HPT implements the Centralized Event Management and Analysis Solution for Saigon Hanoi Commercial Joint Stock Bank - SHB

1. Introduce

Saigon - Hanoi Commercial Joint Stock Bank (SHB) was established in 1993 and has undergone nearly 21 years of construction and development. SHB is one of the commercial banks that has experienced strong growth year after year, achieving numerous remarkable successes through a comprehensive development strategy aligned with the goal of community-oriented development.

After successfully merging with Hanoi Housing Development Commercial Joint Stock Bank (Habubank), as of December 31, 2014, SHB has become a large financial institution in Vietnam with a total assets reaching nearly 170,000 billion VND, charter capital of nearly 9,000 billion VND, over 2 million organizational and individual customers, more than 5,000 staff members throughout the system, and an extensive business network with nearly 400 branches and transaction offices nationwide, including 3 branches in Laos and Cambodia.

With its achievements, SHB is recognized as one of the top 5 largest commercial banks in Viet Nam

2. Challenge – Project requirments

With a large-scale organization like SHB, the information technology (IT) system encompasses various components, including infrastructure, network, security, applications, and management. Therefore, monitoring information security events (event logs) can be complex, with the following challenges:

  • Monitoring a large number of events.
  • Events coming from multiple sources.
  • Different formats for each event source.
  • Each event source having its own management interface.
  • Significant time required for event analysis and processing.
  • Difficulty in distinguishing false alarms from genuine events. 

Moreover, it is crucial to have an accurate analysis and consolidation of information to assess risks, store data, and identify the root causes of security incidents.

    3. Soloution

    Based on the survey, analysis, and evaluation of SHB's requirements, the HPT expert team proposes the "Centralized Event Management and Analysis" solution with specific options as follows:

    Migrate all users to Office 365, including the email system.

    - QFlow Collector: Collects network packets using the SPAN method. The collected data is then normalized into flows with application information and application data (default 64 bytes) and sent to SIEM for analysis.

    - Risk Manager: Collects the configuration of infrastructure devices (network + security) via telnet/SSH, detects network topology, and displays the attack vectors of security incidents.

    - QRadar SIEM (All-in-One): Manages the configuration of QFlow and Risk Manager components, collects logs (event data), acts as a central information analysis device, and detects security incidents. It also supports alerting, reporting, and investigation for incident handling.

    - Integrated Vulnerability Manager (QVM) with QRadar SIEM: Manages and controls QFlow, serving as a vulnerability scanner to detect system weaknesses.

    4. Benefits

    Through their relentless efforts and extensive experience, HPT's team of experts has successfully completed the project and brought the QRadar SIEM system of the "Centralized Event Management and Analysis" into stable operation, meeting the initial requirements set by the leadership and technical team of SHB.

    Proactive and preventive capabilities

    • Provides a comprehensive view of information security threats.
    • Detects abnormal behaviors and early warning of Advanced Persistent Threats (APTs).
    • Classifies vulnerabilities based on priority levels and addresses them before exploitation.
    Response and remediation capabilities
    • Automatically detects threats and analyzes their impact.
    • Provides accurate and comprehensive assessments of situations through correlation analysis and improved security. Minimizes the time to identify the cause and resolve incidents.
    • Furthermore, after the project deployment, the HPT team has shared and transferred technology and utility tools to the system administration team, enhancing their system management and operation capabilities.

    5. Customer comments

    The successful implementation of the "Centralized Event Management and Analysis" project plays a crucial role in monitoring enterprise information security and ensuring compliance with PCI-DSS. The HPT consulting, design, and deployment team has demonstrated professionalism, and the project was completed on schedule. Currently, the system is operating stably, achieving high performance, and contributing to the organization's information security and safety.