Главная / Projects / IMPROVING THE LEVEL OF THE APPLICATION INFRASTRUCTURE PROTECTION (2020)

IMPROVING THE LEVEL OF THE APPLICATION INFRASTRUCTURE PROTECTION (2020)

ROSBANK

GOALS AND OBJECTIVES

  • BUSINESS OBJECTIVE

    To improve the quality of banking services with minimal impact on the speed of their release (time-to-market).

  • IT OBJECTIVE

    To implement a platform for the protection of microservice architecture.

SOLUTION

  • Prisma Cloud platform from Palo Alto Networks platform (former Twistlock)
  • Jet Container Security Framework (JCSF)
Solve a similar problem

IMPLEMENTATION

The project team was tasked with protecting the architecture on which the bank was developing two applications: 80 microservices deployed in 543 containers. For this, a framework which we call the Jet Container Security Framework (JCSF) was developed to form an integrated protection model for the containerization environment, while taking account of all stages of the container life cycle.


Focusing on best information security practices, Jet Infosystems specialists broke down all possible threats and security controls into three levels: the cluster, the orchestrator and container levels. The framework which was then developed helped the project team to work out what bottlenecks could be closed by implementing the new platform, which risks could be accepted, and what specifically required improvement – even before they began to undertake primary work on the project.


In order to determine the solution’s embedding points and design necessary requirements, the development pipeline was then analyzed. Jet Infosystems experts and the Rosbank team cooperated closely to align processes, including vulnerability management and compliance with requirements. Together they developed a plan whereby information on the most critical application vulnerabilities is added to the team's JIRA space, and tasks necessary for the elimination of these vulnerabilities are set when planning for the next, upcoming sprint.


The features of the bank’s Red Hat OpenShift cluster were taken into account during development of target architecture for the solution, the specifics of which included compliance with the international PCI DSS standard for the isolation of certain data types. This complicated the receipt of image data on vulnerabilities from the Palo Alto Networks cloud. Close interaction with Rosbank specialists helped the project team to cope with the task.

Read more

PROJECT RESULTS

The new platform protects containers in real time and allows for timely identification and prevention of vulnerabilities throughout the entire application lifecycle. Currently, up to 20 users can work with the system simultaneously. In the near future, Rosbank plans to scale this solution for use on other developments. This is the first project in Russia in which the Prisma Cloud platform has been implemented for protection of application infrastructure.
  • 80 microservices

    Provide operations to two of the bank’s applications.

  • 543 containers

    House the operation of the bank’s microservices.

  • 20 users

    Can work with the system simultaneously.

CUSTOMER REVIEW

The use of software development process acceleration tools and practices yields great opportunities for the development of new banking services, yet at the same time, entails new challenges. While classic tools are no longer suitable for the protection of a constantly changing microservice architecture, we must nevertheless prevent security needs from slowing down application releases. For this reason, we took the decision to launch Prisma Cloud for the protection of our new application infrastructure. Implementation was undertaken with the cooperation of Jet Infosystems specialists, a leading player in the Russian market for the integration of information security systems.

Mikhail Ivanov

Director for Information Security, Rosbank

All client projects

view more projects

DO YOU HAVE A SIMILAR PROBLEM?

I have read and agree to the privacy policy

By continuing to use this site, you consent to the processing of your personal data using the Internet services Yandex Metrika and Google Analytics. The procedure for processing your personal data, as well as the implemented requirements for their protection, are set out in the PDN Processing Policy. If you do not agree with the processing of your personal data, you can disable the storage of cookies in your browser settings.

Read more