The pride of Gazinformservice is its behavioral analytics service

[tanjimajuha20]

SOC "Gazinformservice" presented at the PHDays 2024 forum. Deputy General Director, Technical Director of "Gazinformservice" Nikolay Nashivochnikov noted that the company had been looking at this area of ​​work for a long time. However, according to him, until 2022, skepticism prevailed due to the wary attitude of the potential target audience to any forms of outsourcing, especially in such a sensitive area as information security. But the flurry of cyber attacks, which were superimposed on the consequences of the departure of foreign suppliers from the Russian market, personnel shortages and budget restrictions, according to Nikolay Nashivochnikov, contributed to a turning point in the situation.

The task of creating a ghana whatsapp number database commercial SOC, as Nikolay Nashivochnikov noted, turned out to be more difficult than the company's technical specialists initially assumed. It took a year to solve it instead of the expected 6 months. Ankey SIEM NG became the technological basis of the SOC from Gazinformservice. At the same time, Gazinformservice specialists had to develop more than 500 additional correlation rules and 133 connectors for different devices and systems.

based on machine learning, which works on top of the SIEM system. As Nikolay Nashivochnikov emphasized, already in the trial mode it demonstrated very high speed in identifying suspicious activity, which was far ahead of SIEM analytics built on event correlation. In addition, analytics solved the problem of missing incidents, which was the most serious problem at the initial stage of work.

This toolkit was especially useful in countering the use of legitimate tools for malicious purposes, which is extremely difficult to detect in time using traditional tools. The analytical service also helped identify a targeted attack that was carried out by a professional APT group.

The distinctive feature of SOC "Gazinformservice" is the use of a UEBA class product with ML - Ankey ASAP. The software makes it possible to detect attacks that, for example, SIEM misses.

At present, SOC "Gazinformservis" provides 5 services: audit, asset control, vulnerability management, monitoring and response to information security events in 24/7 mode, incident analysis. According to Nikolay Nashivochnikov, these are the services that are most in demand among potential customers and the most difficult to implement by internal teams.

However, as Nikolay Nashivochnikov emphasized, the company is only at the beginning of its journey. By the end of the year, the list of SOC services provided will be expanded. Incident investigation services (forensics) and active comprehensive assessment of the protection of customers' IT infrastructure ("redteaming") will appear in August, and cyber intelligence (Threat Intelligence, TI) will appear closer to the end of the year, and the company also plans to open a cyber training ground for training specialists in investigating cyber incidents and setting up information security systems.

The company is also ready to provide services not only to ensure the security of traditional IT, but also industrial infrastructure, but here, as Nikolay Nashivochnikov reminded, there are many regulatory and technological restrictions, not all of which are easy to overcome. However, according to his assessment, services for incident investigation or personnel outsourcing on the customer's premises may be in demand. Moreover, Gazinformservice has all the necessary competencies and a full set of licenses from regulators, so Gazinformservice is also fully prepared to provide on-site services to ensure the security of technological networks and automated process control systems.