Ministry of Industry and Trade

The MIT sets requirements to ensure the secure operation of ICT systems for information processing both within the MIT and when communicating with other organisations.

Complete security monitoring tool

MIT deployed a complete security monitoring tool that enabled it to monitor and evaluate emerging security situations in accordance with its security policy.

  • We help meet the requirements of the Cybersecurity Act.
  • We record and visualize significant ICT security breaches.
  • Umíme zpracovat až 60 000 událostí za minutu ze zdrojových systémů.
  • We can evaluate up to 25,000 attacks per minute.
  • We make the job of the security administrator significantly easier when investigating incidents.
  • The solution contains insights into the situation that are understood by both the administrator and the manager.

Solution

Client’s requirements

The MIT sets requirements to ensure the secure operation of ICT systems for information processing both within the MIT and when communicating with other organisations. Without an effective complete security monitoring tool, the MIT was unable to monitor and enforce the security policy effectively.

How we proceeded

In the first step, a thorough baseline analysis was carried out, including an evaluation of the ISMS status and the applied process-technical measures. The analysis suggested the most appropriate way of deploying the solution also taking into account the number of different types of event sources to be included. The analysis was followed by project documentation of the real deployment. The analysis resulted in detailed test scenarios. The deployment was carried out according to the project documentation. Already during the implementation of the solution, the first security events were visualized and verified using this solution.

How it turned out

  • A tool for controlling the operation of information and communication systems.
  • Processing of logs from all important information systems.
  • Analysis of transmitted data flows at the application layer, recognition and evaluation of application protocols, identification of any anomalies.
  • Correlated events are enriched with data from the identity system.
  • Manufacturer intelligence is used to detect the latest global threats (e.g. detected sources of malware, SPAM, DoS, botnets on the Internet), which is provided on the basis of reputation services.
  • Strong correlation tools that combine thousands of atomic logs and flows into a few correlated operationally and safety relevant events.
  • Correlated events can be viewed both from a high level of abstraction and can be analyzed down to the level of atomic logs and flows.
  • The prepared views of the operational and security situation, available via dashboards, were further tailored to the needs of the MIT.
  • Prepared reports on operational and security situations are in line with the tailored security policy according to the needs of the MIT.
  • The solution included extended vendor support for five years.

What the client appreciated the most

  • Facilitating the administrator’s work: the tool provided visibility over the ICT blocks in operation, identified, linked and named detected events and served as a response tool in the management and investigation of potential security incidents.
  • Preventing and resolving security incidents: the tool enabled control and enforcement of security policy. Violations of the security policy are recorded with evidence of who, when, where, how, what and against what caused the event. The tool has helped raise security awareness, and users and vendors have found that their policy violations are monitored.
  • Intuitive operation and clear outputs: both the administrator and management understand the outputs – the tool includes a graphical web interface with a summary dashboard, with views divided into monitored ICT areas according to the type of event sources and their administrators. In reporting, the delivered system proves that the required level of operation and safety is ensured.

Contact

We don’t play games – we only do what we understand perfectly

Contact us

Information sent via the contact form is processed in the legitimate interest, see information about privacy policy.

References

Trusted by companies around the world