The National Cyber and Information Security Agency is the central governing body for cybersecurity in the Czech Republic. Among its many duties is the safeguard of classified communication system information and cryptographic protection. As it also coordinates security incident response and prevention across several civil institutions through the Government CERT, the Agency was tasked with strengthening cybersecurity at selected ministries as well as supervising and auditing their compliance with Act No. 181/2014 Coll. on Cyber Security.
“We needed a complex system that would allow us to collect network data from partners and detect traffic anomalies,” says Stanislav Bárta, Head of the Network Traffic Analysis Department at the NÚKIB.
The Agency selected Flowmon for this purpose. The project involved providing the NÚKIB with standalone Flowmon instances for network data collection with anomaly detection capabilities. Flowmon analyzes data of each government body locally to detect unknown and insider threats, DDoS attacks, and other incidents. Raw perimeter data and detected security events are then sent to the Control Center via a secure link, where they are further analyzed and correlated.
“Correlating the detected security events centrally allows us to uncover attacks that would not be recognized as malicious if viewed from the perspective of individual partners,” adds Bárta.
Besides the ability to detect unknown threats and communication signalizing cyber risks in general, Flowmon provides the NÚKIB with the following capabilities:
Detect connections to blacklisted IPs
Detect botnet network communication
Detect port scanning
Detect brute-force attacks
Mitigate DDoS attacks Record traffic for forensic analysis
Most of these tasks are performed by Flowmon Anomaly Detection System (ADS). The solution provides a wide spectrum of detection methods that analyze network traffic from multiple perspectives to counter several categories of malicious behavior. ADS’s engine uses a combination of machine learning, heuristics, statistical, policy, and signature-based methods. The NÚKIB deploys Flowmon ADS in a complementary role to conventional security tools and creates a multi-layered protection system capable of uncovering threats at every stage of compromise.
“Modern threats grow increasingly polymorphic and cunning, and as various powers around the globe recognize the potential for espionage and sabotage in the digital world, the cyber protection of public institutions becomes a serious and important task. We are glad to cooperate on this with the NÚKIB and thus help to strengthen the Czech cybersecurity space,” says Pavel Minarik, CTO at Flowmon Networks.
If you want to learn more about this project, read the official case study.