For one and a half billion dollars, the former head of “Informzashita” would create a “sandbox” for Sberbank

The former general director of “Informzashita’s” business will supply and deploy the “sandbox” for Sberbank’s frontal systems. Sberbank Online, Sberbank Business Online, Unified Frontal System, Sberbank Corporation, Sberbank Website, and Unified Retail Internet Bank are examples of these schemes. The project is expected to cost up to $ 18.6 million.

Angara Technologies Group (AT Group), the “sandbox” developer for AS Sberbank, will supply and deploy a Sandbox-class hardware and software complex for dynamically testing incoming files for the existence of potentially dangerous code in Sberbank.

It was chosen as the winner of the bank’s thematic tender, which was revealed on February 9, 2021. The contract’s initial value was set at $ 20 million (about 1.5 billion rubles at the Central Bank rate on that day).

Applicants could submit their applications until February 12, 2021. The summing up was supposed to take place on February 26, but the procurement commission’s final protocol was dated April 14. On April 20, it was added to the consolidated public procurement scheme.

Let us remind you that the tender’s format was unique – it was an address request for quotations. That is, only two participants who have been approved as of October 2020 will be eligible to apply for the contract. Trust Technologies, in addition to the aforementioned AT party, became such.

Although it is unclear from public records what price Trust provided, the sum offered by AT Group was the lowest (and the only criterion for ranking applications). It appears to be worth $ 18.58 million (about 1.4 billion rubles at the exchange rate of the Central Bank on April 23, 2021). In any case, the amount of the contract with the winner – with the note “no more (taking into account cost optimization)” – indicates it.

Now, a general agreement with AT group should be reached for the supply of equipment, as well as its installation, commissioning, incorporation of the complex into the bank’s corporate network, expanded technical support, and, if necessary, a five-year framework sublicense agreement. For “hardware,” the direct delivery time is eight weeks from the date of signing the specification.

What exactly is Sberbank attempting to safeguard?

According to the tender’s terms of reference, Sberbank’s front-end ASs are its own invention and allow clients to upload files to the bank’s perimeter through its own user interface.

Sberbank Online has 40 million users and is still growing, with a 47 percent increase in the last year alone. Sberbank Business Online is used by more than 2 million businesses. The annual growth rate of companies opening accounts is estimated to be about 20%.

Sberbank’s front-end systems are expected to receive about 93 thousand files per hour by 2020, ranging in size from 1 to 100 MB. Approximately 98 percent of these files are 1-5 MB in size. The remaining 2% ranges from 5 to 100 megabytes.

The annual increase in the amount of files processed is expected to range between 5% and 10%.

The majority of files that reach the bank perimeter are files from common office suites, electronic publications in PDF format, and graphic formats. “However, the list given is not exhaustive,” the terms of reference state. “The bank’s infrastructure receives executable files, archive files, script files, and static web files.”

There are a few specifications for the sandbox.

The architecture of the purchased system must have means of centralized control of all components and allow for territorial and network delivery of system components at multiple customer sites, according to the specifications for the architecture. Furthermore, the solution must allow for horizontal scaling by allowing for the inclusion of new elements without altering the architecture.

The device must have redundancy and hot-swap drives and power supplies, facilitate installation in a standard 19 “enclosure, have at least two 1 Gbps Ethernet ports, at least two 10 Gbps Ethernet ports, at least two standard ports USB 2.0, and at least one control port with a speed of at least 1 Gbps, according to the customer’s specifications.

The system can verify files inside the bank’s network rather than uploading them to the vendor’s cloud systems. File metadata, such as hashes, IP addresses, and domains, are an exception.

The system must work in both IPv4 and IPv6 networks, have integration with the Zabbix monitoring system and the ability to send security events to a SIEM system through the Syslog protocol, and have an API for uploading data about detected malicious files to external systems. In addition, the device should be able to receive files for verification via ICAP protocol, file storage, API based on web services, or rest, allowing services for automated object verification with the receipt of the required verdict to be implemented.

The system should not block attempts to download external content for the analyzed object, quarantine potentially malicious software, detect and counter sandbox bypass techniques automatically, and perform dynamic file analysis simultaneously in multiple versions of Windows (X, 7, and 10) with different bitness (x86 and x64) and language packs (RU and ENG).