Smart SOC STEP LOGIC protects Oblako.ru

09 March 2022

Information security of the Oblako.ru infrastructure is monitored using machine learning 24/7.

STEP LOGIC has connected the Oblako.ru provider to SMART SOC, a cybersecurity center based on its own software platform. In addition to the continuous collection and storage of events, detection and prompt notification of customers about information security incidents, the tasks of the Center's specialists include threat analysis and provision of recommendations, as well as consulting support, detailed investigation and expertise.

SMART SOC is currently connected to more than 150 data sources in the customer's infrastructure — not only operating systems, network equipment and information security, but also application systems, including virtualization, orchestration and automation of cloud services. Events are collected using in-house data source mechanisms to reduce the impact on the cloud provider's services. In addition to in-house sources, SOC specialists also use external sources: Threat Intelligence data, geolocation and registration databases, as well as databases of domain names and IP addresses, and malware analysis services.

The Security Data Lake software platform developed by STEP LOGIC is used to store and analyze the collected data. It integrates all SMART SOC data and tools in one place without the need to integrate separate SIEM, IRP and SOAR solutions with each other, as is common in classical architecture. Data analysis uses a common search query language, visualization builder, common correlation rules, and machine learning models. This approach reduces the response time of SMART SOC analysts and engineers, and lowers operating costs.

Response actions are determined by monitoring scenarios developed in the context of the MITRE ATT&CK and Cyber Kill Chain methodologies. In fact, each of them is a separate algorithm for counteracting a given vector of attack, known techniques and tactics of attackers. The most relevant scenarios for the customer are selected after a comprehensive survey, which includes an analysis of the software platforms used at the site, identifying potential threats associated with them, the necessary sources of events and data.

Automatic notifications via email and Telegram are used to communicate with the customer. Joint investigation of incidents and monitoring of key service indicators are carried out using the SMART SOC interactive personal account.

«Our SOC software platform is equipped with a flexible correlation engine and advanced machine learning functions for deep analysis of the collected data. We use all this together with detailed monitoring scenarios, proven practice of their application and regulated SOC workflows to reduce false triggering by 10 times, – says the Head of SMART SOC Stanislav Prishchep. – Another feature of the platform is the ability to link incidents into chains and detect time-spanning, purposeful malicious actions».

 
«Expanding the customer pool and the range of the Cloud.ru services requires appropriate levels of information security, especially in the current rough times. Connection to STEP LOGIC's SOC was an important step on the path to improved continuity and security of our services, – comments Andrei Prishchenko, Head of Oblako.ru Cyber Security Center. We continue working on the project, and our next goal is to develop the technical and expert potential, gained during its implementation».


About Oblako.ru
Рисунок1.png
Oblako.ru cloud provider is a member of SGC (Systematica Group of Companies JSC) and has been providing a full range of cloud services: IaaS, SaaS and PaaS; data storage (data migration to the cloud, backup, disaster recovery); VMware-based Kubernetes; Virtual Desktop Infrastructure for banks, retail, e-commerce, logistics, medicine, as well as other industries and activities.
The service availability level of 99.982%is confirmed by a financial guarantee. The provider's infrastructure is fully compliant with the requirements of the Federal Law No. 152-FZ "On Personal Data". The first level of security (UZ-1) for personal data information systems is provided.
https://oblako.gcs.ru


About STEP LOGIC

STEP LOGIC (step.ru) has been providing network and system integration services on the Russian market for 29 years. STEP LOGIC has more than 500 employees, and the offices are located in Moscow, Kazan, Yerevan, and Almaty. The company employs over 350 engineers and system architects certified by the world’s leading manufacturers. The range of solutions and services includes network and systems integration, audio and visual solutions, development of videoconferencing systems and contact centers, integrated security, data processing and storage services, network and engineering infrastructure development for buildings, IOT, as well as a full range of services for technical support and maintenance of information systems, including IT consulting, auditing, and outsourcing.

Back to all news