My account

lifecell

lifecell
lifecell is a Ukrainian digital operator that provides true freedom of communication and is a subsidiary of Turkcell, a converged telecommunication and technology services provider, founded and headquartered in Turkey. Affordable, high-quality and high-speed 4.5G mobile Internet provided by lifecell opens up all modern capabilities of digital mobile communications. lifecell is the first mobile operator in Ukraine which started providing fourth-generation communications services, and today the company is the #1 operator for smartphones in Ukraine that provides its service to about 8 million customers.

The digital portfolio of services and products of the company includes multifunctional BiP Messenger, fizi music service, secure cloud storage lifebox, mobile billing service etc. The digital operator carries out a number of projects aimed at developing a “smart city,” improving citizens’ security in cooperation with Ukraine’s Cyber Police Department and launching the IoT (Internet of Things) networks.

Problem definition:

A SIEM system was implemented in lifecell back in 2016 and its employees have sufficient experience of working directly with the system. Managing and writing of all the analytical content is a responsibility of the Information Security department staff. Almost all of the company’s primary systems have been connected to SIEM since 2016. Due to the constant technology development the number of collected events, analytical content, rules, search queries and reports is constantly growing. Consequently, the SIEM system increasingly requires maintenance and time of the cybersecurity personnel, while the level of staffing remains the same. This limits their ability to spend time looking for new errors and issues in the system on the regular basis. At the same time the importance of the SIEM system is constantly increasing since many Information Security processes inside the company are tied to it.

Cooperation between the companies started back in 2016 when SOC Prime provided lifecell with Predictive Maintenance (hereinafter – PM) for testing free of charge. Testing included installation of a virtual server in the infrastructure and connection of all components of the ArcSight system to it, installation and configuring of the SIEM arb package and complete documentation for configuration and operation. This facilitated controlling the security level better and assessing the risks. lifecell used PM throughout 2017.

Solution:

After the launch of PM, several errors were identified on different connectors, as well as parsing errors, and collecting events issues on some SIEM components. This showed that the process of implementing and configuring the SIEM system was not complete. The number of requests to the database and the time of events storage in the base exceeded the SIEM platform limits, which led to the deadlock of queries in the database and overlong execution of reports. Manager resources, main consumers of memory, active lists and lists of sessions became visible within several minutes after the launch of the PM console. Also, the console displayed the amount of resources consumed by queries to the database and rules that overloaded the system the most.

PM helped us to set priorities and to solve the most critical problems,” says Ivan Sokolov, IT Security Expert Information Security Division lifecell, “This allowed us to fix problems within SIEM more efficiently and quickly. Moreover, PM identified system vulnerabilities, which needed troubleshooting after solving the current tasks, before they turned into serious malfunctions. SOC Prime product allowed us to fix a dozen of issues and save time on their search. We also managed to reduce the number of requests for technical support. This became possible because Predictive Maintenance shows what is happening with the system in real-time and provides examples and methods for solving SIEM issues directly in the console. Automatic errors notifications within SIEM allow us to avoid manual scanning of tens of thousands of diagnostic log entries and receiving one notification with automatically set priority and guidance for action. And what is even more important, due to time saving on system managing and increasing its productivity, it became possible to investigate information security incidents on a more qualitative level.

Ivan Sokolov, IT Security Expert Information Security Division lifecell

...