Algorithms at the Cyber Challenge Center
Insight
158 years of history, a network of more than 12,800 Post Offices, and about 130,000 employees – Italian Post is currently Italy’s largest logistics company and a leader in finance, insurance and payment services.
For such a complex system and a business that processes confidential information and sensitive data, the issue of security, and especially that of Data Breach, is naturally extremely important. To ensure that these issues are managed effectively at the Group level, the company has centralized its safety functions in the Corporate Protection department.
In this context, CERT, a division of the Corporate Protection department, has approached us first of all to understand how to collect information from over 100 different IT systems with thousands of batches and real-time flows and also to find out the service level that the organization offers in response to various threats.
Solution
To respond to this challenge, a Data Lake has been designed. It is capable of using a single platform to integrate numerous sources and information silos associated with security issues.
Simultaneously, data mapping methods for information sources and for Data Governance policies on information assets, which clearly identify data stewards and provide them with respective tools, have been developed.
To identify irregular situations associated with the issues in question, algorithms that can report irregularities to competent corporate functions for required checks have been created.
Deployment of these algorithms, which occurs weekly on billions of records, enables Italian Post’s CERT to keep various types of issues under control – from Data Breach to unusual utilization of various digital applications.
Benefit
The solution has led the Computer Emergency Response Team to completely change their internal processes, thanks to a data-driven guide. This development has resulted in a different approach to the implementation of any process, identifying “week win” as the guiding principle for ensuring cyber security, i.e. the improvement within a week of one of the KPIs in question.
Future developments include the integration of additional external data on the Data Lake and the use of these data to more organically evaluate issues in question, as well as the integration of usage data from the Office 365 infrastructures to analyze any behavioral irregularities.
