ArmInfo. Ardshinbank (ASHB) is introducing the MaxPatrol 8 security analysis system from Positive Technologies, a company specializing in software development and information security services. As the press service of the bank told ArmInfo, this will allow Ardshinbank to ensure constant security monitoring of all IT systems, unify the approach to the vulnerability management process and significantly increase the overall level of cyber security of a financial organization.
The solution provider was Metronome Systems, an IT distributor for the Axoft project. Ardshinbank is one of the largest banks in Armenia, and for a financial institution of such level cyber attacks are common. According to Positive Technologies statistics, the credit and financial sector as a whole is in the TOP 3 most interesting ones for cybercriminals, and financial motivation continues to play one of the most significant roles (at least 60% of all incidents in 2018 and about 90% in 2017 were committed for financial benefits). Moreover, in the overwhelming majority of cases, the target of the attack is the infrastructure of the banking organization, therefore attack vectors such as vulnerabilities in the operating system and software continue to play a significant role.
First of all, the bank will deploy a system operating in penetration testing mode (Pentest), system checks (Audit), aimed at the most effective detection of vulnerabilities in the elements of the IT infrastructure of the organization. Further plans of the bank involve the development of the system through the implementation of the Compliance Control Module, which will ensure compliance with global and internal corporate security standards at any time.
Ardshinbank's Chief Information Security Officer Arthur Ratevosyan said: "We strive to be leaders in all areas of banking and understand that any unauthorized access is a real financial risk for a bank. Therefore, we pay special attention and resources to ensuring cyber security. And when choosing security systems, we are guided by such criteria, as ensuring "continuous security", the maximum automation of security processes and, of course, the best balance between price and the functionality of each individual product. "
The Bank applies well-established best practices in organizing a continuous process of ensuring cybersecurity. In particular, it introduced the practice of periodically scanning IT infrastructure and identifying current vulnerabilities, as well as conducting full-fledged penetration tests (), which allow identifying security flaws and assessing the possible consequences of their use by attackers. The need for constant security monitoring with a high level of automation made the decision to use a specialized protection system. Among the key requirements that it had to meet were: the ability to conduct automatic pentests, an internal security audit; agentless deployment scheme.
The optimal solution that meets all the criteria stated by the bank was the MaxPatrol 8 security and compliance control system developed by Positive Technologies. The mechanisms of penetration testing, system checks and compliance control, combined with support for the analysis of various operating systems, database management systems and web applications, allow MaxPatrol 8 to provide continuous technical security audit at all levels of the information system. "Metronome Systems" company, which provides cybersecurity services in the Armenian market, won the tender for the supply of the solution. Axoft, the global service IT distributor, acted as the IT distributor of the project. "The first step towards ensuring the cybersecurity of any company is to evaluate its current security. At the same time, vulnerabilities need to be identified and eliminated on a regular basis, which is why Vulnerability Management process performance and efficiency are so important," comments Pavel Bukhtiyarov, MaxPatrol 8 Development Manager at Positive Technologies. " Over the past ten years, we have gained tremendous experience in building such processes on the basis of MaxPatrol 8 and are confident that our product can solve the problems of customers of any size: from small enterprises to complex territorially distributed networks with tens of thousands of units. The secret to success is simple: we offer an understandable and useful tool that becomes the main assistant in assessing the current level of security, identifying and classifying vulnerabilities in information systems."
Axoft's Business Development Director in Belarus and Armenia Alex Rzheutsky believes: "Thanks to the project, Ardshinbank's specialists will receive the most automated system security control, will be able to conduct pentests and audits on an ongoing basis. The client will be able to assess the state of protection of the bank's IT infrastructure and minimize the human factor, unify the approach to the vulnerability management process and ensure a high level of security."
"As a result of a comprehensive project, the client will receive a system that constantly monitors the security of all IT systems of the bank. The implemented solution will allow Ardshinbank certified according to ISO 27001, to pass checks for compliance with this standard, as well as PCI DSS and GDPR," the Director of Metronome systems Sargis Karapetyan is assured.
To note, Ardshinbank CJSC is a universal financial and credit institution with a full range of banking services. The bank's priority areas include project financing of large corporate clients, primarily in strategic industries of Armenia and its energy sector, as well as lending to small and medium-sized businesses, issuing and servicing international payment cards, electronic banking, and international money transfers. Ardshinbank has a rating of international reputable rating agencies equal to the country rating of Armenia, which is considered a high rating in world practice. The bank's branch network has 63 branches in Yerevan and the regions of Armenia, as well as a representative office in Paris.
REFERENCE: MaxPatrol 8 is today an almost absolute leader in its segment in the Russian market: its share is about 80%. The knowledge base of the product is regularly enriched - expertise updates are released at least twice a week. Now it has downloaded more than 110,000 vulnerabilities and 320 security standards; since 2017, more than 15 security standards have been updated and more than 70 new ones have been implemented. In addition, expert knowledge is maintained to verify compliance with high-level standards, in particular PCI DSS and ISO 27001/27002.
Positive Technologies is one of the leaders in the European market for security analysis and compliance systems, as well as web application protection. Organizations in many countries around the world use Positive Technologies solutions to assess the security level of their networks and applications, to meet the requirements of regulatory organizations and to block attacks in real time. Thanks to many years of research, Positive Technologies experts have earned a reputation as international experts in the protection of SCADA and ERP systems, major banks and telecom operators. "Metronome systems" was founded in 2015. The company is an IT integrator, one of the market leaders offering cybersecurity services, as well as corporate cybersecurity solutions.
Axoft is a global IT service distributor operating in the Russian and EECA markets. Since 2004, the company has been helping IT manufacturers, system integrators, resellers and service providers provide corporate users with IT solutions and services that best solve their business problems. Axoft's portfolio includes SaaS and IaaS solutions, information security systems, infrastructure, office and scientific software, as well as related partner services - training, consulting, marketing, financial and technical support. At the end of fiscal year 2018, the company's turnover grew by 25% and reached 13.5 billion rubles. The company is represented in 28 cities of 9 countries: Russia, Belarus, Georgia, Armenia, Azerbaijan, Kazakhstan, Uzbekistan, Tajikistan, Kyrgyzstan, Mongolia. Since 2009, Axoft has been in the TOP 5 of the best IT software distributors according to CRN / RE and Astera. In 2017, the company took the first line of the CRN / RE rating. Axoft annually confirms the compliance of the quality management system with the requirements of the international standard ISO 9001: 2015.