Customer profile
Our University Hospital operates many infrastructure systems and a number of applications storing sensitive data. For a long time, we lacked a tool that would act as a central repository for audit trails of traffic and at the same time evaluate cyber security events and incidents in real time. The problem is not the level of security of the audit data itself, but the ability to evaluate it in the context of current cyber threats. With the help of the Integrated Regional Operational Programme call, we were able to afford to acquire one of the most effective SIEM tools on the commercial market.
Baseline and project objectives
The Hradec Králové University Hospital is investing considerable resources in its computing infrastructure, including in the area of increasing security against cyber threats. However, until now it has lacked a central integrating element for all technologies focused on security.
A SIEM solution will enable a significant increase in cyber security, in terms of early detection of malicious behaviour in systems or on a computer network. A SIEM evaluates real-time data from the entire ITC infrastructure and detects security threats early. It enables proactive testing of vulnerabilities in the infrastructure, builds a reputation database and provides an audit repository function for logs and network flows.
Hradec Králové University Hospital did not have any similar system in the past. Tools of individual system manufacturers were used to a limited extent. The aim was therefore to focus on this area and deploy a tool that could be used to manage security issues from one place. The decision-making process was also accelerated by the possibility to use co-financing from EU subsidies under the call for proposals of the Integrated Regional Operational Programme (Call 10).
There was interest in deploying the solution in a high availability scheme, with throughput in the order of several thousand records per second, an active vulnerability scanner and an audit repository with retention of up to 18 months for selected systems.
Benefits
- Significant and sustained strengthening in the area of security risk awareness, recording and management
- Real-time processing and visualisation of security events
- Building a long retention audit log repository
- Setting up proper security logging for key healthcare applications
- Deployment of a vulnerability scanner integrated into the SIEM solution
- Meeting cybersecurity legislation requirements for essential service providers
- Training staff to identify and manage cyber risks
- Ongoing security support throughout the sustainability of the project
Solution
AUTOCONT a.s. delivered a SIEM security solution based on IBM QRadar product, including its subsequent support. The SIEM system was delivered as a pair of devices connected in a high availability scheme with synchronized storage. The SIEM has a throughput of several thousand audit logs (a.k.a. EPS), a license for Network Flow processing and also a license for a vulnerability scanner. 500 event sources are connected to the QRadar SIEM. The system reliably scans more than 200 million events per day.
Authorised and trained staff now have an immediate overview of the security situation in the hospital's cyberspace and, thanks to integration with IBM's reputation database (X-Force), of external threats. QRadar recognizes these devices precisely by linking them to the external reputation database. The project included the supply of technology components, analysis, deployment design, installation, implementation, parameterization, performance and function tests in the form of cyber attack simulations, training, documentation and subsequent service and methodological support.
In addition to the QRadar SIEM and Vulnerability Manager, additional functionality in the form of QRadar Risk Manager, Network traffic capture or Incident Forensics modules can be obtained at an additional cost. These modules provide functionalities focused on advanced attack vector tracking or modeling analysis, in the style of "what-if" analyses when planning changes to the network infrastructure or its configuration.
Used technologies
- IBM QRadar SIEM
DO NOT HESITATE TO
CONTACT US
Are you interested in more information or an offer for your specific situation?