Protection of the bank’s corporate network perimeter

Sberbank’s St. Petersburg branch includes an office responsible for the security of the bank’s network perimeter. In order to ensure the safety of the company’s operations, security specialists focus their attention on protecting the network perimeter, i.e. the services accessible via the internet. Protection of the corporate network’s perimeter is integral to the company’s information security, forming an important element of a multi-level system that allows it to keep external threats to the minimum. Perimeter protection solutions help prevent attacks on the company’s IT resources and ensure that the employees have a safe access to external networks, and the clients to corporate resources.

“The perimeter is not just a mere line that separates one segment of a network from another; it’s a complex mechanism within Sberbank’s large structure. Smaller businesses also have a perimeter; size is of no significance here. But the perimeter of a larger organization is a complex organism made of people, software, equipment and processes that tie everything together. Processes are an important element; you can hire great specialists but if there are no high-quality processes, the whole system can crash very easily. Processes are responsible for the connections between people, equipment and other elements of the system,” pointed out Alexey Voloshchuk, the head of the St. Petersburg branch of the bank’s Cyber-Security Center.

Vladislav Verus on different aspects of perimeter protection

The perimeter is a complex of measures and activities which are carried out to offset adverse impact not only on hardware-software systems, but also on staff working with these. We identify several elements of working on the perimeter.

The first and very important element is a service for protecting web applications called Web Application Firewall (WAF). Located on the application layer of the OSI model, it detects attacks on the application level, allowing us to detect and block attacks on web applications which are let through by conventional network firewalls and intrusion detection systems. This instrument also allows specialists to detect the scripting, or the type of the attack encountered, similar vulnerabilities in the system, as well as the ways they are taken advantage of.

The other two elements are the IDS and IPS systems, which are used in many modern companies. Their aim is to detect and log information protection events on the internal and external segments of the organization. Many businesses also use IDS to later analyze the events that were detected. In its turn, when adjusted correctly, the IPS system can employ active blocking countermeasures when detecting something suspicious. But it has to be adjusted with great caution because the stakes are high: it has to react to possible threats in real-time mode, and with as little a delay as possible.

Another element is Next-Generation Firewall, a complex of measures and activities we have to perform to expand the system with cutting-edge technologies that include a great number of systems and functions aimed at controlling access to data and resources, and also monitoring. These can be first and second-generation firewalls, but it’s important to understand how our internal users make use of resources that are out there on the internet.

A no less crucial pillar of ensuring perimeter security is protection against DDoS attacks. For this we have precisely-adjusted traffic filterers and analyzers. That said, relying on automatic system isn’t enough; we also have to be able to alter protection mechanisms manually to prevent any unforeseen consequences from a successful blocking of an attack.

We at Sberbank have also put in place a set of procedures in event of an attack on one of our resources. We inquire after the resources that are there in a specific workplace, try out different methods, and conduct an in-depth post-attack analysis.

But these technological aspects aren’t the be all and end all in these kinds of situations. We shouldn’t forget that we’re dealing with people, and their actions also need to be taken in consideration. According to statistics, 70-80% of all information security disasters are caused by human error, because no company is immune from insider data leaks, so we have to stay alert. These harmful actions can be both deliberate and accidental, and that’s why companies need to raise awareness and nurture a strong information security culture among the staff. Perimeter protection is not a mere safety network that needs to be tuned once and left to fend for itself; it’s a complex system that is marked by continuous progress and needs regular monitoring and new equipment. This can only be done with the efforts of highly skilled specialists.

“There are teams whose main responsibility is to test the level of perimeter protection. In essence, these specialists mount an attack against themselves, developing its scenario and monitoring how the perimeter reacts to one action or another, which is needed to check whether the protection that has been built is accurate. It’s all the more interesting when new types of attacks emerge. Last year, for example, we dealt with wavelike attacks, which is a peculiar type of attacks when violators aim to crash a protection system by throwing it off kilter. Some attacks are more funny than dangerous; Web Application Firewall once detected an attack which was innocuous intensity-wise, but the malefactor left a message calling us darned capitalists,” recalled Alexey Voloshchuk.