International conference on cyber security “Cyber For All”

24.11.2016 SOC Prime, Inc hosted the first international conference on cyber security “Cyber For All” in Kyiv, Ukraine. SOC Prime staff and business partners made presentations and several customers shared their real success stories of their usage of SOC Prime products. Conference was attended mainly by representatives of the telecom and finance business community of Ukraine. Kyiv has not been the only Ukrainian city represented , with Odessa and Dnipro joining the conference.

The conference program is available for download

The conference was opened by our prominent distributor in 17 countries – “Softprom by ERC” company represented by Vladislav Kriukovskii with a brief introductory speech.

Then SOC Prime’s CEO Andrii Bezverkhyi took the stage with report “Global challenges in cyber security. Reactive, proactive and predictive approaches to the process of cyber security.”

A small excursion into the history of information security and the interesting parallels with the problems of security challenges and their solutions in aviation followed – and the audience actively joined the discussion.

International status of the conference was assured by two invited global vendors. The first speaker was Andrii Kuzmenko (Security Portfolio Sales Professional) from IBM Security Division. His presentation “Outthink Threats – Building an Immune system for Cyber Security” raised questions about the need for a comprehensive approach to building information security system with SIEM as its heart. Through the example of QRadar it was shown that SIEM should not only detect and inform about the threats, but also actively respond to them.

Then Igor Voloshin (Regional Sales Manager in SOC Prime team) answered the question “Why SIEM projects don’t meet expectations and how to fix this” with a separate report.

As a result of research, the main problems of successful usage of SIEM are:

• high cost of growing SOC personnel and its lack on the market
• poor availability and actuality of data collected: does all the data come to SIEM? what amount of data comes in time?
• deteriorating quality of the data: unsynchronized time on log sources, changing of log format after updating, etc.
• need for a permanent categorization of new events and the inventorying of new components of the IT infrastructure.

“Predictive Maintenance was created to solve all of the above problems,” – summed Igor, and gave the floor to Maxim Yaschenko, Chief Security Officer in UkrSibbank (International financial group BNP Paribas Group).

Maxim has confirmed the relevance of the problems: lack of experienced security staff on the market and strict safety requirements of security auditors, which cannot be addressed by built-in tools of SIEM system right out-of-the-box. Predictive Maintenance was able to show results within 30 minutes after the initial setup of its pilot installation and have become an integral part of the information security complex of the bank.

Then Andrii Bezverkhyi took the floor again to demonstrate current capabilities of Predictive Maintenance.

Another vendor was represented by Till Jaeger. As a technical presales, he ensured the success of ArcSight in the CIS region, and now he is a Senior Sales Engineer in RiskIQ, Inc. Unfortunately, he was unable to attend personally due to sudden airline strike, but modern technologies made it possible to conduct a full-fledged remote presentation “Know your adversary! – an insight into RiskIQ threat analysis platform“.

Further representative of the telecom sector Dmitry Pavlenko, SIEM analyst in Kyivstar (mobile operator,Telecoms Provider) addressed the audiene with a report “People shall think, and machines shall work, – automation in action. Predictive Maintenance & SSL Framework.”

In addition, Dmitrii shared his experience of successful usage of SSL Framework. This product of SOC Prime allows to automate security audit and monitoring og plenty of SSL certificates.

Next important section of conference was a presentation of the updated “Use Case Library v.1.1” online community. SOC Prime managed to create a unique multi-vendor catalog of Use Cases for SIEM (currently supported: ArcSight, QRadar and Splunk), where customers can obtain guaranteed valid cases and also publish and share their own cases – to the benefit of the whole IT-security industry.

Then Ruslan Mikhalev (SOC Prime) demonstrated innovations and capabilities of UCL

Next our customer, Aleksandr Legkhov from Security Department of Raiffeisen Bank Aval (Raiffeisen International Bank Holding AG Group) has announced a new Use Case to be published to UCL: “Advanced Email Security: automatic attachment scanning”. Audience was eager for details even after he finished his presentation.

Last part of the conference was dedicated to experience sharing related to preparation and execution of big projects in IT security, correct communication with budget holders and common recommendations for interactions with suppliers.

Andrii Bezverkhyi presented a talk titled “Risks of Vulnerability Management Projects – where the return on investment is hidden and how to show it,” and then Denis Trembach (Technical Account Manager, SOC Prime) spoke on “Building of Vulnerability and Patch Management process in practice, their complexity, tricks and control of contractors,” on behalf of our other client – Taras Danko (CISO in agricultural company Kernel) who, unfortunately, was not able to attend this meeting.

Andrii Bezverkhii has finished the conference by “Cyber Security 2.0: the roadmap is ready”, where he shared information of current progress on SOC Prime products improvements and also nearest plans for the future.