The information services of public institutions run in complete safety with a full Romanian solution – Smart Investigator

The added value of information platforms which directly impact the activity of public institutions, companies and citizens of a country is perceived and appreciated as long as they are 100% functional without unwanted interruptions.

This is where, firstly, technical management departments hold full responsibility, to prevent disruptions caused by cyber attacks, human or system errors.  The Romanian Agency for Digital Agenda (AADR), a public institution under the Ministry for Information Society, is managing such national information systems, for eGovernance purposes, with the mission to improve the performance of the public administration and to enhance taxpayer satisfaction. Among these, one can mention the National Electronic System-SEN (www.e-guvernare.ro), the Electronic System of Public Acquisitions, SEAP (www.e-licitaţie.ro), the System for the assignment of electronic permits to international road freight transport and the electronic national programs for the assignment of transport routes through the county and inter-county services, SAET (www.autorizatiiauto.ro) and the national electronic system for the online payment of local taxes (www.ghiseul.ro), the Electronic Single Contact Point ( www.edirect.e-guvernare.ro). The Agency’s work is closely following the implementation of the Digital Agenda Strategy for Romania.

The technical requirements

SEAP is currently one of the most utilised government systems, with over 14,721 public contracting authorities, 56,483 depositor deals and a value of initiated procedures of 345,414,166,938.49 RON in 2014. The number of international road transport permits in 2014 was of 39,714, and that of trucks registered in the system, 31,067. The amount of payments without authentication made in SNEP in the same year amounted to 21,314,817.15 RON.

Consequently, the responsibility of technical teams overseeing the systems is huge. For collecting, storing and analyzing the large volumes of data, logs and events that are daily operated, AADR installed in time various SIEM solutions, including Dell InTrust, HP ArcSight and AlienVault. Carefully analyzing their activity, the Agency identified the need to implement a unified monitoring solution, one to offer data correlations from a single interface and to improve response times and consequently, the efficiency of IT security officers in case of incidents.

The solution

After auditing the performance of the installed SIEM systems, AADR identified the solution for security investigations – Smart Investigator, produced by Q-East Software, as the most suitable to be tested in the complex cyber environment of the Agency.

Smart Investigator currently supervises information flows from the SEN, SEAP, SAET systems and the Virtual Payment Desk, being the platform through which the AADR technical department quickly manages security incidents, now having a full overview of all vulnerabilities within the data infrastructure.

“Smart Investigator is the ultimate security solution. It is like a breath of fresh air for classical SIEM tools. Both intuitive and easily approachable by policy makers at all levels, properly equipped to fit the latest hi tech requirements, with a significantly higher responsiveness. All in all, a very comprehensive tool, created by Romanian software engineers, which brings quick problem-solving skills to daily cases managed by our security teams,” says Cătălin Gabriel Dumitru, Director of eGovernment Development and Technical Support.

Smart Investigator provides AADR both capabilities of monitoring the security of their systems and the collection of events from existing SIEMs. The collected data is correctly and comprehensively ordered in fractions of a second, even if its volume is huge. This allows the Smart Investigator user to act in real time if the situation requires to.

Based on a No-SQL technology, Smart Investigator includes next-generation search features and performance filters, which, by previously defined or ad hoc criteria, help the security officer rapidly investigate security incidents within seconds.

Based on unique learning algorithms, Smart Investigator examines collected streams of data to identify patterns of a normal work activity, processes, users and systems, so that, afterwards, with the “Anomaly Analyzer” – the dedicated anomaly detection module, to expose abnormal events and send real time alerts.

The reporting module is also an essential component of this new security software. Smart Investigator generates instant reports in line with the latest industry standards: ISO 27001, COBIT, FISMA, HIPAA, PCP / DSS, SOX

The investigation, monitoring and reporting modules of Smart Investigator are fully integrated into a single, central platform with a user friendly, highly intuitive graphical interface, which uses graphical charts and easy to interpret decision trees to display query results:

“It’s as easy as it gets. With Smart Investigator, intuitive is the keyword. You get to the desired information more easily, which leaves you even more time for thorough investigations. In this way, you can bring out to the surface vulnerabilities which are otherwise difficult to identify. It greatly simplifies the work of our security experts. I can say that at this moment, we have a complete technology tool that helps us not to be taken by surprise in case of security events,” added Cătălin Gabriel Dumitru.

Results

With Smart Investigator, AADR and the public information systems it manages now have a tool which offers:

• The precise identification of security incidents through innovative multi-SIEM/multi-platform data correlation;

• A dedicated advanced search modules which ensure correlations between tens of millions of events in a matter of seconds;

• Benefits from unlimited horizontal scalability, built-in, without extra database costs;

• Real-time/Schedule based connectivity to classical SIEM systems for data feeds;

• A graphical, user-friendly interactive interface, with advanced functions such as: view, search and monitoring through custom filtering;

• Synthesized results displayed in efficient charts to support the security decision making process;

• Embedded reports to validate control efficiency and effectiveness for frameworks and standards: ISO 27001, COBIT, FISMA, HIPPA, PCI/DSS, SOX;

• A Complete Investigation module An innovative alerting system with real-time, user-defined alerts, which address the most specific event requirements, ensuring great accuracy and minimum false alerts;

• Correlations between the Audit Data and Physical Security (using an additional Video Module);

• An advanced anomaly detection technology – Anomaly Analyzer;

• Context Sensitive/Interactive dashboards General/Network/Active Directory that can also be fully customized;

• Precious time and resources savings in the daily work of security managers.

During the testing sessions of the Smart Investigator solution, the Q-East Software team has worked closely with security experts from AADR to implement new functionalities and requirements to fit the AADR data infrastructure, the technical requirements of the Agency bringing Smart Investigator at an increased level of performance.

“Smart Investigator is developed by an astute team of experts from Q-East Software and receives the full technical support and logistics of the company, currently a service model in the market, which means resource management, flexibility and use of the latest available technology. It definetely helps us save time and money, but most of all, it’s simply brilliant. We can assess the geniality of a software solution on large volumes of data, because this is today’s cyber reality. And Smart Investigator successfully copes with impressive volumes of data,” stated Cătălin Gabriel Dumitru.

Smart Investigator is a today’s premiere in the IT industry, being the only 100% Romanian multi-SIEM solution which succeeds in meeting multiple purposes within the scope of investigation and analysis of IT, providing unlimited horizontal scalability, with no additional costs.

Article published in Cybersecurity Trends, 18/10/2015