IBM Security QRadar SIEM Customization for a European Bank
A European bank recognized among the top 10 local providers of financial services, with assets totaling around $800 mln. The bank runs an extensive ATM network of 500+ machines around the country and provides online and mobile banking services.
The major challenge that urged the Customer to collaborate with ScienceSoft was to avert money theft. Compliance with the global PCI security standards and the confidence that no client is exposed to private and financial data breach were the other drives for the Customer to initiate a large-scale project on comprehensive cyber-security protection of the bank’s infrastructure. The Customer divided the scope of work into several stages. The first stage was decided to be the bank ATM protection project on ensuring a well-timed detection of unsolicited access to the bank’s ATM network. The project concentrated on developing custom correlation rules for the bank’s IBM® Security QRadar® SIEM deployment.
Phase 1 of the project centered on defining threat vectors and outlining a set of rules to protect the Customer’s ATM network from such threats as card skimming, cash and card trapping, and TRF (Transaction Reversal Fraud). ScienceSoft’s senior SIEM consultant developed several threat scenarios and corresponding rules to identify these threats based on the following data:
- Analysis of the threats reported earlier
- ATM network analysis
- Analysis of the data from external audits
- Internal security policy
The Customer chose to implement 5 rules that would cover not only the actual reported threats, but also potential ones to maximize the benefit of the bank ATM protection project.
Within phase 2, ScienceSoft’s senior SIEM consultant implemented 3 sets of rules:
- Rules for detecting unsolicited user access to the ATM network that meet certain conditions and time criteria
- Rules designed for APT protection, namely covering attempts to send e-mail attachments with malware
- Rules for detecting specific issues with ATM functionality
The collaboration on bank ATM protection project between ScienceSoft and the Customer resulted in providing the Customer’s SIEM system with the ability to detect unsolicited access to the extensive ATM network effectively and in a timely manner. Rule implementation targeted at APT protection added another layer to the overall security of the ATM network and ensured the bank’s PCI DSS compliance.
Technologies and Tools
IBM® Security QRadar® SIEM v. 7.2.8, Python, SQL, AQL, Regex, Linux Shell, Windows Batch.