IBM Security QRadar SIEM Customization for a European Bank

IBM Security QRadar SIEM Customization for a European Bank

Industry
Financial Services
Technologies
QRadar

Customer

A European bank recognized among the top 10 local providers of financial services, with assets totaling around $800 mln. The bank runs an extensive ATM network of 500+ machines around the country and provides online and mobile banking services.

Challenge

The major challenge that urged the Customer to collaborate with ScienceSoft was to avert money theft. Compliance with the global PCI security standards and the confidence that no client is exposed to private and financial data breach were the other drives for the Customer to initiate a large-scale project on comprehensive cyber-security protection of the bank’s infrastructure. The Customer divided the scope of work into several stages. The first stage was decided to be the bank ATM protection project on ensuring a well-timed detection of unsolicited access to the bank’s ATM network. The project concentrated on developing custom correlation rules for the bank’s IBM® Security QRadar® SIEM deployment.

Solution

Phase 1 of the project centered on defining threat vectors and outlining a set of rules to protect the Customer’s ATM network from such threats as card skimming, cash and card trapping, and TRF (Transaction Reversal Fraud). ScienceSoft’s senior SIEM consultant developed several threat scenarios and corresponding rules to identify these threats based on the following data:

  • Analysis of the threats reported earlier
  • ATM network analysis
  • Analysis of the data from external audits
  • Internal security policy

The Customer chose to implement 5 rules that would cover not only the actual reported threats, but also potential ones to maximize the benefit of the bank ATM protection project.

Within phase 2, ScienceSoft’s senior SIEM consultant implemented 3 sets of rules:

  • Rules for detecting unsolicited user access to the ATM network that meet certain conditions and time criteria
  • Rules designed for APT protection, namely covering attempts to send e-mail attachments with malware
  • Rules for detecting specific issues with ATM functionality

Results

The collaboration on bank ATM protection project between ScienceSoft and the Customer resulted in providing the Customer’s SIEM system with the ability to detect unsolicited access to the extensive ATM network effectively and in a timely manner. Rule implementation targeted at APT protection added another layer to the overall security of the ATM network and ensured the bank’s PCI DSS compliance.

Technologies and Tools

IBM® Security QRadar® SIEM v. 7.2.8, Python, SQL, AQL, Regex, Linux Shell, Windows Batch.

Need help with a similar project?

Drop us a line, and our rep will contact you within 30 minutes to arrange an initial discussion.

MORE CASE STUDIES