"We first implemented the DLP system. We chose the solution carefully, tested several systems from major market players, and as a result, settled on the "SearchInform KIB" product. It was important for us not just to "implement the system for show," but to obtain advanced incident investigation tools, to understand their causes," comments Ilya Titov, IT Director of Modulbank. "The "SearchInform KIB" DLP system allows us to protect contact data, information about accounts and statements, client documents, etc., and advanced analytical tools allow us to make informed, reasoned decisions."
The "SearchInform SIEM" system also helps to improve security at the bank, providing collection and analysis of information from various sources. The solution enables real-time monitoring of all events in the IT infrastructure that may pose a threat: identifying vulnerable software and hardware, unauthorized access attempts, suspicious activities, etc.
"The company is growing, and with it, the need to protect the IT infrastructure is also growing. There was a need for a system for monitoring and managing information security events. The choice was made in favor of "SearchInform SIEM." Not only because we had already worked with "SearchInform" and were confident in the vendor. For us, the availability of certain connectors and pre-installed correlation rules "out of the box," as well as convenient incident management tools, was important. Many developers had problems with the latter: systems detect an incident and their work ends there – but for an information security specialist, it is only just beginning, there is an analysis of the causes and consequences, and subsequent prevention. "SearchInform SIEM" solved this problem precisely through built-in tools and was the most suitable for the organization's tasks," adds Ilya Titov.
The company noted that the "SearchInform KIB" and "SearchInform SIEM" systems conveniently interact with each other. The DLP agent is an invaluable data provider in SIEM, because it not only protects communication channels, but also sees everything that happens on the PC at the system level. For example, you can control the copying of large amounts of data to a flash drive, suspicious local file operations, and take into account the duration of processes.
"Companies in the financial sector are always subject to increased scrutiny from regulators, as they handle a large amount of critical customer data. Moreover, this responsibility is only increasing, an updated GOST "Security of Financial Operations" is being developed, a specialized GOST for preventing leaks is being created, and a penalty in the form of a fine from turnover for leakage of personal data will soon be introduced. Due to the high risks and regulatory requirements, organizations in the financial sector are more actively increasing budgets and purchasing protective software than others. We have been working with financial companies for a long time, so we see the current picture. Thus, according to our data, in 2022, the budget increased in 44% of organizations," says Alexey Parfentiev, Head of Analytics at "SearchInform." "Modulbank is no exception, the company showed a responsible attitude to security even before the tightening of legislation. We are glad that the bank chose our solutions, thereby entrusting us with the protection of the company's infrastructure and data."
"SearchInform SIEM" and "SearchInform KIB" are certified by the FSTEC and included in the Unified Register of Russian Programs for Electronic Computers and Databases. The SIEM system is also recommended for use in government bodies and commercial organizations, and is also included in the Bank of Digital Solutions and Practices for replication in the regions.