Group-IB, an international company specializing in the prevention of cyber attacks and Tinkoff Bank, an innovative online provider of financial services, report the successful implementation of a multi-layered cyber security system based on a set of products for detecting zero-day threats and preventing targeted attacks. An important element of the system is the flagship Group-IB product—Threat Detection System Polygon (TDS). The pilot project at Tinkoff Bank confirmed the quality of the TDS behavioral reports, which enabled specialists to assess the severity of the threat to the bank and also proved to be highly effective in detecting previously unknown vectors of hacker attacks.
Tinkoff Bank is Russia’s first and only fully online bank, serving over seven million customers remotely via online channels and a call center. The bank’s unique structure poses strict requirements in terms of the level of information security of both internal IT systems and financial products and services. In this context, the key priorities for Tinkoff Bank are stable, uninterrupted operational processes and proactive protection against a wide range of cyber threats that carry potential risks for day-to-day bank operations.
Despite the widespread use of antivirus software, it is often powerless against targeted attacks by hacker groups, ransomware epidemics, attacks on payment infrastructure using social engineering methods, illegitimate use of company resources for cryptomining etc. Anti-APT (Advanced Persistent Threat) products, which allow specialists to conduct comprehensive analysis of malicious files in what is called a sandbox—an environment isolated from the bank’s main network, play a key role in identifying zero-day threats (i.e. previously unknown).
Tinkoff Bank was using a sandbox solution of one of the leading international vendors. However, the record showed that the capabilities of this configuration were insufficient. The bank decided to enhance the quality of detection by focusing on multi-layered protection, which uses multiple sandboxes. Based on the results of long-term tests of various products, Tinkoff Bank decided to include the high-tech system for proactive detection of cyber attacks, Group-IB Threat Detection System Polygon in its stack.

Dmitry Gadar
Head of network security Tinkoff Bank
According to Group-IB, most Russian banks will soon have to start working with multi-layered protection using the most functional and reliable «construction set», including at least two Anti-APTs, one of which is able to handle the threats in the language of their source country, and the second of which is focused on detecting a wide range of malicious activity.
Group-IB emphasizes that synthetic, «made-up» cases for testing the quality of sandboxes will not produce results. This is why, in conjunction with specialists at Tinkoff Bank, pilot testing of the Group-IB Threat Detection System Polygon was initiated exclusively on real dаta, taking into account the specifics of the bank, the volumes of information processed, typical work scenarios and other characteristics of the company’s real IT landscape.

Nikita Kislitsin
Head of Network Security, Group-IB