Ministry of Industry and Trade

The MIT stipulates requirements to ensure the secure operation of ICT systems for information processing both within the MIT and in communication with other organizations.

Complete security monitoring tool

The MIT deployed a complete security monitoring tool that enabled it to monitor and evaluate emerging security situations in accordance with its security policy.

  • We help meet the requirements of the Cybersecurity Act.
  • We record and visualize significant ICT security breaches.
  • We can process up to 60,000 events per minute from source systems.
  • We can evaluate up to 25,000 attacks per minute.
  • We make the job of the security administrator significantly easier when investigating incidents.
  • The solution contains insights into the situation that both the administrator and the manager understand.

Solution

Client’s requirements

The MIT stipulates requirements to ensure the secure operation of ICT systems for information processing both within the MIT and in communication with other organizations. Without an effective comprehensive security monitoring tool, the MIT was unable to monitor and enforce the security policy effectively.

How we proceeded

In the first step, a thorough analysis of the baseline situation was carried out, including an evaluation of the ISMS status and the applied process-technical measures. The analysis suggested the most appropriate way of deploying the solution, also taking into account the number of different types of event sources to be included. The analysis was followed by project documentation for actual deployment. The analysis produced detailed test scenarios. Deployment was carried out according to the project documentation. Even during implementation of the solution, the first security events were visualized and tested using this solution.

How it turned out

  • A tool for controlling the operation of information and communication systems.
  • Processing of logs from all important information systems.
  • Analysis of transmitted data flows at the application layer, recognition and evaluation of application protocols, identification of any anomalies.
  • Correlated events are enriched with data from the identity system.
  • Vendor intelligence is used to detect the latest global threats (e.g. detected malware sources, SPAM, DoS, botnets on the Internet), which is provided on the basis of reputation services.
  • Strong correlation tools that combine thousands of atomic logs and streams into a few correlated operationally and security relevant events.
  • Correlated events can be viewed both from a high level of abstraction and can be analyzed down to the level of atomic logs and flows.
  • Prepared views of the operational and security situation, available via dashboards, were further tailored to the needs of the MIT.
  • Prepared reports on operational and security situations are in line with the tailored security policy according to the needs of the MIT.
  • The solution included extended vendor support for five years.

What the client appreciated the most

  • Facilitating the administrator’s work: the tool provided visibility over the ICT blocks in operation, identified, linked and named the detected events and served as a response tool in the management and investigation of potential security incidents.
  • Preventing and resolving security incidents: the tool enabled control and enforcement of the security policy. Violations of the security policy are recorded with evidentiary information on who, when, where, how and what caused the event, and against what. The tool has helped raise security awareness, and users and suppliers have found that their policy violations are monitored.
  • Intuitive operation and clear outputs: both the administrator and management understand the outputs – the tool includes a graphical web interface with a summary dashboard, with views divided into monitored ICT areas according to the type of event sources and their administrators. In reporting, the delivered system provides evidence of the required level of operation and security.

Contacts

We don’t play games – we only do what we understand perfectly

Write to us

We process the information sent via the contact form in our legitimate interest, see information about data protection.

References

Trusted by companies around the world