IBM Security QRadar SIEM Implementation for a European Bank
A branch of a consumer finance provider with operations in 10 countries of Europe and now expanding its presence to Asia. So far 41,100 of the company’s employees have served 33.8 mln clients through a wide service network which includes 1113,460 sales outlets, credit offices and local post offices. As of 31 March 2013, the Customer’s total assets amount to $13.3 bn.
The cooperation between the Customer and ScienceSoft started with a small pilot project in 2013 and has evolved into a fruitful partnership.
To successfully meet the current challenges in the banking industry, such as fraudulent activities (both internal fraud and cyber-crime) and regulatory compliance the Customer decided to implement a top-notch security information system IBM Security QRadar SIEM (hereinafter QRadar) and chose ScienceSoft to perform a high-level tuning of the anticipated solution.
The specific banking needs ask for monitoring and analyzing over 1,000 security events happening every second throughout different banking applications. Since QRadar’s standard functionality allows for collecting events only from systems supported by the out-of-the box log source extensions (LSX), ScienceSoft team created 10 custom LSX modules to integrate the Customer’s specific applications. This ensured a continuous collection of log data and a centralized log management across all the bank’s locations, channels and applications.
ScienceSoft specialist developed a set of 60 correlation and offense rules to ensure an automatic and real-time intelligent analysis of the collected security events and a timely detection of suspicious activities. In case a rule is breached, the response system automatically informs the bank’s security officer by sending an email notification and has a new issue registered in the incident management system. In addition to that, thanks to the adjusted event correlation, the solution separates true threats from false alarms.
The tuned SIEM solution is fully compliant with the regulatory requirements and standards such as PCI DSS, the requirements of the local National Bank and the Customer’s internal standards.
The active stage of the project lasted for 3 months. With the help of the solution, the bank can now increase security for its clients by investigating incidents in the shortest time possible.
The internal audit of the Customer has acknowledged the efficiency that the bank has achieved while using the information security monitoring system implemented by ScienceSoft.
ScienceSoft team went on to QRadar support and enriched it with new security threat scenarios.
Technologies and Tools
IBM Security QRadar SIEM 7.2.4; Python, Regex, Linux Shell