IMPROVING THE LEVEL OF THE APPLICATION INFRASTRUCTURE PROTECTION (2020)
GOALS AND OBJECTIVES
To improve the quality of banking services with minimal impact on the speed of their release (time-to-market).
To implement a platform for the protection of microservice architecture.
- Prisma Cloud platform from Palo Alto Networks platform (former Twistlock)
- Jet Container Security Framework (JCSF)
The project team was tasked with protecting the architecture on which the bank was developing two applications: 80 microservices deployed in 543 containers. For this, a framework which we call the Jet Container Security Framework (JCSF) was developed to form an integrated protection model for the containerization environment, while taking account of all stages of the container life cycle.
Focusing on best information security practices, Jet Infosystems specialists broke down all possible threats and security controls into three levels: the cluster, the orchestrator and container levels. The framework which was then developed helped the project team to work out what bottlenecks could be closed by implementing the new platform, which risks could be accepted, and what specifically required improvement – even before they began to undertake primary work on the project.
In order to determine the solution’s embedding points and design necessary requirements, the development pipeline was then analyzed. Jet Infosystems experts and the Rosbank team cooperated closely to align processes, including vulnerability management and compliance with requirements. Together they developed a plan whereby information on the most critical application vulnerabilities is added to the team's JIRA space, and tasks necessary for the elimination of these vulnerabilities are set when planning for the next, upcoming sprint.
The features of the bank’s Red Hat OpenShift cluster were taken into account during development of target architecture for the solution, the specifics of which included compliance with the international PCI DSS standard for the isolation of certain data types. This complicated the receipt of image data on vulnerabilities from the Palo Alto Networks cloud. Close interaction with Rosbank specialists helped the project team to cope with the task.
Provide operations to two of the bank’s applications.
House the operation of the bank’s microservices.
Can work with the system simultaneously.