Do you need help?

HELP

27 years of innovation in information technology

The Ministry of Industry and Trade of the CR

The Ministry of Industry and Trade of the CR

  • Helping to fulfil the requirements of the Act on Cyber Security.
  • Recording and visualisation significant breaches of safe operation in ICT.
  • We can handle up to 60,000 events per minute from source systems. We can also evaluate up to 25,000 flows per minute.
  • Significantly facilitating the work of the security administrators when investigating incidents.
  • The solution includes previews of the situation that are comprehensible both to the administrator and to the manager.
Ministerstvo průmyslu a obchodu ČR má bezpečnostní monitoring od IXPERTA

The MIT deployed a comprehensive security monitoring tool, which enables monitoring and evaluating any resultant incidents in accordance with its security policy.

DESCRIPTION OF THE INITIAL SITUATION

The MIT determines the requirements for ensuring the safe operation of the ICT systems for processing information both within the MIT and also in communication with other organisations. Without an effective comprehensive security monitoring tool the MIT was unable to effectively control and enforce the security policy.

THE RESULTS OF OUR WORK

  • A control instrument for the information and communication systems.
  • Processing the logs from all the major IOs.
  • Analysis of the transmitted data streams in the application layer, the detection and evaluation of application protocols, the identification of any anomalies.
  • Correlated events are supplemented with data from the system of identities.
  • Manufacturer’s intelligence is used for identifying recent global threats (e.g. identified sources of malware, SPAM, DoS, botnets on the Internet), which is provided on the basis of reputation services.
  • Strong correlation tools that combine thousands of atomic logs and flows into several correlated events that are significant in terms of operation and safety factors.
  • Correlated events can be viewed either from a higher level of abstraction or they can be analysed to the level of atomic logs and flows.
  • Based on the needs of the MIT the prepared views of the operational and security situation were additionally adjusted using the available dashboards.
  • In compliance with the security policy the reports prepared regarding the operational and security situation are specifically tailored to the needs of the MIT.
  • The delivery of the solutions also included an extended five-year support.

HOW WE PROCEEDED

In the first step, a thorough analysis was implemented including a baseline assessment of the status of the ISMS and of the applied process-technical measures. Analysis suggested the best manner for the deployment of solutions in regard to the number of different types of event sources to be incorporated. The analysis was followed by the project documentation of the actual deployment. This, in turn, gave rise to a detailed testing scenario. The actual deployment was implemented in accordance with the project documentation. Even during the implementation of the solution the first security events were visualised, which were subsequently tested using this solution.

WHAT THE CUSTOMER ESPECIALLY APPRECIATED

  • The facilitation of the administrator’s work: the tool ensured visibility of the operated ICT blocks, it identified, connected and named the detected events and also served as a tool for managing the response to and the investigation of potential security incidents.
  • Preventing and resolving security incidents: the tool enabled the monitoring and enforcement of the security policy. Any breach of the policy is recorded, together with any available evidence regarding who, when, where, how, with what and against what the event caused. The tool has helped to increase safety awareness; its users and suppliers have discovered that their policy violations are being monitored.
  • Intuitive operation and clear outputs: the outputs are comprehensible both to the administrator and to the management – the tool includes a graphic web interface with a comprehensive dashboard showing articulated views of the monitored ICT areas in accordance with the type of the event sources and their administrators. In regard to the reporting the supplied system documents ensuring the required level of operation and safety.

CONTACT US TOO