FEBRUARY Client Bulletin GLADIATOR TECHNOLOGY

Transcription

1 Client Bulletin GLADIATOR TECHNOLOGY

2 Contents Letter from the President 2 Emerging Technology 3 Tech Talk 4 Compliance Corner 5 Education Zone 6 PEC Educational Conference 8 Product Spotlight 8 Product Roadmap 9 Webcasts 11 Additional information is available at or by calling Copyright Jack Henry & Associates, Inc. All rights reserved. ProfitStars is a registered trademark of Jack Henry & Associates, Inc. 1

3 Letter from the President By Matt Riley, Group President, Gladiator Technology In 2012, from a cyber-security perspective, we continued the trend of what we ve seen in years past with the continued proliferation of malware at an exponential rate. We also observed an increase in Distributed Denial of Service (DDoS) Attacks specifically targeting financial institutions of all sizes, some of them meant to simply disrupt business and others used in conjunction with attempted fraud. The events that transpired over the course of last year should have put all financial institutions on notice that either you or your customers are targets, and will continue to be for the foreseeable future. What will 2013 have in store for us? Unfortunately, more of the same. Financial malware used to siphon money out of accounts will continue to rise and advanced malware that goes undetected by traditional security measures will be the norm going forward. Miscreants will be drawn to mobile platforms, such as tablets and smartphones, as more and more functionality is built into financial management applications. For 2013, we all must commit to constantly evolving our threat protection mechanisms to combat today s ever-growing threat landscape. At Gladiator, we are constantly changing and innovating. It s part of our DNA. We ve had tremendous success with our advanced malware protection solution that we launched in August of Also, we are planning a complete re-write of The Vault Web portal. Back in December, we made an addition to our management team by adding Brian Otte to the position of Director and Head of Sales. Brian brings a wealth of knowledge and experience to the team from his previous positions at Guarded Networks (Co-Founder and EVP), Perimeter esecurity (SVP), and Oracle (VP, Financial Services Business Unit). He has a firm grasp and understanding of our industry, and we are happy to have him onboard. Brian will lead our national sales efforts, and Mike Bell will manage our strong account management program. One last thing to note, we have our annual ProfitStars Conference coming up March 4-7 at the Omni Orlando Resort at ChampionsGate in Kissimmee, FL. I strongly encourage you all to attend, as we will have numerous educational sessions on security and the latest technology being leveraged to drive better efficiencies and deliver better customer experience. The registration information can be found here: As always, we appreciate your business and thank you for entrusting us as your security and technology solutions provider. Best Regards, Matt Riley 2

4 Emerging Technology Dynamic DNS: A Persistent Malware Infrastructure By Kyle Cooper, Information Security Engineer, Advanced It s not unheard of for a legitimate service to be hijacked for malicious use. Fraudsters use to deliver Trojan horses, innocent websites are compromised and used to host redirects to infected downloads, and now there is one more service to add to that list: Dynamic DNS. During the last year, Gladiator Research has noticed a spike of schemes taking advantage of Dynamic DNS services to download malware and host command and control traffic. All computers use IP addresses to identify and communicate with one another across a network. IP addresses can be difficult for humans to remember, so we use domain names to keep track of all of our favorite websites and network resources. That s where DNS comes into play. Simply put, DNS is responsible for taking a human-readable domain query, and translating it into a machine-usable IP address which the network can forward on to complete the task at hand. Due to their limited availability, static IP addresses can be difficult to obtain and expensive to purchase. Most ISPs hand out IP addresses to customers from a pool of available IP addresses which are continually being recycled as needed. Dynamic DNS is a legitimate service which allows users to quickly update a Domain Name Server when there is a change to the IP address of a device. Anyone who hosts a website or server using a dynamic IP can use Dynamic DNS to keep a domain pointed to the same host computer, even if the IP address of that computer changes. This gives the device a persistent and consistent method to be accessed by other devices, despite having an IP address which can possibly change. For many malicious actors, being limited to a static IP address represents a single point of failure. If an attacker loses control of their static IP address, through blacklisting, law enforcement, or other means, then it s game over for their attacks. However, if instead they are using Dynamic DNS, when an IP address becomes compromised, the attacker can merely switch over to a new, clean IP and continue his operation uninterrupted. As you can imagine, this makes shutting down the attacker incredibly difficult. Fraudsters use this architecture to host their malware and take advantage of its resilience as the backbone of their communications channel. Dynamic DNS presents an interesting challenge because the service itself is one with valid uses. This prevents blanket measures like blacklisting from being effective due to the possibility that these services may be in use for their intended purposes. Where defenders have found success is using behavioral analysis and other detection mechanisms, like those used by Gladiator s Threat Intelligence services, to identify cases in which Dynamic DNS is being used for nefarious purposes. Gladiator s Raw Traffic Analysis provided to all of our firewall CoreDEFENSE customers detects and alerts on malevolent downloads and infections, while Gladiator s Advanced Malware Protection (AMP) service has the ability to prevent and sinkhole malicious Dynamic DNS traffic altogether. Regardless of the mitigation strategies you choose to employ to protect your organization, traffic accessing Dynamic DNS websites should be scrutinized thoroughly, especially if it s being used on the network for legitimate purposes. 3

5 Tech Talk Security by the Numbers By DJ Goldsworthy, Senior Manager, Research & Development Renowned author and management expert Peter Drucker coined the phrase, If you can measure it, you can manage it. With regard to information security, the endeavor for meaningful metrics continues despite the abundance of professedly effective ones, primarily because many traditional methods simply do not measure up. They assess the functionality and efficiency of preventive security measures, but often miss the most important consideration; the effectiveness of a security program. The following are some key metrics tracked by Gladiator to gauge the effectiveness of the security services managed for our 800+ financial institution customers. 42 instances of identifying malware infections on commercial customers systems in the past five months. Gladiator s NetTeller ESM solution has the ability to analyze commercial customer connections using a threat intelligence engine to identify malware infections, a likely a precursor to online banking fraud. This service is delivered through our cloud security model and doesn t require any client software to be running. $4,848, in ACH, wire, and bill pay fraud prevented in the past nine months via NetTeller ESM. 66,532 systems that are monitored by Gladiator s state-of-the-art Raw Traffic Analysis (RTA) engine. This figure is significant because it represents how expansive the application of Gladiator s threat intelligence services has become at no additional cost to our customers. Raw Traffic Analysis is included with our Firewall Monitoring Service and covers all of the endpoints behind each monitored firewall. 44.9% reduction in RTA tickets in the past 12 months. RTA is a cutting-edge solution used to detect malware that may otherwise go undetected by Network IPS or endpoint antivirus solutions. The reduction of RTA tickets is reflective of a reduction in overall malware infections across our customer base, a direct result of the effectiveness of our new Advanced Malware Protection and Adaptive Threat Management services. 4,480,000 Internet threats presently tracked by Gladiator s Internet Threat Watch List. This is an integral component of our Threat Intelligence Engine which is leveraged by RTA, Advanced Malware Protection, and NetTeller ESM services. Since information security is ultimately about protecting the reputation and bottom line of your financial institution, we hope you find these numbers to be encouraging and in support of those objectives. Cyber criminals and fraudsters are not yielding, and Gladiator remains committed to upping the ante by innovating and adapting our services to meet the ever-changing threat landscape. 4

6 Compliance Corner Deployment of Mobile Banking Services: Why it Requires a Paradigm Shift in Compliance Strategy By Jackie Marshall, Director of IT Regulatory Compliance Banking online using an iphone or Android to check account balances, pay bills, and deposit checks is one of the hottest topics in the board room. Many community financial institutions (FIs) feel competitive pressure to offer new electronic banking (E-banking) services to deliver convenient and efficient mobile banking services to consumer and business customers. A recent study conducted by the Independent Community Bankers of America (ICBA) revealed that more than twice the number of community FIs now offer mobile banking compared to just two years ago. Plans to implement mobile banking by 2014 are expected by 44 percent of the community banks polled. Community FIs Top Concerns with Launching a Mobile Banking Channel Although many community FIs are eager to add mobile banking to their repertoire of E-banking services, lack of direction for regulatory compliance initiatives, challenges to mitigating the risk of potential transaction loss, and controlling admin costs top the lists of concerns for community bank technology and information security management teams. It s also clear that we may not see specific mobile banking guidance for a while (if ever). Some FIs attempt to capitalize on existing strategies and standards and will attempt to update the typical (one or two page) Internet Banking Policy, internal systems-focused Network or Microcomputer Policy, or create a standalone mobile banking policy. Unfortunately, these limited standards will not provide the proper framework for implementation and management of the unique mobile online banking environment for customer facing technology-based services. Successful deployment and ongoing mobile banking management requires a paradigm shift in strategy an enterprise-wide electronic channel strategy. Fortunately, federal standards do exist. The FFIEC IT Examination Handbook, E-Banking Booklet organizes E-Banking into services, service components, and service delivery channels. Also, this strategy complements other FFIEC guidance for Risk Management of RDC, and the recent (June 2011) Supplement to Authentication in an Internet Banking Environment. Advancing Strategic Goals The framework outlined in the FFIEC E-Banking Booklet spells out that not every bank product feature and not every bank customer is a viable candidate for electronic/mobile delivery, and that features and customers should be risk ranked for consideration. Initial steps to developing strategy include determining which markets and customer segments can and should be served through mobile banking channels, surveying customers to determine what transactions and features/functions would be appealing through mobile and estimate projected usage, and identifying which customer-facing transactions are most likely to migrate from branch delivery to electronic channels and in what volumes. This process should be repeated for all electronic delivery channels (including older channels such as ATMs and IVR/voice response unit [VRU] systems) and should be integrated into one coherent, enterprise-wide electronic channel strategy. You will find that your institution will gain competitive advantage as it reduces overall cost (continued) 5

7 of service, retains customers/attracts new ones, and identifies value-added service opportunities to grow fee income. This framework will also provide a logical strategy for near future opportunities such as mobile bill payment, P2P and other E-banking services. Gladiator s ITRC dept. is formally launching its ebanking Compliance Services in February Contact education@gladtech.net for more details or to request information. Education Zone IT Regulatory Training Solutions A New Chapter By Karen Crumbley, Product Manager Although regulatory requirements for ongoing Information Security Awareness Training are a constant, the cyber-threat landscape has significantly evolved. Fraudsters are finding new and creative ways to obtain non-public information (NPI) and commit fraud. Attack vectors such as DDOS attacks, POS and payment card attacks, and medical and government ID theft are just a few of the latest schemes that Gladiator is tracking. Our IT Regulatory Compliance (ITRC) department has responded accordingly with enhancements to both esat and ecommercial SAT online training solutions. These services now include new and enhanced features that will enrich the overall user experience. As a managed security service provider, we are leveraging our expertise and are continually updating the course content to reflect current security threats and controls. Gladiator s training solutions have an edge over other training course offerings for information security because we continually update and enhance ITRC services content based on feedback we receive from FI exams and audits, reflecting new best practices and evolving industry standards. This provides a great opportunity for us to take information learned from other FIs and pass it along so that others may avoid the pitfalls. Another benefit to the end user is a new focus on targeting different learning styles and the incorporation of audio and visual tools to increase comprehension. Enhanced features include: New examples of phishing and fraud using real world examples Streamlined navigation including new ebook format Audio/visual enhancements New quiz material Electronic acknowledgement option Mid-year content update event and assessment of participation Current IT Regulatory Compliance training customers will transition to the updated version(s) during the designated annual set up period and potential customers will have a live demo opportunity (TBA) to participate in a webcast. Look for future communications for this information. We look forward to this new chapter to our offerings in 2013! (continued) 6

8 The following table outlines Gladiator s unique education solutions: Employee Course Gladiator esat Educational training for a financial institution s employees on Information Security Awareness, Identity Theft Prevention, and Social Media Communications. Regulatory Compliance Objective: Assists with compliance objectives of 501(b) of the Gramm Leach Bliley Act (GLBA). Assists with compliance objectives with Section 114 of the Fair and Accurate Credit Transactions Act (FACTA). Assists with meeting standards of BITS Social Media Risks and Mitigations. Gladiator ecommercial SAT Commercial Customer Course Educational training targeting the financial institution s Cash Management customers and high net worth consumers on the latest fraud attack vectors and best practices for online banking transactions. Regulatory Compliance Objective: Assists with compliance objectives of the FFIEC s Supplement to Authentication in an Internet Banking Environment. Board of Directors Course (complements esat) Educational training targeting the Board of Directors on Information Security Awareness, Identity Theft Prevention, and Social Media Communications. Regulatory Compliance Objective: Assists with compliance objectives of 501(b) of the Gramm Leach Bliley Act (GLBA). Assists with compliance objectives with Section 114 of the Fair and Accurate Credit Transactions Act (FACTA). Assists with meeting standards of BITS Social Media Risks and Mitigations. Employee Course (complements ecommercial SAT) Educational training for financial institution employees directly involved with commercial online banking customers on the latest threats to online banking transactions as outlined in the FFIEC s supplemental guidance on Internetbanking security. Regulatory Compliance Objective: Assists with compliance objectives of the FFIEC s Supplement to Authentication in an Internet Banking Environment. 7

9 OMNI ORLANDO RESORT AT CHAMPIONSGATE KISSIMMEE, FL Registration is now open for the 2013 PEC Educational Conference, which will be held March 4-7, 2013, at the Omni Orlando Resort at ChampionsGate in Kissimmee, Florida. The conference will offer more than 200 information-packed educational sessions for ProfitStars and JHA Payment Processing Solutions (PPS) clients. It will also feature our Technology Showcase where you can discover the newest solutions from ProfitStars, PPS, strategic partners, and select providers. Our online system at will guide you through the registration process for the conference and will provide all of the information you ll need. We ve designed an agenda for the 2013 PEC Educational conference that has something for everyone including expanded educational sessions and training classes, as well as the opportunity to network and discuss industry trends and challenges with your peers and experts from ProfitStars and PPS. Attendees will also be eligible for CPE credits and AAP credits by attending select conference sessions. Register today for the 2013 PEC Educational Conference! Product Spotlight Update on Gladiator s New Advanced Malware Protection Service By Ben Murphy, Director of Software Engineering and Services The Gladiator Advanced Malware Protection service has been a huge success since launching in the fall. Here are some updates on the growth of the service s features and deployment: As of January, we have 57 financial institutions signed up for the service. We are protecting thousands of devices at hundreds of locations from malware downloads, data theft, and malicious communications, all from the cloud with no impact on staff or network performance. As of January, approximately 250,000 malicious communications have been intercepted and halted by Advanced Malware Protection. This is above and beyond the ongoing numerous threats stopped by traditional antivirus, network IPS services, Gladiator s Raw Traffic Analysis & Adaptive Threat Management services, and other layered security measures in effect at our clients. (continued) 8

10 We have added detection and protection for malicious dynamic DNS tactics. Dynamic DNS is often used by malware and phishing to circumvent protection. We have added Embargoed Nations protections to block illegitimate communications with any sites located in countries that have been embargoed by the United States. Legitimate business communications are rarely conducted with these countries, and due to their lax stance on cybercrime, they host many malware sites and malware control centers. Gladiator is also blocking access to high-traffic peer-to-peer (P2P) domains. These sites are frequently used to traffic malware and stolen data and rarely serve legitimate business purposes. Advanced Malware Protection is the latest addition to Gladiator s growing set of proprietary Adaptive Threat Management tools and processes, designed to deliver relevant, practical security protection based on the most current threat intelligence available. We are pleased with the growth and popularity of this service and look forward to continued success with it. If you have any questions or would like to request more information, please contact your JHA or Gladiator account executive, or contact the Security Operations Center (SOC) by calling 877-GLADHELP or by ing us at soc@gladtech.net. Product Roadmap Gladiator Development News By Allen Eaves, Product Manager Gladiator NetTeller Enterprise Security Monitoring (ESM) Threat Intelligence Integration Gladiator s advanced correlation logic has continually evolved to identify the new patterns and attacks perpetrated against online banking. Our ability to evolve effectively to identify imminent and active attacks is sustained through our various threat intelligence feeds. The latest details of attack patterns comes from sources including findings from Gladiator s Research department and numerous partnerships with a mixture of government, quasigovernment and private organizations, along with the Jack Henry & Associates internal corporate security team. Intelligence feeds provide regular updates regarding where fraud attacks are being conducted, tracked accounts being used as money mules, and early warnings of legitimate online banking accounts that are communicating with financial fraud botnets. These attributes of suspicious activity are compared across all NetTeller activity in real time. Reliable threat intelligence provides an effective early indication of fraudulent activity or compromised accounts. Gladiator has also incorporated an online fraud database which is integrated into our correlation engine to detect logins to NetTeller from known malicious locations. NetTeller ESM Wire Behavioral Monitoring Enhancements Attacks to online banking come from many different directions and fraudsters methods to compromise accounts have grown more numerous than the myriad of ways to increase account security. Despite the often crafty methods a fraudster may use to gain access to the account to steal funds, a money mule or another method to launder the funds is needed. (continued) 9

11 A new enhancement to the NetTeller ESM Wire fraud detection is currently being tested by the Gladiator Development team and will incorporate the historical record of where each NetTeller account sends wires into the fraud detection correlation. NetTeller ESM customers will have an additional option within My Security Center to enable or disable this new logic per each policy grouping. Configuring funds to go to somewhere outside the customer s authorized recipients is one common denominator with online banking fraud. Through the incorporation of this knowledge we are able to focus more closely on the activity needing attention to identify transactions that is most suspicious and likely fraudulent along with reducing the number of false positive notifications. Over the next few weeks NetTeller ESM customers can expect to receive an announcement of the date the new functionality will become available and further details of the default settings and how to best leverage this new functionality to achieve the best fraud detection. NetTeller ESM ACH Custom policies NetTeller ESM ACH monitoring customizations that are currently available are being enhanced to allow Vault Users the ability to implement multiple monitoring policies. In addition to the default settings thresholds and trusted routing numbers may be customized per policy which may consist of one or more NetTeller account. The current interface for NetTeller Wire customizations will be mimicked with the ACH configurations. The Gladiator development team is currently working on introducing this new functionality and at the same time they are further refining the ACH learning engine. The current learning engine has built-in methods to prevent a fraudster from priming or tricking the system so as to avoid detection. These controls have been effective and as we are continuing to refine the system additional controls will be incorporated in the logic used to establish a normal, trusted destination for a particular NetTeller account. More details about the customization options will be made available in upcoming webinars and NetTeller ESM customers can expect further communication regarding these enhancements prior to release. Vault Client Portal Enhancements Planning for a new Client Portal has begun and the Gladiator team is working with current customers to identify the key enhancements for the future Vault. We have begun to map out several of the different roles that interface with the Vault and what their main objectives and interests are when they visit the site. The scope of this project involves updating the full Vault portal and as the project moves forward we will continue to interview clients regarding their use of the page currently along with what improvements they would most like incorporated in the new site. Here is a small peek into some of the new enhancements we have begun planning: Ticket search and interaction interface with an emphasis on the ability to quickly identify those items needing further attention and tickets a Vault user has already responded to. Permissions and content control administration allowing the Vault Account Administrator to more granularly configure who has various capabilities and which data those users should have access to. Landing page with a visualization of the overall security state focusing on displaying the most useful data on the forefront with the intent that the landing page will provide the most commonly used features without the user needing the navigate around through the site. (continued) 10

12 Data-mining tools to quickly provide context of what we have observed from a particular user or IP address. This data may help further explain some details regarding a security incident even if the events themselves are not suspicious. The details may also not directly relate to a security concern but may provide further context for understanding a device or user s activity. Gladiator s Product Management and Development teams are continually updating our security and fraud monitoring engines to protect customers systems and data. The consistent integration of enhanced detection methods based on the latest risks bolsters our fight against the ever-evolving and increasingly dangerous threat landscape. The Gladiator Research team s investigations frequently lead to new ideas for improved detection along with of our strategic information sharing partnerships. Constant improvements are also a direct result of our customers innovative ideas and feature requests. Ideas and enhancement requests are always encouraged and welcome and may be submitted through the Enhancement Submittal Process (ESP) or by ing GladiatorProducts@gladtech.net. Webcasts Gladiator ITRC Webcast Series 2013 Gladiator s IT Regulatory Compliance department offers convenient, on-demand webcasts that address current issues faced by financial institutions, presented in an interview-style format (30-minute events). Here is the line-up, including the dates the webcasts are available for streaming. us at education@gladtech.net for more details. (The 2013 Series webcasts are complimentary for Compliance Package customers and $95 for others.) E-Banking 2013: Best Practices for Building a Multi-channel Delivery Strategy (February 21) Social Media: Mitigating Risk and Meeting Regulatory Expectations (June 13) Incident Response Plan Testing 101: An Essential Guide (August 15) Managing the Virtualized Environment: Security and Compliance Strategies (November 14) Additional information is available at or by calling Copyright Jack Henry & Associates, Inc. All rights reserved. ProfitStars is a registered trademark of Jack Henry & Associates, Inc. 11