"As part of the Deutsche Telekom group, T-Systems manages the ICT of multinational groups and public institutions, thanks to a data center and network infrastructure that extends worldwide. With an overall turnover for 2009 of 8.8 billion Euros and 45,300 professionals throughout the world, T-Systems has made a name for itself in combining market skills with innovation in the ICT context."
Project: Conformity to legal regulations and internal standards
Solution: Development of a control dashboard for security and compliance
Operating in an international context and on significant bids for tenders involves complying with a lot of different regulations and conforming to quality standards, both Italian and international:
- Sarbanes-Oxley (Sox) SAS70 for companies quoted on the USA Stock Exchanges
- ISO/IEC 27001
- Italian Legislative Decree 196/03
- Italian Legislative Decree 231/01
T-Systems consolidates logs coming from various systems into a single monitoring system, with the aim of promoting compliance with standards and legislative norms, as well as offering a new service to its clients, achieving greater efficiency and reducing costs. In order to protect and preserve its information assets, T-Systems decided to equip itself with a log management system to collect and correlate "events" from various systems and applications, through a single monitoring and alarm system.
CA Security Command Center is the CA Technologies solution for managing security. The system reduces, groups together, correlates and orders on a priority basis the various security data, so as to contribute to managing the relative information overload. The solution took charge of the following risk scenarios:
- Buffer overflow caused by an attack and consequent lack of availability of the relative critical service
- Repeated failed logins to individual host by means of firewall (host very critical)
- Repeated failed logins to individual host by means of firewall (host less critical, more "tolerant" intervention thresholds )
- Repeated failed logins to a host transiting from a router
- Repeated failed access to critical files carried out by the same host, by someone or by a process with insufficient privileges
- Repeated errors of access to critical files carried out by the same host
- Change in system configuration
- Activation of new administration users
- Use of probe to identify critical systems or known weaknesses
- Critical assets under attack with high possibility of business being interrupted
- Multiple disconnections from firewall by the same IP source
- Non-secure password used to login with relative account
- Virus or script detected in a web server system
- Virus or script detected by servers' real time scanner
- Detection of uses by local administrative default users.
The implementation of the log management platform in T-Systems enables the following benefits to be obtained:
- having available a single collection point for information from different platforms and equipment
- limiting and controlling the impacts of the log management system on applications, systems and infrastructures
- having available correlation rules and policies for events
- activating alarms on the basis of correlation logics
- having available a centralized security reporting system
- compliance with ISO/IEC 27001 standard
- having available a functional, easy-to-use system that guarantees accuracy and continual updating of the data collected.