My account

JSC Raiffeisen Bank Aval

JSC Raiffeisen Bank Aval
JSC Raiffeisen Bank Aval was registered on 27 March 1992 (under the brand name of Joint Stock Postal Pension Bank Aval until 25 September 2006). Since October 2005, the bank has been part of Raiffeisen International Bank Holding AG Group, Austria (since October 2010 — Raiffeisen Bank International AG). As of 31 March 2016, the RBI Group held 68.28% of Raiffeisen Bank Aval’s equity, and the European Bank for Reconstruction and Development owned 30% of the bank’s equity. Raiffeisen Bank Aval provides a wide range of standard and innovative banking services to more than 2.6 million customers through its nationwide network, which is comprised of 577 outlets located in big cities, provincial and community centers throughout Ukraine. Raiffeisen Bank Group is the largest banking group in Austria in terms of assets. Raiffeisen owns subsidiary banks in 16 countries of Eastern Europe.

PROBLEM

Security Information and Event Management System (SIEM) of Raiffeisen Bank Aval – is one of the first and one of the most complex projects in the financial sector of Ukraine. By now, Raiffeisen Bank Aval has extensive experience in the use of ArcSight technologies. The system solves the tasks of information security teams, information technologies, network management, and risk management. Many talented professionals who are currently developing SIEM projects in other companies have started at ArcSight administration team in Raiffeisen Bank Aval. One of the most developed infrastructures, a huge stream and a variety of data to be processed, a large number of event sources, and a lot of self-developed parsers, active lists with millions of lines, hundreds of correlation rules, tested resilience and recovery processes – these are the features of SIEM project in Raiffeisen Bank Aval. Requirements and requests of the serviced divisions grow, importance of the SIEM system increases, errors or failures become unacceptable, and the number of experts remains the same. Such complex infrastructure needs constant monitoring and maintenance.

PM demonstrates its advantages particularly well in large and complex installations with many components and event sources, or SIEM-projects with a long history of development when the team of SIEM administrators and analysts has rotated and possibly more than once. Establishing full visibility of each component in such SIEM infrastructure is a serious challenge to information security team, and without PM this task is almost Impossible.

Vladimir Garaschenko, Senior TAM, SOC Prime.

Predictive Maintenance

pm-aval

During its PoC, Predictive Maintenance (hereinafter – PM) has proved its efficiency even at the stage of deployment of monitoring agents: the installer has revealed that the service of one of the connectors was not added to autorun. In practice this seemingly small change easily leads to unresolved questions that need to be addressed when a free moment occurs, and this question is why this connector hadn’t turn on after the server was restarted as scheduled. Within 5 minutes after the launch of the PM console, resources of the Manager, the main consumers of memory, active lists and lists of sessions became visible. We found a few excess lists, which consumed a lot of RAM, but were no longer used. Over 20 minutes after the launch of PM, several thousands of parsing errors were found at one of the Flex Connectors, which greatly affected the performance of the connector and the server as a whole. Minor changes in the parser significantly reduced the load on the connector. Using PM for a long period made it possible to analyze the behavior of each connector in the infrastructure, a task for which we often had no time previously. In addition, we were able to prioritize work to improve productivity and quality of the processed data. Total Health of the entire SIEM installation increased from 70% to 90% over 2 weeks of operation, and we spent 10-person-days of resources for troubleshooting and remediation. Without PM, just audit and prioritization ofole 2 weeks.

Efficiency

We can recommend Predictive Maintenance for both single but complex and geo-distributed installations of ArcSight, especially for international and global companies that have a need to ensure the security in each operating country. Also PM is a possibility to obtain a single point of monitoring of your SOC and SIEM operations…

Alexander Tymoshyk, CISO, Raiffeisen Bank Aval.

...