IT infrastructure protection for the Olomouc City Transport Company

Dopravní podnik města Olomouce, a.s. is a joint stock company that provides public transport in Olomouc and the surrounding area. With 450 employees, it is one of the most important public transport operators in the Olomouc Region, especially in Zone 71 of the Integrated Transport System. It carries approximately 57 million passengers annually. It operates a total of 146 tram and bus traction vehicles on 8 tram and 24 bus lines.

The protection of DPMO's IT infrastructure and data is entirely the responsibility of the IT department, which also oversees cyber security, responds to incidents and takes preventive action. The existing antimalware solution protecting endpoints and servers is no longer functionally sufficient for the advanced team of IT specialists. Detailed insight into detected incidents was lacking and the ever-increasing number of cyber attacks led to the idea of an additional layer of protection against unknown or emerging threats.

Therefore, there was a need to make anti-malware protection activities transparent, enabling detailed incident analysis and rapid response, both with the help of machine learning and artificial intelligence, and by engaging the experience and knowledge of the customer's IT team environment. There was also a requirement to increase defence against unknown threats, with the ability to automatically test unknown files in a secure environment (sandboxing), which will be run in the IT infrastructure and fully integrated with endpoint and server antimalware protection. At the same time, there should be no unnecessary increase in the workload of operating the security solution and the workload of DPMO IT team members. Of course, price and high technological level were also very important parameters.

From the possible offerings available on the market, the company chose Kaspersky Endpoint Security Select, complemented by Kaspersky EDR Optimum and Kaspersky Sandbox. These three products best matched the requirements and together form a comprehensive and fully integrated on-premise security ecosystem, the so-called Optimum Security Framework.

The solution is based on Kaspersky Endpoint Security software, which is complemented by the supporting EDR Optimum and the on-premise Kaspersky Sandbox file analysis environment. The endpoint agent for EDR purposes on endpoints, for example, monitors the activity of running files or scripts, network traffic or changes in registries, all sent to a central server where full visualization of incidents takes place. Incident response can be automatic or operator input is possible if required. 

If a brand new unknown file is discovered on the device, the agent sends the file directly to Kaspersky Sandbox. For each analysis, the Sandbox launches a separate virtual environment to run the file and monitor the actions the file performs once it is run. If the file is detected as malicious, Sandbox notifies the central server and clients, automatically running a scan on all stations and creating a compromise indicator. This ensures that if a malicious file is detected anywhere else, it will be automatically removed immediately, without the need for operator intervention and independent of the virus definition database.

Thanks to the symbiosis of these solutions, the Transport Company's team of IT specialists have acquired a tool that allows them to detect a potential attack immediately in its early stages. At the same time, it makes available and visualizes detailed information about incidents, which is important for DPMO specialists to make informed decisions about necessary responses or preventive actions.