The year 2017 has been a landmark year for BSE (Bombay Stock Exchange) from an information security perspective, marking a massive shift in its security strategy. The exchange has undertaken overhauling of its entire security infrastructure across the organization. This includes revamping its cybersecurity policies and frameworks and replacing its existing technology solutions with 27 niche information security technologies. As part of the exercise, BSE has also set up a fully integrated next generation Security Operations Center (SOC).
Being one of the critical infrastructures of national significance, BSE has always been a key target for attacks. This led to the decision to carry out complete assessment of the exchange’s information security posture in partnership with EY to understand its preparedness.
The assessment led to the realization that most of the technologies deployed were very old and going obsolete. The exchange was using all the traditional technologies, which were not enough to counter the emerging threats from new age digital technologies. “With the advent of digitization there is an immediate need to address the associated inherent risks and business enablement and continuity. What was required was a comprehensive and holistic approach to address the threat landscape spanning across all domains of cybersecurity,” says Shivkumar Pandey, CISO, BSE.
This being the trigger point, the exchange decided this was the right time to completely revamp its cybersecurity operations and technologies. It did benchmarking against ISO 27001 and the SEBI regulations, and on the basis of that its cybersecurity policies and frameworks were updated to cover all the domains of cybersecurity threats, including end point security, network, application, data security, mobile security among others.
From a technology perspective, BSE procured a total of 27 niche information security technologies, including all advanced technologies like deception technology, NTAPT, forensics, user behavior analysis, predictive analysis, cognitive tools, Machine Learning tools, SIEM, etc. This was a multi-million dollars deal with IBM being the SI partner for implementation and products from various security vendors, including Checkpoint, Radware, Forcepoint and RSA among others.
The objective, as the exchange went in for this massive exercise, was to cover itself from all the threat vectors, across all the cybersecurity domains. “We wanted to safeguard ourselves not only in terms of technology, but also in terms of people and processes. That is why we mapped each and every domain against people, process and technology and tried finding out very exactly the gaps were in each of these areas. And, then we tried to bridge most of those gaps in one shot through the revamp exercise,” explains Pandey.
Talking about the SOC, Pandey informs that the earlier SOC was very limited in its functionalities and didn’t offer the required scale to deal with the new age threats. That led to the need for replacing it and re-building a next generation SOC, built around a hybrid model. Today, as part of the SOC, there are around 15 people sitting at the BSE headquarters in Mumbai and around 34 people sitting in the Bangalore SOC, which is hosted by IBM. It covers 24×7 and 365 days. The SOC became operational in August 2017.
The new SOC is a total shift from the earlier SOC, which was built on more or less a reactive approach. The next generation SOC has deployed all the latest technologies to tackle advanced threats such as the zero-day attacks and zero day vulnerabilities on a real time basis.
“For us time, accuracy and integrity is very important considering the scale at which we operate. Its absolutely critical to quickly identify and respond to any cybersecurity threats and incidents. The next generation SOC is helping us with that through the use of latest technologies, such as deception technologies like Honeypot, user behavior analysis, network behavior analysis, forensics, cognitive and Machine learning,” explains Pandey.
The SOC also boasts of advanced threat intelligence by integrating its SIEM with threat intelligence feeds from IBM, CERTIN, Microsoft, McAfee among others.