Ukrtelecom's Cybersecurity Transformation: Optimized SIEM Rules and Rapid Threat Detection Engineering

Intro

For Ukrtelecom, Ukraine’s premier fixed-line telephony operator and a leader among Internet providers, cybersecurity isn’t just nice to have—it’s an absolute necessity. With a vast network serving nearly 6.5 million fixed-line telephony subscribers and over 1.6 million high-speed Internet clients, protecting its services against a surging wave of cyber threats is critical. This case study explains why Ukrtelecom partnered with Picus Security to validate the effectiveness of defense mechanisms and enhance operational resilience.

The Challenge

The Shortcomings of Traditional Assessment Methods

In the past, Ukrtelecom heavily leaned on penetration testing as their primary method for routinely evaluating network and system security. While this approach was a valuable aspect of their security strategy, it had its constraints. Solely relying on penetration testing fell short in providing the comprehensive insights that Ukrtelecom, under the leadership of Oleksandr Shchutskyi, Head of Information Security Systems Administration, sought to acquire.

They weren't just interested in identifying vulnerabilities; they aimed for a deeper understanding of how their security controls were performing. The limitations of penetration testing included its inability to continuously assess defenses in real-world scenarios, to anticipate how emerging threats could affect their systems, and to proactively address any vulnerabilities in their security posture.

It became evident that a more holistic and proactive approach, as recognized by Oleksandr Shchutskyi and his dedicated team, was necessary to meet these demands and achieve a comprehensive view of their security landscape.

The Solution

Optimized SIEM Rules and Rapid Detection Engineering

Shchutskyi highlights that partnering with Picus Security triggered a transformative shift in Ukrtelecom’s cybersecurity strategy. By simulating the latest cyber threats in Ukrtelecom’s environments, The Picus Platform empowers Ukrtelecom to continuously test the efficacy of its network and endpoint controls. This proactive approach allows them to swiftly take action to address any coverage gaps, reinforcing their cyber defenses.

The ability for the Picus Platform to integrate with Ukrtelecom’s prevention and detection controls stood out as a key advantage. So too did the platform’s ability to provide actionable mitigation insights, including prevention signatures and detection rules. 

In Shchutskyi's words, "Picus Security's integration capabilities empowered us to optimize our SIEM rule base, facilitating rapid detection engineering." This optimization effort resulted in a remarkable expansion of Ukrtelecom's SIEM rules from 200 to 700, ensuring their ability to swiftly detect and respond to potential threats.

Oleksandr Shchutskyi,
Head of Information Security Systems Administration I Ukrtelecom

 

"Thanks to Picus Security, our SIEM rules expanded from 200 to 700, ensuring swift detection and response to potential threats.”

The Result

Proactive Security

Picus Security transformed Ukrtelecom’s cybersecurity approach from being reactive to proactive. Through continuous assessments of the company's SIEM and EDR systems and providing actionable insights to mitigate vulnerabilities, Ukrtelecom can efficiently address gaps and stay ahead of emerging threats.

Optimized Security Controls 

The Picus Platform’s ability to integrate with prevention and detection controls has substantially improved Ukrtelecom’s security posture. Expanding SIEM rules from 200 to 700 wasn't just about quantity—it was about optimizing the fidelity of detections to ensure that rules effectively triggered when malicious behavior in its network is identified. 

Furthermore, by harnessing the Picus Platform's automation capabilities and customized SIGMA rules, Ukrtelecom has embraced a more proactive approach, bolstering its defenses and strengthening its cyber resilience within an ever-changing and unpredictable threat landscape.

"Picus Security's SIGMA rules were instrumental in streamlining our detection engineering, offering a significant boost to our security readiness through automation," says Shchutskyi. 

Quick Time to Value 

Rapid deployment of The Picus Platform was a critical factor for Ukrtelecom. With the support of a highly responsive team, Ukrtelecom swiftly adopted Picus Platform without disruption to daily business operations. This was essential for maintaining operational resilience in an era where downtime often results in lost revenue and reputational damage.

"Picus Security's responsiveness was instrumental during our integration challenges, helping us effectively address the issues we faced."

Demonstrated Results

Ukrtelecom’s security team has also harnessed the power of The Picus Platform's reporting functionality, which plays a pivotal role in measuring and communicating the organization's  security posture to C-level executives. PDF reports provide concrete evidence of the improvements in Ukrtelecom’s security posture in a format that  is easy for security and business leaders to understand. With these reports, Ukrtelecom has fostered transparency and collaboration between the security team and top leadership, reinforcing their dedication to improving security and resilience. 

"The Picus Platform's reporting feature empowered us to showcase our security enhancements, making it clear to our C-level executives that we were committed to safeguarding our organization."