Case | 1.04.2026

Privileged access security as the foundation of city services cybersilience: Kyivteleservice case study

This case study describes how Kyivteleservice, a municipal enterprise responsible for the cybersecurity of the capital’s digital services, approached managing privileged access—one of the most critical attack vectors. Thanks to CyberArk’s Privileged Access Management solution, the organization increased access transparency, reduced the risk of attacks, and laid the foundation for future cyber resilience of municipal services.  

BAKOTECH operates through a network of partners and does not sell directly to customers

  • Organization Profile

Kyivteleservice is Kyiv’s municipal enterprise responsible for developing, operating, and protecting the city’s telecommunications and digital infrastructure, as well as developing and maintaining the “Kyiv Digital” government services portal.

The company ensures the stable operation of municipal information systems and services, provides telecommunications and IT services to local government bodies, municipal institutions, and the capital's residents, and serves as the city's cybersecurity operator for its digital services.

It focuses on ensuring the continuity, security, and resilience of Kyiv’s critical digital services amid high demand and a growing number of cyber threats.


Key tasks:

    ensuring the cybersecurity of municipal digital services;

    monitoring security events and responding to incidents;

    managing access to critical information systems;

    supporting the stability and availability of municipal IT services;

    Integration and operation of specialized security systems (SOC infrastructure).

  • Challenges

Kyiv’s digital municipal services operate in an environment characterized by extremely high traffic volumes and constant cyber threats. Every day, the infrastructure processes tens of millions of information security events, a significant portion of which are related to user authentication and remote connections.

Illustration

Oleksandr Voloshchuk, deputy director of the municipal enterprise Kyivteleservice.

“Every day, about 10% of all events involve user authentication. Of these, high-risk connections—such as external connections—account for about 1%. In actual numbers, that amounts to 100,000 events,” notes Oleksandr Voloshchuk, deputy director of the municipal enterprise Kyivteleservice.

This scale renders traditional approaches to access control largely ineffective. Even with formalized procedures, requests, approvals, and designated personnel in place, the subsequent use of access remained high risk.

Actual monitoring was carried out using event logs within the systems themselves and by correlating events in the SOC's SIEM. However, this approach only revealed the consequences, not the actual process of using privileged access.

“This is an approach that has its merits, but it does not mitigate or minimize the risks of unauthorized use of privileged accounts,” adds Oleksandr Voloshchuk.

A key security challenge

One of the most critical risks is the inability to distinguish a legitimate privileged session from a malicious one when the attack uses valid credentials.

The situation was further complicated by the overall threat landscape in Ukraine, where attacks exploiting privileged accounts are one of the most common vectors for compromising infrastructure.

Operational restrictions

Another factor was the need to effectively handle a large volume of events, automate responses, and reduce reliance on manual work, given the SOC’s limited human resources.

Together, these factors led to a clear realization: without a specialized solution for managing and controlling privileged access, further risk mitigation had become impossible.

  • Selecting a solution and an implementation approach

Given the scale of the infrastructure and the nature of the threats, Kyivteleservice has come to clearly understand that its existing monitoring and response capabilities are insufficient to control one of the most critical attack vectors: privileged access.

“Without a specialized solution that analyzes the session, collects metadata, and can determine that the connection does not conform to standard behavior, it is practically impossible to detect an attack,” notes Oleksandr Voloshchuk  

The organization needed a solution that would allow it to monitor the use of privileged accounts in real time, rather than after the fact; analyze user actions during sessions; detect atypical or potentially malicious behavior even when legitimate credentials are used; and integrate privileged access management into a unified SOC framework.

That is why the focus was placed on privileged access management (PAM) solutions as a separate, specialized security subsystem. CyberArk PAM was chosen not as a standalone product, but as

    a tool for centralized management of privileged accounts;  

    a tool for monitoring and logging privileged sessions;  

    a source of context for SIEM and SOAR;

    a foundation for the further development of access control in a complex, distributed environment.  

A key factor was the ability to quickly and seamlessly integrate the solution into the existing infrastructure without disrupting service operations, as well as the potential for future scaling and expansion of use cases. 

“Given the speed of integration, the depth of functionality, the advanced integration scenarios, and the flexible licensing policy, the team concluded that CyberArk is the optimal choice for building a privileged access control system in such a complex and large-scale infrastructure,” concludes Oleksandr Voloshchuk  

  • Implementation of the decision

The implementation of CyberArk Privileged Access Management was carried out in phases, taking into account the need for uninterrupted operation of municipal services and the existing architecture of the security monitoring center.

The key objective during the implementation phase was to integrate PAM as a separate subsystem into the SOC architecture, connect critical systems without altering users’ business processes, and ensure a smooth transition that does not impact infrastructure performance.

Thanks to pre-built connectors and integration capabilities, the solution was connected to systems already under SOC control, with coverage gradually expanding. Particular attention was paid to monitoring remote connections and privileged sessions.

In parallel with the technical implementation, PAM events were integrated into existing monitoring and automated response processes.

  • a

    Results of the implementation

After implementing the PAM solution, the organization achieved a significantly higher level of control over privileged access.

Key changes

    Difficulty detecting unusual behavior by privileged users during sessions, rather than simply recording the fact of their login.

    Identifying and removing privileged accounts created without proper authorization.

    Integrating incidents related to privileged access into a unified SOC context and automated response workflows.

Results

    The risk of attacks using legitimate credentials has decreased.

    The workload on the team has been reduced thanks to automation.

    The overall cyber resilience of digital municipal services has improved.

The PAM solution has evolved from a standalone tool into a core component of access control, with the potential to expand into new systems and use cases.

  • Development Plans

Following the successful implementation of CyberArk Privileged Access Management at Kyivteleservice, the company plans to gradually expand the solution's use and strengthen access controls across the city’s IT infrastructure.

Specifically, plans are in place to complete the integration of PAM with all critical information systems in the near future, to extend controls to users who do not have formal administrator status but can influence system configurations and security, and to further integrate PAM with automated response processes within the SOC framework.

Another area of focus is integration with modern development and operations processes: secret management in CI/CD processes and access control in containerized environments and Kubernetes.

This approach allows PAM to be viewed not merely as a tool for real-time monitoring but as a long-term access management platform that supports the cyber resilience of digital municipal services as they evolve and become more complex.

If you are interested in the CyberArk solution and would like to test it personally,please click the button below:

Illustration

BAKOTECH is a regional representative of CyberArk in Ukraine, Moldova, the Caucasus, and Central Asia. As a True Value Added IT distributor, BAKOTECH provides professional pre- and post-sales, marketing, technical support for partners and end customers.

Social media

Email

moc.hcetokab%40krarebyc

Illustration

BAKOTECH is a regional representative of CyberArk in Ukraine, Moldova, the Caucasus, and Central Asia. As a True Value Added IT distributor, BAKOTECH provides professional pre- and post-sales, marketing, technical support for partners and end customers.

Social media

Email

moc.hcetokab%40krarebyc