6 November 2018

The enemy shall not pass: Tinkoff Bank’s “echelon” reinforced by Group-IB TDS Polygon

Group-IB, an international company specializing in the prevention of cyber attacks and Tinkoff Bank, an innovative online provider of financial services, report the successful implementation of a multi-layered cyber security system based on a set of products for detecting zero-day threats and preventing targeted attacks. An important element of the system is the flagship Group-IB product—Threat Detection System Polygon (TDS). The pilot project at Tinkoff Bank confirmed the quality of the TDS behavioral reports, which enabled specialists to assess the severity of the threat to the bank and also proved to be highly effective in detecting previously unknown vectors of hacker attacks.

Tinkoff Bank is Russia’s first and only fully online bank, serving over seven million customers remotely via online channels and a call center. The bank’s unique structure poses strict requirements in terms of the level of information security of both internal IT systems and financial products and services. In this context, the key priorities for Tinkoff Bank are stable, uninterrupted operational processes and proactive protection against a wide range of cyber threats that carry potential risks for day-to-day bank operations.

Despite the widespread use of antivirus software, it is often powerless against targeted attacks by hacker groups, ransomware epidemics, attacks on payment infrastructure using social engineering methods, illegitimate use of company resources for cryptomining etc. Anti-APT (Advanced Persistent Threat) products, which allow specialists to conduct comprehensive analysis of malicious files in what is called a sandbox—an environment isolated from the bank’s main network, play a key role in identifying zero-day threats (i.e. previously unknown).

Tinkoff Bank was using a sandbox solution of one of the leading international vendors. However, the record showed that the capabilities of this configuration were insufficient. The bank decided to enhance the quality of detection by focusing on multi-layered protection, which uses multiple sandboxes. Based on the results of long-term tests of various products, Tinkoff Bank decided to include the high-tech system for proactive detection of cyber attacks, Group-IB Threat Detection System Polygon in its stack.

It is important that we learn about the emergence of new types of threats in advance and respond to them quickly, mitigating possible risks. We decided to deploy an «echelon of sandboxes», focusing primarily on detecting zero-day threats. They, in particular, are the most dangerous and can only be detected using intelligence-driven behavioral analysis systems that allow you to analyse a file before it ends up on a user’s computer. During testing, TDS Polygon proved to be highly effective and demonstrated that we had chosen the right strategy. Now, the product is being successfully used in «combat» mode.

Dmitry Gadar

Dmitry Gadar

Head of network security Tinkoff Bank

According to Group-IB, most Russian banks will soon have to start working with multi-layered protection using the most functional and reliable «construction set», including at least two Anti-APTs, one of which is able to handle the threats in the language of their source country, and the second of which is focused on detecting a wide range of malicious activity.

Group-IB emphasizes that synthetic, «made-up» cases for testing the quality of sandboxes will not produce results. This is why, in conjunction with specialists at Tinkoff Bank, pilot testing of the Group-IB Threat Detection System Polygon was initiated exclusively on real dаta, taking into account the specifics of the bank, the volumes of information processed, typical work scenarios and other characteristics of the company’s real IT landscape.

Effective Anti-APT solutions have to not only perform static and dynamic file analysis, but also resist many techniques that allow attackers to detect OS virtualization and bypass the threat detection technology using other, rather diverse methods. The devil is always in the details: even those seemingly simple issues such as link analysis, support for hundreds of file formats that change their link status over time—all these are a serious challenge for vendors who develop products of this class. The completeness of the behavioral reports provided is also important: TDS Polygon proved to be able to solve these tasks, as demonstrated during successful pilot testing on real cases at Tinkoff Bank.

Nikita Kislitsin

Nikita Kislitsin

Head of Network Security, Group-IB

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on company’s 16 years of experience in cybercrime investigations all over the world and 55 000 hours of incident response accumulated in the largest forensic laboratory in Eastern Europe and a 24/7 CERT-GIB.

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Group-IB is a member of the World Economic Forum.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident