The client required a restructuring of the system's information security functionality, selection of domestic replacements for existing solutions, and migration of the device pool to the chosen systems.
A broad spectrum of the client's employees, ranging from analysts and 1C developers to the finance department in two locations (Moscow and Zelenograd), utilized the system's devices, workstations, servers, and applications. Particular focus was required on debugging and configuring security policies, web control, etc., as the client was uncertain about their specifications.
Among the applicable, effective defense systems, the decision was made to go with an EDR system that significantly enhances the antivirus application's functionality, enabling the collection of detailed data on attempted hacker attacks.
By using the EDR system, the client's information security analysts will have access to logs detailing attack origins (IP addresses and locations), affected devices, etc. ICL Services was engaged to address this issue.
Key Challenges
- Provide consultation to the client on choosing Russian information security solutions, including antivirus and EDR systems
- Design the future system, considering the previous solutions and locations
- Incorporate the chosen solutions into the client's infrastructure while adhering to strict deadlines (approximately 1 month for basic configuration)
- Guarantee maximum coverage – over the client's entire infrastructure – with the Kaspersky agent and security software
- Offer technical support post-implementation, by monitoring and identifying various infrastructure incidents associated with the functioning of the EDR system
- Ensure 24/7 detection and response to Information Security incidents, including attempts at hacker attacks
The team launched the project on January 9, 2023.
Following consultations on selecting a solution, the ICL Services team commenced development by designing the EDR system, taking the capabilities and specificities of the client's IT infrastructure into account.
Upon completing the system design and coming to an agreement with the client on the solution architecture, highlighting its risks and advantages, ICL Services specialists:
— having gained access to the corporate servers, set up security policies for advanced antivirus protection and web control,
— and, after successfully testing some pilot groups, embarked on a full-scale device migration.
The migration occurred in several stages: after configuring the server, the ICL team exercised their experience, Information‐Security best practices, and insights from previous projects to tailor policies in line with stringent cybersecurity requirements. The format and content of reports on Information Security processes using the EDR system were also agreed upon with the client.
After deploying the protection suite in the test loop, risks were identified and analyzed, and the necessary steps for to proceed with migration were outlined. This included determining which devices would require rebooting and which would not, and coordinating the timing of the work to prevent disruption to the client's business operations.
As part of our commercial proposal, we implemented round-the-clock threat monitoring and system failure reports, including cyberattack attempts. Consequently, we expanded our team of specialists to not only provide technical support for the system but also to ensure a swift and efficient response to security incidents and potential threats 24/7.
During the final phase, acceptance tests were conducted where the client verified adherence to the SLA requirements and verified that the EDR system had comprehensive coverage of the servers and workstations.
The project was completed within a span of just three months.
Products and technologies
— Kaspersky Security Center
— Kaspersky Endpoint Security for Windows
— Kaspersky Security for Windows Server
— Kaspersky Endpoint Detection and Response Optimum
Results
- The migration of over 800 devices in two locations was a complete success, without any system disruptions.
- After transitioning the project to a service model, our specialists continued to monitor various cyber threats and security incidents within the SOC, documenting hacker attack attempts on the client as the happened and responding promptly.
- The specialists at ICL Services ensured comprehensive coverage of all the client's infrastructure devices with the chosen security solution, along with timely signature updates.
Services provided
expert in IT Security Assessment