Challenges: in one quarter, it was necessary to migrate from a cloud-based SIEM installation to in-house computing resources, ensuring the transfer of existing tailor-made cybersecurity content-pack and data-sources pipelines.

Results: all critical incident detection rules from the kill chain were migrated to SAF within a day.

• 2.5M EPS+ dataflow from IT infrastructure
• 10.000+ servers in monitoring system
• CI/CD for SIEM configuration management
• rapid implementation of SOC business processes
• flexible role model allows access for everyone and goes beyond SIEM

Challenges: building a disaster-resilient, geographically distributed platform for collecting and analyzing information security events across various segments of the computing infrastructure.

Results: a system has been built that fully covers fraud scenarios, resulting in a 97% reduction of financial losses related to identified incidents.

• monitoring the computing infrastructure of the digital currency
• >150 active users
• 15K+ assets
• >4 TB/d indexing dataflow
• 300+ data sources

Challenges: integrating retrospective searches, migrating and adapting correlation rules, and recreating dashboards.

Results: powerful inhouse platform for SOC L1, L2& L3 teams, incident management process.

• 30+ members of SOC team
• >400 correlation rules
• 25K EPS dataflow
• ~75 data lookups
• powerful search engine

Challenges: fraudsters were using customer loyalty programs to commit fraud, causing financial and reputational damage to the company.

Results: a system has been built that fully covers fraud scenarios, resulting in a 97% reduction of financial losses related to identified incidents.

• >$12 millions/year confirmed prevented financial losses
• 100+ anti-fraud correlation rules
• >1 million identified and prevented fraud incidents within one year

Challenges: creating individual and group user profiles based on a variety of criteria and use machine learning to identify anomalies and analyze user transactions.

Results: principles for detecting fraudulent transactions have been implemented, allowing for early warning of fraud through the analysis of logistics and trade transactions.

• 30+ anti-fraud correlation rules
• >80 identified and prevented fraud incidents
• 86% efficiency of the system in detecting fraud

Challenges: integration with specialized application information systems and the effective identification and prevention of attacks on critical infrastructure.

Results: rapid deployment of a SOC within three months, successful integration of SOC into our business processes, and efficient workforce operations.

• before 30, after 100+ correlation rules
• 550% false positive decrease
• 24x7 level 1 support

Challenges: employee actions are recorded in multiple accounting systems. It’s difficult to control and it’s easy for fraudsters to bypass corporate hiring requirements.

Results: all IT systems for employees hiring are integrated into a single data lake. An analytics system has been established, which has helped minimize fraud in hiring personnel.

• incidents of collusion between applicants and company employees are identified
• >200 annual salary funds saved by detecting violations in payroll records
• SLA related to employees hiring have been established

Challenges: integrating specialized data sources, two-way integration with service desk systems, creating tailor-made content.

Results: operational SOC serving the holding company's from design to commercial SOC operations.

• empowerment of the client's team to independently supplement and adapt SIEM content
• development of a comprehensive knowledge center, including project and operational documents.
• 24x7 level 1 support

Challenges: it is necessary to automate the detection of risky events with analytics across all business processes and integration of various information systems.

Results: analysis of over 50 risky events in business processes. Data sources such as SAP FI, MOEX, Bloomberg have been connected for data enrichment.

• >10 automated controls of trading operations
• automated control of credit/deposit portfolio
• automated control of over-the-counter transactions

Challenges: gathering and integrating diverse data sources, such as sensor data, maintenance records, and external factors into a unified system can be complex and require standardization.

Results: reduce investment costs for maintenance and diagnostics of the pipeline system.

• Plan of direct assessment and repair from 3 month, to 10 minutes for executive summary staff reporting
• 30% cost reduction for pipeline service life in the long run
• 98% accuracy of comparison of ILI inspections data

Challenges: addressing the complexity of identifying business-critical actions of employees and constructing individual and group profiles effectively.

Results: effective workload balancing for over 3000 employees, reduction in overtime and labor cost expenses.

• 7-10% employers' utilization enhancement
• from days, to minutes for executive summary staff reporting
• 8 branches in different time zones

Challenges: building profiles of employee actions based on banking system operations. Identifying patterns of fraudulent activities using machine learning.

Results: employee profiles based on multiple criteria have been built. The process of detecting and preventing fraud with customer data has been automated.

• 30+ controlled profile parameters
• 100+ anti-fraud correlation rules
• >1,1 million identified and prevented fraud incidents within one year

Challenges: making call topic hypothesis based on customer experience background.

Results: reduce call center operational cost with Data-Driven approach and machine learning.

• 51% reduction in the number of customer queries that require human operator assistance within one year
• 5.3% reduction in staff costs
• predictions for IVR scenarios

Challenges: developing a model for integrating SOC processes with the customer's business processes, embedding it into a unified corporate KPI/SLA evaluation system, risk management and business continuity strategy.

Results: SOC business model and technical landscape.

• optimization of SOC support lines (L1, L2) by improving employee time efficiency;
• reduction in cybersecurity incidents Time-To-Response indicator
• methodological support for the operations of the Cyber Security Incident Response Team (CSIRT)

Challenges: managing and monitoring a vast and complex network and server infrastructure spread across multiple regions.

Results: reduced mean time to resolution (MTTR) for infrastructure issues by 50%, minimizing downtime and service disruptions.

• realized 23% cost savings by optimizing resource usage, reducing the need for emergency fixes, and preventing potential financial losses due to downtime
• achieved a significant increase in system uptime, ensuring that critical banking services are available to customers 99.99% of the time.
• reducing 75% alert fatigue among IT teams and allowing them to focus on critical issues

Challenges: decreased time and costs for development and enhancement of machine data analysis projects.

Results: using hybrid storage dramatically reduces hardware requirements.

• hardware requirements optimization: 150% CPU, 400% RAM, 800% HDD/SDD
• reducing licensing costs by 300%
• reducing project duration by using ready-made platform modules.
• reducing development time for search queries by 70%
• reusing the existing data collection infrastructure

Challenges: autodetect unknown network devices, enrich data about network devices for quick decision-making regarding blocking/unblocking, automatically recognize and create profiles for new network equipment

Results:

• the time for network inventory has been reduced from 3 weeks to 10 minutes
• only two admins for supporting 3000+ hosts
• immediate 24/7 notification of administrators about network issues via messengers