Lithuanian Post monitors threats using cyber security solutions

In 2021, Lithuanian Post decided to make the most of its Security Information and Event Management Solution (SIEM) and to test cyber threat monitoring and management services. The IT company Blue Bridge helped Lietuvos Pasts to ensure better data protection and increased visibility of external and internal threats with these services. Today, representatives of Lithuanian Post are pleased with the results achieved, but note that ensuring security is not an exhaustive process.

Tvarko didžiulius kiekius duomenų

The use of advanced cybersecurity services by Lietuvos Pasts was motivated not only by the fact that the company is classified as Critical Infrastructure according to the national Cybersecurity Classification, which obliges it to apply the security requirements stipulated in the legal acts. In addition, Lithuanian Post handles large amounts of sensitive information in its operations, which imposes additional obligations and responsibilities on the company.
„Better data protection and operational assurance have become key objectives in the planning of cyber incident monitoring. In addition, we already had the main tool of the Security Operations Centre (SOC) – SIEM – and wanted to make the most of its potential,” says Gintaras Bertašius, information security expert at Lithuanian Post.

Developing your own SOC would be difficult

However, according to Bertašius, there was no thought of developing a Security Operations Centre, as a centre of its own would be isolated from the more general circulation of information. Organisations are usually reluctant to share information about threats or actual attacks.
„Our decision to look for cyber incident monitoring services was also influenced by this circumstance. The need for security operations in an organisation may be high, but obtaining the competencies and, more importantly, the expertise and other necessary information would become a challenge. Experience, however, tends to be concentrated with external suppliers who have more than one client. Due to the larger number of clients, there is a synergy of information, which allows for faster detection of attack indications in one organisation and proactive protection and warning of threats in other organisations,” says the representative of Lithuanian Post, one of the most important reasons to choose external suppliers.

The customer plays a key role

The IT company Blue Bridge has won a public tender to provide cyber incident monitoring services to Lithuanian Post. According to Povilas Kaminskas, Head of the Security Operations Centre of the company, the work started with an analysis of SIEM rules and a list of monitored objects. This list included firewalls, web-based applications, email security solutions, etc. in order of priority.
„Event information from the monitored objects goes to the SIEM, where our team analyses the events according to the level of criticality and classifies them as either minor or major. We send the structured information about cyber threats to the Lietuvos Pasts team, which takes care of the threats and no longer spends time screening events. The Lithuanian Post team can also consult on the best way to respond to the incident and prevent it,” says P. Kaminskas, adding that, if needed, the Blue Bridge Security Operations Centre team can also provide an incident management service, which not only includes the detection of the threats, but also active work with the client’s team in the process of eliminating these threats.
Povilas Kaminskas, Head of Blue Bridge Security Operations Centre
Speaking about the initial stages of the project, the information security expert of Lithuanian Post stresses the importance of the client’s involvement, „The success of projects related to cyber security depends to a large extent on the client – on the priorities that the team will set, the sources of the information that the supplier will be working with, etc. So in that sense, the foundation for success, even after the purchase of security operations services, is laid by the customer.”

Faster response to threats

When describing his daily work on monitoring cyber incidents, G. Bertašius notes that the innovation has not increased the work of the IT department. On the contrary, it has enabled a much quicker and more targeted response to emerging threats, which saves time and effort: „There is more simplicity and speed when receiving already classified threat reports.”
He is also pleased that the effectiveness of the service has been demonstrated by the recent national security exercises. During the exercise, the Lithuanian Post team had to detect and react very quickly to an attempted hacking via a malicious email link.
„We joke that the cyber incident monitoring service is like putting glasses on us. On the one hand, we see a lot more potential threats that we simply didn’t cover before, but on the other hand, we can react much more quickly and targeted to what poses the most realistic threat,” says Bertašius, adding that it is equally important that incident monitoring services allow us to protect against the most difficult to detect internal threats more effectively, and to assess the implementation of our security policy.

With every threat detected by the SOC, the security of the whole organisation grows

Speaking about the most important benefits of SOC services for customers, P. Kaminskas notes that they primarily enable the proper use of the SIEM solution and the implementation of a high-level security policy: „It’s no secret that many organisations face a lot of false positives when trying to work with SIEM. Constant alerting ultimately discredits the SIEM itself, as no team can keep track of hundreds of red-flag messages. After a while, nobody simply pays attention to them anymore. Cyber incident monitoring services are the key to avoiding this situation.”
Secondly, working with a professional IT provider allows for more optimal development of SOC services. „For example, when working with Lietuvos Pasts, we optimised the number of sources of records, reducing it by about 30%. As a result, the client can achieve more by keeping a more focused eye on the security situation and not having to make additional investments for these needs. In addition, in the long term, optimised costs allow monitoring of more objects at a lower cost,” says P. Kaminskas.
Finally, according to the interviewer, with each threat report, the client can eliminate the security gap, strengthen the problem areas, and when these works are added up, the security level of the organisation increases tangibly.

Ateities planuose – daugiau stebimų sistemų

Speaking about the upcoming plans related to the strengthening of cyber security through incident monitoring services, Gintaras Bertašius says that the plan is to add more and more systems to the list of monitored objects – to collect and analyse incidents not only from technical but also from application systems.
„Of course, strengthening security is a never-ending process that needs to be continuously maintained. Cyber incident monitoring services now offer new opportunities to add systems according to their risk level and increase the effectiveness of monitoring. Today, we see that these services also integrate well into and strengthen the overall information security management system,” concludes G. Bertašius.

Interested in SOC services?

Fill in the enquiry form and one of our specialists will contact you within 1  working day.