and costs, the solution of JSC Positive Technologies was recognized as the best option for implementation. The modular architecture allowed to create the system configuration with the highest standards and clearly defined functionality, which in turn has resulted in substantial cost savings for the Company when implementing the solution. Another benefit for this solution was the existence of an appropriate certificate of compliance by the Russian Federal Security Service (FSB Russia) and the inclusion in the Register of Domestic Software, which is particularly important in light of the existing requirements for the import substitution of the products used.

Yet in the world today the information security is not an isolated implemented project. The technologies of attackers are also not static. Therefore, our strategic goal is the continued development and optimization of cyber security solutions and processes.

The involvement of the requirements 187-FZ and standards by the State system for identification, prevention and elimination of consequences of cyber attacks on information resources (GosSOPKA), as well as the rapidly growing branch network, has become a driver for the solution development and a specific signal indicating that in order to detect cyberattacks in the early stages and to handle incidents rapidly in a large number of information systems, just a SIEM solution, even optimally-adjusted, is not sufficient anymore.  

There is a need to develop the analytics, methodology and processes for incident management, monitoring and response to cyber security incidents 24/7.

In addition, in 2018-2019, collaboration with the JSC Positive Technologies staff allowed to extend methods of automated analytics from physical security systems and perimeter security systems. While implementing these improvements, there came an understanding of the need to modernize the data simple processing and correlation. The continuous efforts on the system analysis were made for a better interpretation. 

Thus, all these circumstances resulted in the provider selection providing security monitoring and incidents response services – Security Operation Center. Not just on-premise or cloud SOC, but the hybrid, i.e. using existing one in PJSC STLC by JSC Positive Technologies as the event source.

In the selection process, the Company considered several SOC solutions and providers. Based on the results of testing, piloting and comparison, ISOC by Infosecurity was selected due to several obvious benefits:

Optimal price-quality ratio (own developments + automation);

Individual approach to the customer requirements;

Hybrid implementation based on PT SIEM (a key point for us when choosing a provider, which made it possible to significantly reduce the cost due to the existing SIEM);

SLA of high-level (response time 24/7/365);

Status of the official Corporate center of GosSOPKA;

International certification of Infosecurity CERT by Carnegie Mellon University.

Example of ISOC technological interaction:

"PJSC STLC is a high-tech company which approaches the information security strategy seriously, placing high demands on both performers and security tools. ISOC has successfully passed comparative tests and proved to be the best among other competitors," Sergey Bessarabov, Deputy CEO for Government Relations, PJSC STLC, says, "Thus, using SOC service by Infosecurity via automation and deep analytics enable us to create a full-fledged system for swift detection and effective investigation of cyber security incidents of any complexity. So we are not just moving with the times, but we're getting ahead."

"We are pleased that PJSC STLC, a high-tech company with innovative solutions, has chosen us the main partner in providing security monitoring and incident response services. The experience and expertise of our specialists made it possible to implement all the project requirements successfully and on time," Kirill Solodovnikov, General Director of Infosecurity, comments on launching the solution.

"As a result, we've got an effective center for security monitoring and incident response, which is easily adapted to any company requests. Besides, SOC-as-a-service enables to bring prompt changes into the system functioning, and that's no less important for us than our confidence about the corporate infrastructure reliable security. Now the service has been launched for commercial operation and shows worthy results." Sergey Rysin, Head of Information Security Department of PJSC STLC, comments.

 

About the company:

State Transport Leasing Company (PJSC STLC) is the largest leasing company in Russia. STLC's general goals are: implementation of state support of the transport sector, creation of an effective infrastructure, attraction of extrabudgetary investments, development of domestic transport engineering, along with digital transformation and the Company's operational efficiency increase. The sole shareholder of the company is the Russian Federation represented by the Ministry of Transport of the Russian Federation.

https://gtlk.ru/ 

14
July 2020

Поделиться: