T-SYSTEMS - Develpment of a dashboard for security and compliance control
"As part of the Deutsche Telekom group, T-Systems manages the ICT of multinational groups and public institutions, thanks to a data center and network infrastructure that extends worldwide. With an overall turnover for 2009 of 8.8 billion Euros and 45,300 professionals throughout the world, T-Systems has made a name for itself in combining market skills with innovation in the ICT context."

www.t-systems.it

Company: T-SYSTEMS
Sector: Services
Project: Conformity to legal regulations and internal standards
Solution: Development of a control dashboard for security and compliance

SCENARIO

Operating in an international context and on significant bids for tenders involves complying with a lot of different regulations and conforming to quality standards, both Italian and international:

  • Sarbanes-Oxley (Sox) SAS70 for companies quoted on the USA Stock Exchanges
  • ISO/IEC 27001
  • Italian Legislative Decree 196/03
  • Italian Legislative Decree 231/01

T-Systems consolidates logs coming from various systems into a single monitoring system, with the aim of promoting compliance with standards and legislative norms, as well as offering a new service to its clients, achieving greater efficiency and reducing costs. In order to protect and preserve its information assets, T-Systems decided to equip itself with a log management system to collect and correlate "events" from various systems and applications, through a single monitoring and alarm system.

SOLUTION

CA Security Command Center is the CA Technologies solution for managing security. The system reduces, groups together, correlates and orders on a priority basis the various security data, so as to contribute to managing the relative information overload. The solution took charge of the following risk scenarios:

  • Buffer overflow caused by an attack and consequent lack of availability of the relative critical service
  • Repeated failed logins to individual host by means of firewall (host very critical)
  • Repeated failed logins to individual host by means of firewall (host less critical, more "tolerant" intervention thresholds )
  • Repeated failed logins to a host transiting from a router
  • Repeated failed access to critical files carried out by the same host, by someone or by a process with insufficient privileges
  • Repeated errors of access to critical files carried out by the same host
  • Change in system configuration
  • Activation of new administration users
  • Use of probe to identify critical systems or known weaknesses
  • Critical assets under attack with high possibility of business being interrupted
  • Multiple disconnections from firewall by the same IP source
  • Non-secure password used to login with relative account
  • Virus or script detected in a web server system
  • Virus or script detected by servers' real time scanner
  • Detection of uses by local administrative default users.

BENEFITS

The implementation of the log management platform in T-Systems enables the following benefits to be obtained:

  • having available a single collection point for information from different platforms and equipment
  • limiting and controlling the impacts of the log management system on applications, systems and infrastructures
  • having available correlation rules and policies for events
  • activating alarms on the basis of correlation logics
  • having available a centralized security reporting system
  • compliance with ISO/IEC 27001 standard
  • having available a functional, easy-to-use system that guarantees accuracy and continual updating of the data collected.