Extreme Requirements

Extreme Requirements

One of Europe’s largest energy providers meets a BalaBit solution

The CEZ Group Nuclear Power Plant’s recent challenges included monitoring an increasing number of devices, increasing productivity while reducing headcount, and protecting the confidentiality of documents about the new block of the nuclear power plant under construction—all of which called for a heavyweight solution to optimize their SIEM and authorize privileged users (administrators, third parties, VDI users) and record administrative sessions. The challenge was accepted by BalaBit’s syslog-ng Store Box log management appliance and Shell Control Box privileged user monitoring solutions.

Introducing the Customer: A Nuclear Power Plant

The CEZ Group is one of the largest energy companies in Eastern and Southern Europe. Its main business is the production, distribution and sale of electricity and heat. It employs 30,000 people, operates in 10 countries in the region, and serves approximately 9.3 million customers. In terms of its market size based on customers, CEZ Group is the 7th largest energy company in Europe. CEZ ICT Services, a subsidiary of CEZ, provides information and telecommunications services for the entire group.

High Security Standards in the Nuclear Power Plant to Prevent Leakage of Information

CEZ recently faced several challenges, including a large increase of IT devices to be monitored, pressure to increase work efficiency and reduce the number of employees at the same time. They also wished to improve the security of the document management system of a special team who would select the general contractor for building the new blocks of the nuclear power plant in Temelín. Team members work on VDI-clients to access a Share- Point application to collect, process and evaluate all documents arriving from tender candidates. CEZ management specified strict IT and legal security requirements against this system to avoid legal disputations or possible lawsuits later

Consequently, CEZ needed a heavyweight solution to meet two key expectations: advanced management of logs and audit of privileged users.

“Our main goal was to prevent leakage of information or any action which would harm our IT system,” said Pavel Hejduk, head of the ICT Security Department for CEZ ICT Services. “These incidents could have led us to choose another contractor for building the new blocks of the power plant, which represented a great security risk for us.”

Requirements of the log management part of the new project, meeting the more strict regulations were web-GUI, fast log search, easy backup/archive of logs, WORM (Write Once Read Many) log storage, encryption and time stamping of logs, and high availability (HA) support.

Requirements of the auditing part of the new project, meeting the more strict regulations, included a single tool capable of authorizing administrators and recording administrative sessions, and support of all standard remote administration protocols such as SSH, Citrix ICA and RDP.

A Solid Combination of BalaBit Technologies

Previously the plant’s IT team was using the syslog-ng Open Source Edition log management tool to optimize their SIEM solution’s performance, but the due to the new requirements they needed to look for a commercial solution. They choose BalaBit’s syslog-ng Store Box (SSB) appliance.

“With syslog-ng Store Box you get a real log management tool without the need to know Linux/Unix, unlike with other tools on the market,” Hejduk said. “SSB is a log management tool, and that’s exactly what it does. Many competitors are talking about log management, but, actually, their solutions are event management. If you have, for example, 40 types of logs, implementation of an event management solution is a painful and time-consuming exercise. In the same scenario, SSB can be implemented in a few days.”

Log Management solutions implemented by CEZ:

  • A high availability SSB cluster to collect the log messages of their production systems including 250 log source hosts.
  • An additional SSB virtual appliance that runs on the VMware ESX platform for testing and development.
  • syslog-ng Agent for Windows with TLS encryption and mutual authentication to collect logs from Windows servers.

CEZ choose BalaBit’s Shell Control Box (SCB) activity monitoring appliance, as they did not find any competitive offering for transparently auditing privileged users. SCB audits and monitors the administrative access to more than one hundred servers and external communication stations (communication stations are special thin clients with strict policies, such as controlled email for example).

“Shell Control Box brought much more than we expected. It is not only an auditing solution, but an advanced authorization and OCr search tool, as well,” Hejduk said. “With its transparent Man-In-The-Middle architecture, SCB is a unique product on the market. Support of SSH/ICA/RDP/HTTP(S) auditing and replaying, as well as OCR-based indexing and searching in a single box is amazing.”

In terms of auditing privileged users’ activities, CEZ implemented a high availability SCB cluster; an additional SCB virtual appliance was also purchased for testing purposes.

The new log management and auditing solutions serve 150 users and 50 thin clients simultaneously, monitor eight IT and security administrators, and protect 100 servers in 3 environments (production, test, development). Supported by strict SLA, the production environment is “hermetically” separated from the outside world (no Internet, no phones, no papers, etc.).

Fast Implementation

Planning, testing and implementation of the whole project took two months. The new BalaBit solutions have been in productive operation since July 2012.

The SSB log server appliance was easy to deploy and configure. Archiving logs to WORM media and fast log search was a perfect combination for CEZ security experts for daily operations management and forensics investigations, as well. Indexing of logs based on B-trees* results in extremely fast searching for any parts of the VDI-client and Active Directory server logs.

SCB was a bit harder to implement, but easy to operate. CEZ benefits not just from its primary function (user authorization, audit and record sessions), but from a secondary one, as well - it provides complete documentation and replay of all configuration changes performed by implementation partners and internal administrators.

This article originally appeared in the May 2016 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.