Lietuvos paštas monitors threats using cyber security solutions
In 2021, Lietuvos paštas decided to make the most of its Security Information and Event Management Solution (SIEM) and to test cyber threat monitoring and management services. The IT company Blue Bridge helped Lietuvos Pasts to ensure better data protection and increased visibility of external and internal threats with these services. Today, representatives of Lietuvos Pasts are pleased with the results achieved, but note that ensuring security is not an exhaustive process.
Handles huge amounts of data
Developing your own SOC would be difficult
However, according to Bertašius, there was no thought of developing a Security Operations Centre, as a centre of its own would be isolated from the more general circulation of information. Organisations are usually reluctant to share information about threats or actual attacks.
“Our decision to look for cyber incident monitoring services was also influenced by this circumstance. The need for security operations in an organisation may be high, but obtaining the competencies and, more importantly, the expertise and other necessary information would become a challenge. Experience, however, tends to be concentrated with external suppliers who have more than one client. Due to the larger number of clients, there is a synergy of information, which allows for faster detection of attack indications in one organisation and proactive protection and warning of threats in other organisations,” says the representative of Lietuvos Paštas, one of the most important reasons to choose external suppliers.
The customer plays a key role
The IT company Blue Bridge has won a public tender to provide cyber incident monitoring services to Lietuvos Paštas. According to Povilas Kaminskas, Head of the Security Operations Centre of the company, the work started with an analysis of SIEM rules and a list of monitored objects. This list included firewalls, web-based applications, email security solutions, etc. in order of priority.
“Event information from the monitored objects goes to the SIEM, where our team analyses the events according to the level of criticality and classifies them as either minor or major. We send the structured information about cyber threats to the Lietuvos Paštas team, which takes care of the threats and no longer spends time screening events. Lietuvos Paštas team can also consult on the best way to respond to the incident and prevent it,” says P. Kaminskas, adding that, if required, the Blue Bridge Security Operations Centre team can also provide an incident management service, which not only includes the detection of threats, but also proactive work with the client’s team to prevent these threats.
Povilas Kaminskas, Head of Blue Bridge Security Operations Centre