IBM Security QRadar SIEM Implementation for a European Bank
A branch of the international holding Home Credit B.V., Home Credit Bank (HCB) has a regional network of 44 offices and more than 3100 sales outlets across the country.
Home Credit B.V. is a consumer finance provider with operations in 10 countries of Central and Eastern Europe, the CIS and now expanding its presence to Asia. So far 41,100 of the company’s employees have served 33.8 mln clients through a wide service network which includes 1113,460 sales outlets, credit offices and local post offices. As of 31 March 2013, the total assets of HCBV amount to $13.3 bn.
The cooperation between Home Credit Bank and ScienceSoft started with a small pilot project in 2013 and has evolved into a fruitful partnership.
To successfully meet the current challenges in the banking industry, such as fraudulent activities (both internal fraud and cyber-crime) and regulatory compliance Home Credit Bank decided to implement a top-notch security information system IBM Security QRadar SIEM (hereinafter QRadar) and chose ScienceSoft to perform a high-level tuning of the anticipated solution.
The specific banking needs ask for monitoring and analyzing over 1,000 security events happening every second throughout different banking applications. Since QRadar’s standard functionality allows for collecting events only from systems supported by the out-of-the box log source extensions (LSX), ScienceSoft team created 10 custom LSX modules to integrate the specific Home Credit Bank’s applications. This ensured a continuous collection of log data and a centralized log management across all the bank’s locations, channels and applications.
ScienceSoft specialist developed a set of 60 correlation and offense rules to ensure an automatic and real-time intelligent analysis of the collected security events and a timely detection of suspicious activities. In case a rule is breached, the response system automatically informs the bank’s security officer by sending an email notification and has a new issue registered in the incident management system. In addition to that, thanks to the adjusted event correlation, the solution separates true threats from false alarms.
The tuned SIEM solution is fully compliant with the regulatory requirements and standards such as PCI DSS, the requirements of the local National Bank and the internal HCBV standards.
The active stage of the project lasted for 3 months. With the help of the solution, the bank can now increase security for its clients by investigating incidents in the shortest time possible.
The internal audit of Home Credit Group has acknowledged the efficiency that the bank has achieved while using the information security monitoring system implemented by ScienceSoft.
ScienceSoft team went on to QRadar support and enriched it with new security threat scenarios.
Technologies and Tools
IBM Security QRadar SIEM 7.2.4; Python, Regex, Linux Shell