Menu
english
About Group-IB Media Center Press Releases

6 November 2018

The enemy shall not pass: Tinkoff Bank’s “echelon” reinforced by Group-IB TDS Polygon

Banks Nikita Kislitsin Threat Hunting Framework

Group-IB, an international company specializing in the prevention of cyber attacks and Tinkoff Bank, an innovative online provider of financial services, report the successful implementation of a multi-layered cyber security system based on a set of products for detecting zero-day threats and preventing targeted attacks. An important element of the system is the flagship Group-IB product—Threat Detection System Polygon (TDS). The pilot project at Tinkoff Bank confirmed the quality of the TDS behavioral reports, which enabled specialists to assess the severity of the threat to the bank and also proved to be highly effective in detecting previously unknown vectors of hacker attacks.

Tinkoff Bank is Russia’s first and only fully online bank, serving over seven million customers remotely via online channels and a call center. The bank’s unique structure poses strict requirements in terms of the level of information security of both internal IT systems and financial products and services. In this context, the key priorities for Tinkoff Bank are stable, uninterrupted operational processes and proactive protection against a wide range of cyber threats that carry potential risks for day-to-day bank operations.

Despite the widespread use of antivirus software, it is often powerless against targeted attacks by hacker groups, ransomware epidemics, attacks on payment infrastructure using social engineering methods, illegitimate use of company resources for cryptomining etc. Anti-APT (Advanced Persistent Threat) products, which allow specialists to conduct comprehensive analysis of malicious files in what is called a sandbox—an environment isolated from the bank’s main network, play a key role in identifying zero-day threats (i.e. previously unknown).

Tinkoff Bank was using a sandbox solution of one of the leading international vendors. However, the record showed that the capabilities of this configuration were insufficient. The bank decided to enhance the quality of detection by focusing on multi-layered protection, which uses multiple sandboxes. Based on the results of long-term tests of various products, Tinkoff Bank decided to include the high-tech system for proactive detection of cyber attacks, Group-IB Threat Detection System Polygon in its stack.

It is important that we learn about the emergence of new types of threats in advance and respond to them quickly, mitigating possible risks. We decided to deploy an «echelon of sandboxes», focusing primarily on detecting zero-day threats. They, in particular, are the most dangerous and can only be detected using intelligence-driven behavioral analysis systems that allow you to analyse a file before it ends up on a user’s computer. During testing, TDS Polygon proved to be highly effective and demonstrated that we had chosen the right strategy. Now, the product is being successfully used in «combat» mode.

Dmitry Gadar

Dmitry Gadar

Head of network security Tinkoff Bank

According to Group-IB, most Russian banks will soon have to start working with multi-layered protection using the most functional and reliable «construction set», including at least two Anti-APTs, one of which is able to handle the threats in the language of their source country, and the second of which is focused on detecting a wide range of malicious activity.

Group-IB emphasizes that synthetic, «made-up» cases for testing the quality of sandboxes will not produce results. This is why, in conjunction with specialists at Tinkoff Bank, pilot testing of the Group-IB Threat Detection System Polygon was initiated exclusively on real dаta, taking into account the specifics of the bank, the volumes of information processed, typical work scenarios and other characteristics of the company’s real IT landscape.

Effective Anti-APT solutions have to not only perform static and dynamic file analysis, but also resist many techniques that allow attackers to detect OS virtualization and bypass the threat detection technology using other, rather diverse methods. The devil is always in the details: even those seemingly simple issues such as link analysis, support for hundreds of file formats that change their link status over time—all these are a serious challenge for vendors who develop products of this class. The completeness of the behavioral reports provided is also important: TDS Polygon proved to be able to solve these tasks, as demonstrated during successful pilot testing on real cases at Tinkoff Bank.

Nikita Kislitsin

Nikita Kislitsin

Head of Network Security, Group-IB

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol and has been recommended by the OSCE as a cybersecurity solutions provider.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
Find out more
Report an incident