September 8 16:57
Specialists T1 Integration completed the project to strengthen information security in ASTON, federal software developer for banks and large organizations. As part of the audit, the integrator team checked the security of the infrastructure and appreciated compliance with the requirements of GOST R 57 580.1. As a result, the fifth, maximum, level of compliance of the Protection Protection of the IT contest of the customer was confirmed.
The project was implemented in several areas. At the first stage, T1 Integration experts analyzed the regulatory documentation Aston, appreciated the maturity of IB processes and the protection measures used. Then practical measures followed: an external audit of the perimeter of IT infrastructure using the Black and Grey Box methods, attacking attacks, as well as sociotechnical testing for penetration.
The integrator team prepared a phishing page and two different electronic newsletters. The results of sociotechnical testing allowed Aston to adjust the internal procedures for personnel training and responding to incidents. In parallel, a test for penetration through an external perimeter passed. Specialists T1 Integration revealed two non -affecting key systems of zero -day vulnerability in the software used, both foreign and Russian. These data helped Aston quickly eliminate the risks that could potentially lead to a violation or stop of key business processes.
Also, as part of the project, the integrator prepared a detailed set of recommendations for the development of an information protection system in the conditions of the specifics of the Aston infrastructure stack.
“The purpose of the project was not just an assessment of compliance with formal requirements, but an increase in the security of our partner. We appreciated the architecture, checked the reaction of the ASTON IB system to attacks, tested the stability of employees to social engineering. As a result, a high level of maturity of the customer’s information security system was confirmed, and he was given relevant independent expert recommendations for further increase in the maturity of the processes of protecting from cyber attacks, ”said Alexei Isosimov, technical director T1 Integration.
“It was important for us to get an independent expert assessment of information security. We have already implemented most of the recommendations in practice and plan to further strengthen our IB system in order to systematically minimize the risks of interruption or reducing the development of our business as a result of computer attacks, ”commented Ivan Zakharkov, deputy general director of the Aston group of companies.
About companies:
T1 integration is included in the IT Holding T1, has a large set of competencies confirmed by official statuses from key manufacturers and developers. The company was created in 1992. The company's grocery portfolio includes over 300 services and solutions in the field of systemic integration, industrial engineering, industrial automation, engineering infrastructure, engineering analysis, information security, computing data databases, robotization of routine operations, process analytics of Process mining, network technologies, multimedia and communications of IT systems and monitoring, etc. The company has implemented more than 2000 projects in the interests of customers-state structures and the largest companies of the key sectors of the economy: telecom operators, financial organizations, industrial, fuel and energy, transport and trading enterprises.
