Security monitoring and analysis

Security Monitoring covers all layers of the bank's IT infrastructure - from workstations to cloud services - providing early detection of anomalies, unauthorized access, intrusion attempts and malicious activity.  Systems such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response) allow you to collect events from all components, automatically analyze them and run response scenarios.

Key functions:

• Collection of logs and events from IT systems, network devices, applications, clouds and workstations;
• Correlation of events, detection of deviations, user behavior analysis (UEBA);
• Implementation of attack detection mechanisms (IDS/IPS, threat intel feeds, IOC);
• Support for response scenarios, alerts and incident routing;
• Visualization of events and construction of analytical panels in real time;
• Integration with DLP, IAM, NAC, EDR, antifraud and threat services intelligence;
• Support for NBU requirements, ISO/IEC 27001, NIST, PCI DSS, SWIFT CSP.

Who works with the system within the bank:

• Information security service
• SOC / CSIRT (operational response team)
• IT infrastructure and DevOps
• Internal audit department (in terms of log control)
• Compliance / risk unit (in terms of cyber risks)

System owners:

• Chief Information Security Officer (CISO) - strategic management of cybersecurity
• SOC manager / response manager
• CIO/CTO - technical infrastructure, SLA, integrations