KB Kookmin Bank Case Study

KB Kookmin Bank announced plans to launch its own unified cyber security platform. Work began on the platform with IBM in the second half of last year and live service is scheduled to start after pilot operations are concluded early next month.

KB Kookmin Bank announced on the 26th that it will create a next-generation security platform, the KB Unified Cyber Security Platform, a continuous and comprehensive integrated monitoring system for security threats that is scheduled to open in May. Currently, humans cannot analyze the numerous security data generated by security systems in real-time. There is a need to improve the current security platform by developing an integrated monitoring system for individual solutions.

This is not just a problem for KB, but has been a genuine concern of the entire financial sector. In line with these needs, KB’s unified cyber security platform is being built to respond to increasing external threats by collecting and analyzing abnormal signals generated from heterogeneous security solutions and identifying correlated threats in real-time in one platform.

KB unified cyber security platform can collect and correlate security data in its entirety and uses a plug-in technology to modify the system and dashboard.

An integrated dashboard and a web system are configured as well, which enables correlation analysis of policy enforcement status and threat behavior by user-defined search. The framework supports the correlation of anomalies and manages policy enforcement through data analytics from heterogeneous security systems.

A KB employee said, “In addition to features provided from existing ESM (Enterprise Security Management), it can comprehensively respond to insider threats as well as network-based external threats with the correlation analysis.”

The platform provides machine learning capabilities, which offers a significant improvement over the limitations of existing rule-based detection, and automates security threat detection through self-learning. KB explained that it is now possible to predict anomalies such as DDoS attacks, abnormal communication, and system failures.

In particular, it provides consistent visibility of the enterprise for security policy enforcement and incident response for executives and security analysts. With this, it is expected to respond to breaches in a timely manner, and strengthen information security controls.

This unified cyber security platform is differentiated from the existing platforms in that C-level executives, including the CEO, can see the enterprise security posture like a security analyst in the field.

In the past, engineers had to analyze logs generated from endpoints, servers, and networks first. But with KB's unified cyber security platform, executives can easily see them on a single, unified screen. This type of platform that staffs as well as executives can easily use to check the security posture is unprecedented in the finance sector.

“Information security matters as it can threaten the existence of the company. But it is an invisible and often unknown issue unless you are an expert. Many companies have been making a lot of effort to increase the security awareness of their employees, but the reality is that we are experiencing a lot of difficulties,” said a KB spokesperson.

"If the accessibility to the data is improved through our system, it will naturally improve the awareness of the importance of security among our employees," added a KB spokesperson.

KB Kookmin Bank has also built a system for collecting and analyzing threat data that can be synchronized with the Korea Internet & Security Agency (KISA) and the Financial Security Agency database. It also centralized the administration of the entire firewall policies and monitoring of resource usages and operational status.

KB Kookmin Bank said that its unified cyber security platform represents a new security paradigm and will improve the information security environment and enable rapid response against new cyber attacks.

Last July, KB Kookmin Bank held an RFP briefing session for the “Unified Cyber Security Platform” and the budget was announced at 3.82 billion won including hardware, software, and professional services. After that, KB selected IBM as the main service provider.

cmj@ddaily.co.kr

Read the original article here: https://www.ddaily.co.kr/news/article/?no=168208

See Also

More

Logpresso launches Korea's first enterprise-level cloud SIEM service

Logpresso Cloud is the first SaaS-based Cloud SIEM service offered by a Korean vendor. This service allows comprehensive monitoring and automated threat response across existing on-premise infrastructure, as well as a wide range of SaaS, PaaS, and IaaS solutions utilized by many businesses in their daily operations.

2024-09-20

SK Planet Case Study

On the 14th, Answer (CEO Park Jun-Hyung) announced that it had completed a big data platform project for SK planet (CEO Seo Jin-woo). SK planet has now deployed a security incident detection and triage system by using a log management solution and WORM (Write Once, Read Many) storage. It solves compliance issues for the Personal Information Protection Act, the Information and Communications Network Act and the Electronic Financial Transactions Act. Answer deployed Logpresso platforms to five internet data centers operated by SK planet. Logpresso is a solution that stores logs in WORM disks that cannot be forged or tampered with, and supports audits, incident investigations and responses. Numerous event logs collected from heterogeneous systems are analyzed and integrated into a single UI, which ensures the confidentiality and integrity of the original log. It also supports real-time event analysis and forensic log analysis for follow-up. It is possible to detect system log events and to set thresholds such as real-time notification servers, networks, and operating systems. The CEO of Answer said, “Demand for big data security solutions will increase not only in big data platforms but also in the fintech industry, including simple payment. We are focusing on securing new customers in related fields in the second half of this year.” <Reporter Kim In-soon> insoon@etnews.com Read the original article here: [https://www.etnews.com/20150914000221](https://www.etnews.com/20150914000221)

2015-09-14

Chung-Ang University Hospital Case Study

Opened in 1968, Chung-Ang University Hospital is classified as a large hospital with 893 beds and 202 hospital rooms. In the early 2000s, by introducing a full EMR (Electronic Medical Record) system that eliminates paper, charts, and films, at the same time as Konkuk University Hospital and Sinchon Severance Hospital, Chung-Ang University Hospital has been one step ahead in the IT field. The Personal Information Protection Act came into effect in 2011 and made it compulsory to keep log records (access records) for six months and to install anti-virus programs and firewalls to manage them safely. Because of this, not only general companies and those in the financial sector, but hospitals also had to strengthen their security and management of infrastructure containing personal data. Amendment to the Personal Information Protection Act came into effect on August 7, 2014. In compliance with this amendment, the hospital is accountable for preventing forgery and storing access history of personal data. The burden of proof is on the hospital, should a personal data breach occur based on the enforcement of the Personal Information Protection Guidelines for medical institutions. Accordingly, Chung-Ang University Hospital saw the necessity to deploy a log management system to triage and analyze internal data breaches. Kim Young-gwi, head of the IT at Chung-Ang University Hospital, said, "Not just because of the Personal Information Protection Act, but we also thought consolidation of log events were necessary and started looking into solutions” To provide more secure protection of personal data, Chung-Ang University Hospital has deployed various security devices. As a result, a unified control system could not be established. The main purpose of the “Log consolidation” project was to make it possible to know the status of all systems and servers at a glance. Chung-Ang University Hospital runs about 100 servers and network devices with two HP Superdome 2 as its core. The amount of log records generated per day on these devices is about 20 gigabytes. Chung-Ang University Hospital tested log management platforms that could process large-scale logs, such as Splunk; however, foreign solutions proved improper for real-time support and timely maintenance. “We tested foreign solutions for 4-5 months. However, a domestic engineer could not give us a quick answer about the function we requested. For example, when requesting UI improvement, we had to wait until the head office responded, which was time-consuming and cumbersome.” Logpresso was the choice of Chung-Ang University Hospital. At that time, Logpresso had been used in many FDS in the financial sector, but it had not been deployed in any hospitals. However, Chung-Ang University Hospital was convinced that Logpresso could provide the function that Chung-Ang University Hospital required and ran a PoC (Proof of Concept) test for a sufficient time to confirm its reliability. Team leader Kim explained, “It has been inconvenient to manage all the individual servers, network devices through a separate monitor. We needed an integrated monitoring system. We thought it would have been better if we could monitor the server status as well at the same time. Logpresso had all the functions, so we verified its functionality.” Finally, a log management system was deployed based on Logpresso, and Chung-Ang University Hospital unified the monitoring of cyber security solutions. Against the recent rash of ransomware attacks from China, Chung-Ang University Hospital is ready to effectively respond. Kim said, “When an abnormal signal is detected through the monitor, a system can identify the cause immediately. We now plan to improve the user interface in the future.” Meanwhile, Chung-Ang University Hospital is also working on upgrading its log management system. It considers the establishment of a clinical data warehouse (CDW) that applies big data technology based on the log management system. Kim explained that it considers introducing a system that allows professors to easily find research data based on the engine applied in log management. “Future big data technology in hospitals will be evolved to assist doctors’ research,” added Kim. <Reporter Lee Sang-il> 2401@ddaily.co.kr Read the original article here: http://m.ddaily.co.kr/m/m_article/?no=141522

2016-03-20