About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Ukraine’s OKKO turns to IBM to bolster cyberdefenses
Fuel retailer builds cybersecurity defenses to withstand high-profile hacking
Fuel retailer OKKO operates more than 400 filling stations in Ukraine. The company is critical infrastructure for its country, and it finds its systems under relentless cyberattack
In 2018, after the high-profile NotPetya cyberattack in 2017, OKKO sought greater security expertise to protect its networks and extended enterprise, and to secure customer data. With a plan to create a security operations center (SOC), OKKO looked for a partner with the capability and expertise to design, build and deliver a complete solution.
“We wanted to ensure rapid acceleration of our cybersecurity in the shortest possible time, and at a reasonable cost,” says Oleg Matata, Chief Information Security Officer at OKKO. “The aim was to provide complete visibility of security-related events from all OKKO’s information systems, to enable preventive action. With new threats appearing all the time, we needed the ability to understand the situation, analyze and assess the impact and relevance, and make proactive decisions about priorities to help us minimize risks.”
Considering the relatively low maturity level of SOC-related expertise in Ukraine in 2018, OKKO chose to launch a multi-stage procedure to acquire and build a best-in-class SOC, as Mr. Matata reports: “The first tender response showed us that unless we could clearly state the goal and understand the solutions, we could not build an effective SOC. Next, we created a second tender to find a company that would develop goals, KPIs and detailed technical specification for the construction of the SOC. Finally, for the third tender, based on the experience gained, were we able to establish clear objectives and home in on the right partner and the best solution for OKKO.”
IBM solutions defend the nation’s critical infrastructure against cyberattack
Enables highly scalable, resilient SOC
From three tender responses, OKKO selected IT Specialist, an IBM Business Partner located in Kyiv, Ukraine, based on a combination of professional expertise and knowledge of IBM Security® solutions.
“IT Specialist in collaboration with OKKO and IBM® showed a desire to create the best security operations center in Ukraine, supported by an attractive price and willingness to look for innovative approaches to solve our problems,” comments Mr. Matata.
Based on IT Specialist’s offer, OKKO selected the IBM Security QRadar® Suite, a threat detection and response solution that offers highly scalable integrated security incident and event management (SIEM) with additional modules ready for new cybersecurity challenges.
“IBM and IT Specialist both emphasized partnership and co-innovation, rather than maximizing profit, which was a pleasant surprise,” says Mr. Matata. “They were both committed to building the best possible cybersecurity solution for OKKO, based on a clear understanding of the strategic goal and the ability to move towards it—that won us over.”
Within two years, OKKO and IT Specialist established the new SOC, helping protect the complete IT infrastructure, including external-facing assets such as the company’s well-known Fishka customer loyalty solution. The OKKO group includes multiple subsidiary companies, with their own networks and devices, as well as applications and services, all of which are now monitored by OKKO’s SOC team powered by IT Specialist security services and the IBM Security QRadar Suite.
Annually, the system processes approximately 220 billion events and identifies more than 40,000 threats and 17,000 incidents, an average of approximately 50 incidents a day. The SOC monitors over 5,000 computers, servers, network devices, information systems and databases.
Dmytro Petrashchuk, Chief Technology Officer at IT Specialist, comments: “We are very focused on a common goal—to develop industry-leading threat detection and response capabilities. With IBM QRadar, IT Specialist is delivering a cost-effective security operations center at the highest possible service quality.”
Mr. Matata adds: “In the cybersecurity world, dedication is essential. For example, we often might take a call at about 01:00 regarding an ongoing threat or incident. When I contact IT Specialist, the response is always, ‘Sure, the coffee is on and we’re ready to go,’ which is the kind of partnership we need.”
By choosing a hybrid solution and advantages of flexible licensing, OKKO has avoided the expense and limitations of the classic licensing approach of many traditional point-cybersecurity products and solutions. With the IBM Security QRadar Suite, OKKO can add licenses as further threats and use cases arise, ensuring a gradual growth path that offers both flexibility and cost efficiency.
“The hybrid IBM Security QRadar SIEM platform from IBM offers the best solution for OKKO, with a superior combination of performance, ease of use, ease of management and stability,” declares Mr. Matata. “We are privileged to work with incredibly cool, highly professional, client-oriented IBM and IT Specialist teams.”
Defending OKKO, defending people–and defending Ukraine
Since 2022, OKKO’s cybersecurity measures have been tested to the extreme. Despite constant hacking attempts, OKKO has been able to continue operations, and has managed to maintain profitability and increase sales. When the company needed to pivot its supply options to Ukraine’s western borders within three months—a process that might normally take three years—it was able to work with IT Specialist and the IBM QRadar solution to embed all the necessary cybersecurity controls to enable the change.
“All of Ukraine, especially the energy sector, is under attack. Our IT infrastructure is under constant assault from state and criminal hacking groups,” says Mr. Matata. “Thanks to processes we have built into the SOC, we now have the ability to respond and defend ourselves against them.”
OKKO’s customer loyalty program, Fishka, has attracted particular attention from cyberattackers. With a total of 8.5 million registered customers, 5.3 million app downloads and 2.5 million active users, Fishka is a very tempting target for hackers. It enables customers to buy goods from more than 20 main partners (including OKKO), over 170 online stores, and obtain discounts (Fishback) for those purchases. Also, customers of the loyalty program can exchange the accumulated Fishback for useful items or donate them to charity.
“We monitor these attacks in the SOC and constantly adjust our defenses so that the loyalty system works despite everything,” remarks Mr. Matata. “As a result, our clients receive the most important thing: confidence in the company and its services. With support from IBM and IT Specialist, we have gained the level of cyber resilience that helps us to minimize disruption to civilian life.”
With five years’ experience, OKKO has developed increasing cybersecurity confidence and efficiency. Mr. Matata elaborates: “For example, when we launched, it could take a week or even two to investigate an incident. Now, even for complex incidents, with the IBM QRadar platform it takes just a couple of days at most. And thanks to automation, we process standard incidents in minutes.”
The next step for OKKO will be to explore the opportunities offered by AI, continuing to enhance and improve security and resilience.
Mr. Matata concludes: “It is impossible to predict the future, and global instability is growing. We want to keep up, and even better, be one step ahead of criminals and aggressors, and AI will help us in that journey. At OKKO we are very confident in our partners IBM and IT Specialist, since their solutions have stood the test of time and proven themselves in real conditions.”
OKKO (link resides outside of ibm.com) operates a chain of more than 400 filling stations and associated shops, cafés and restaurants throughout unoccupied Ukraine. The company sells wholesale and retail petroleum products and provides fuel quality testing, storage and transportation. OKKO also raises funds for Ukraine’s defenders.
Founded in 2014, IT Specialist (link resides outside of ibm.com) offers a team of highly qualified, experienced and fully certified technical experts. Based in Kyiv, the company provides over 200 customers with security, integration, infrastructure services and related solutions. The IT Specialist SOC processes more than two billion events a week, repels multiple complex attacks and handles up to 500 incidents each day.
Legal
© Copyright IBM Corporation 2024. IBM Corporation, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, February 2024.
IBM, the IBM logo, ibm.com, IBM Security® and QRadar® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copyright-trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
