The Office of the Chamber of Deputies

Visibility into Infrastructure – Managed Security Service – Monitoring of Security Policies

The customer is the Office of the Chamber of Deputies of the Parliament of the Czech Republic, which ensures the operations of Czech Parliament. The customer’s infrastructure is a part of the metropolitan network and spreads over several locations.

All locations are covered by CCTV systems, which also provide transmissions of the Chamber of Deputies’ proceedings. The local wi-fi networks then serve several user groups – core staff, MPs and their secretaries, and guests such as media representatives.

Cybersecurity is managed by a small in-house team, together with our partner, that has been helping the Chamber of Deputies office to build their network infrastructure and its security since 1998.

  • The customer was already using a number of security products, yet lacked perfect visibility into their network.
  • The provision of more thorough monitoring and analysis of the network infrastructure.
  • The institution is governed by the Cyber Security Act.
  • The customer’s internal security team was struggling with a lack of capacity and funding, so one of the core requirements was also external security monitoring.
  • Training the internal security team in the use of GREYCORTEX Mendel and consultations with our partner’s specialists.

Challenges: Monitoring of Various Security Policies

The customer’s internal team needed a tool to ensure perfect visibility into their network. The network is used by different groups of users, so each subnet has a number of security policies that need to be monitored.

There are also specific security policies set for external entities that supply the Office with IT systems and equipment. The Office has established and maintains special access for these external suppliers and needs to monitor compliance with the already mentioned security policies.

Due to the large number of personal devices on the public network, it is also necessary to take into account the occurrence of devices infected with malware that could compromise the internal network.

“GREYCORTEX Mendel provides me with an irreplaceable and very important input for my decision-making. I know what I have to deal with, when and how.” 

(Petr Holubec, Infrastructure Manager and Cyber Security Architect at the Office of the Chamber of Deputies of the Parliament of the Czech Republic.)

  • A perfect overview of communication in the internal network.
  • Monitoring of security policies and settings of network and other security tools.
  • Data from GREYCORTEX Mendel provides valuable data for the customer’s SIEM.
  • Integration with other security systems such as firewall, SIEM, ISE.
  • The presentation of Mendel outputs and analysis of identified security incidents on a weekly basis.
  • The customer receives regular security reports of major and critical incidents on a daily basis and a monthly security audit.
  • The expansion of the skills and knowledge of the internal team through training, recommendations for risk remediation and consultation with our partner’s specialists.

Results: External Service to Ensure Higher Security

Our partner deployed GREYCORTEX Mendel at the customer in 2020 in the form of an all-in-one system. The customer monitors the locations through which all communication pass.

Given the different nature of the customer’s wi-fi networks, another important function is to control and adhere to security policies.

Together with the deployment of Mendel, our partner provides the customer with a managed security service. As part of the service, they regularly present Mendel’s outputs to the customer, fine-tune the system, point out security issues and train the customer’s internal team in working with Mendel.

The customer and the partner are also planning to expand the scope of the monitoring, for which Mendel is sufficiently capable of scaling to address this.

“Mendel helps us to prevent attacks. We use it to monitor attempts to exploit vulnerabilities, and recently, especially those related to Log4J,” adds Petr Holubec.