Jet Infosystems enhances the security of critical customer data for Tinkoff Credit Systems Bank
Moscow. Tinkoff Credit Systems (TCS) and Jet Infosystems have installed an Imperva-based system to monitor critical databases and prevent unauthorized access. All requests by bank employees to access confidential information are monitored on a 24x7 basis. The system can identify end users of applications and accumulate statistics that are necessary for subsequent information security investigations (who accesses databases, how often and for what reason).
TCS is an innovative online financial institution and the only bank in Russia that operates without brick-and-mortar branches. Over a thousand of its front office employees have access to critical personal and financial information and process up to 4,000 client applications a day. Given such a large number of transactions, it becomes vital to ensure security of financial operations, automatic monitoring and control over employees with access privileges. The contract was awarded to Jet Infosystems, a company with a wealth of expertise in Imperva technologies.
Jet Infosystems engineers reviewed the bank’s IT system to identify the segment that needed special protection. It included the automated CRM system and related databases and management systems. They also formulated structural requirements to the new monitoring system that included high-performance network load balancers, gateways for monitoring requests to the DBMS, Imperva management servers and a storage system for monitoring data.
Security policies were also introduced to control requests for access to data, unauthorized changes in access rights, execution of privileged commands, access to data on payment card holders and more. Several security settings were developed upon a specific request from the bank. They include, in particular, monitoring of access to data on customer credit limits by employees, control of access to deposit data, recording of information on data export and so on.
The system features a user profiling mechanism to identify unusual behavior. Imperva identifies irregular activities that deviate from several dozen typical profile groups and automatically reports them to security management via email and the web console. The system can also generate various reports covering security policy violations, user monitoring, SQL injections and so on. Moreover, analytical reports concerning the evaluation of user access rights and accounts simultaneously used by more than one employee are available from the system upon request.
“The bank now has a system that fully meets our current business and data security needs yet can be easily scaled up to accommodate four times as much workload if the number of Imperva gateways in the load balance stack is increased, − tells Stanislav Pavlunin, TCS Vice-President and head of security department. – Protection of critical data by means of Imperva technologies has reduced a number of information risks caused by abuse of access privileges, software vulnerabilities, SQL injection attacks and much more.”
“As a systems integrator, Jet Infosystems was interested in this project in terms of technological challenges. While the Imperva system was installed in a mono-vendor CRM/database assembly. we were requested to develop a solution guaranteed to work efficiently in a multi-vendor environment as well, since the bank is planning to connect the monitoring system to about 20 other business applications supplied by different manufacturers,” - explains Elman Beybutov, leader of the database security and SOC group at Jet Infosystems.
Tinkoff Credit Systems Bank (TCS Bank) was launched in 2006 by Oleg Tinkov, a well-known Russian businessman. Since then it has become a leading credit card issuer and a thriving online retail bank. TCS Bank is currently expanding to offer additional financial products and services including online insurance.
CS high-tech online banking has proved to be an indispensable service to customers in remote areas of Russia where traditional banks may be underrepresented.