FEBRUARY 2013. Client Bulletin GLADIATOR TECHNOLOGY



Similar documents
Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Are All High-Risk Transactions Created Equal?

How To Protect Your Online Banking From Fraud

Securing Online Payments in ACH Client and Remote Deposit Express

Securing Online Payments in ACH Client and Remote Deposit Express

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Securing Online Payments in the EPS Merchant and Partner Portals

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

Security Intelligence Services.

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Create Extraordinary Online Consumer Experiences. Your Journey Begins with Nominum

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Securing Your Business with DNS Servers That Protect Themselves

Securing Online Payments in the EPS Merchant and Partner Portals

Securing Your Business with DNS Servers That Protect Themselves

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Cisco RSA Announcement Update

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

INTRODUCING isheriff CLOUD SECURITY

End-user Security Analytics Strengthens Protection with ArcSight

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves

September 20, 2013 Senior IT Examiner Gene Lilienthal

ICBA Summary of FFIEC Cybersecurity Assessment Tool

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Franchise Data Compromise Trends and Cardholder. December, 2010

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

JULY Client Bulletin. Gladiator Technology

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

Securing Your Business s Bank Account

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Security Challenges and Solutions for Higher Education. May 2011

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

10 Things Every Web Application Firewall Should Provide Share this ebook

Security Practices for Online Collaboration and Social Media

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

IBM Security X-Force Threat Intelligence

Zscaler Internet Security Frequently Asked Questions

Evaluating DMARC Effectiveness for the Financial Services Industry

Five Trends to Track in E-Commerce Fraud

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

1. Thwart attacks on your network.

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Agenda , Palo Alto Networks. Confidential and Proprietary.

Winning the war on cybercrime: Keys to holistic fraud prevention

Manage the unexpected

CyberArk Privileged Threat Analytics. Solution Brief

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

Protect Your Business and Customers from Online Fraud

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Internet threats: steps to security for your small business

CYBERSECURITY INESTIGATION AND ANALYSIS

First Line of Defense

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Key Security Questions to Ask a Financial Data Aggregation Provider Is the data aggregation partner you re considering following the best practices

Beyond the Hype: Advanced Persistent Threats

Protecting your business from fraud

WHITE PAPER Moving Beyond the FFIEC Guidelines

Concierge SIEM Reporting Overview

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

How To Protect Your Organization From Insider Threats

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

FFIEC CONSUMER GUIDANCE

First Line of Defense

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Injazat s Managed Services Portfolio

Defining, building, and making use cases work

FIREWALL INTELLIGENCE. 1 Copyright 2014 Juniper Networks, Inc.

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

security changes with Orange focus on your business, we focus on your security

How to Evaluate DDoS Mitigation Providers:

The Business Case for Security Information Management

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Using SIEM for Real- Time Threat Detection

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

Into the cybersecurity breach

Stop DDoS Attacks in Minutes

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

How To Protect Your Network From Attack From A Network Security Threat

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

I D C A N A L Y S T C O N N E C T I O N

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Spear Phishing Attacks Why They are Successful and How to Stop Them

Transcription:

Client Bulletin GLADIATOR TECHNOLOGY

Contents Letter from the President 2 Emerging Technology 3 Tech Talk 4 Compliance Corner 5 Education Zone 6 PEC Educational Conference 8 Product Spotlight 8 Product Roadmap 9 Webcasts 11 Additional information is available at www.profitstars.com or by calling 877.827.7101 Copyright 2013. Jack Henry & Associates, Inc. All rights reserved. ProfitStars is a registered trademark of Jack Henry & Associates, Inc. 1

Letter from the President By Matt Riley, Group President, Gladiator Technology In 2012, from a cyber-security perspective, we continued the trend of what we ve seen in years past with the continued proliferation of malware at an exponential rate. We also observed an increase in Distributed Denial of Service (DDoS) Attacks specifically targeting financial institutions of all sizes, some of them meant to simply disrupt business and others used in conjunction with attempted fraud. The events that transpired over the course of last year should have put all financial institutions on notice that either you or your customers are targets, and will continue to be for the foreseeable future. What will 2013 have in store for us? Unfortunately, more of the same. Financial malware used to siphon money out of accounts will continue to rise and advanced malware that goes undetected by traditional security measures will be the norm going forward. Miscreants will be drawn to mobile platforms, such as tablets and smartphones, as more and more functionality is built into financial management applications. For 2013, we all must commit to constantly evolving our threat protection mechanisms to combat today s ever-growing threat landscape. At Gladiator, we are constantly changing and innovating. It s part of our DNA. We ve had tremendous success with our advanced malware protection solution that we launched in August of 2012. Also, we are planning a complete re-write of The Vault Web portal. Back in December, we made an addition to our management team by adding Brian Otte to the position of Director and Head of Sales. Brian brings a wealth of knowledge and experience to the team from his previous positions at Guarded Networks (Co-Founder and EVP), Perimeter esecurity (SVP), and Oracle (VP, Financial Services Business Unit). He has a firm grasp and understanding of our industry, and we are happy to have him onboard. Brian will lead our national sales efforts, and Mike Bell will manage our strong account management program. One last thing to note, we have our annual ProfitStars Conference coming up March 4-7 at the Omni Orlando Resort at ChampionsGate in Kissimmee, FL. I strongly encourage you all to attend, as we will have numerous educational sessions on security and the latest technology being leveraged to drive better efficiencies and deliver better customer experience. The registration information can be found here: www.pecconference.com As always, we appreciate your business and thank you for entrusting us as your security and technology solutions provider. Best Regards, Matt Riley 2

Emerging Technology Dynamic DNS: A Persistent Malware Infrastructure By Kyle Cooper, Information Security Engineer, Advanced It s not unheard of for a legitimate service to be hijacked for malicious use. Fraudsters use email to deliver Trojan horses, innocent websites are compromised and used to host redirects to infected downloads, and now there is one more service to add to that list: Dynamic DNS. During the last year, Gladiator Research has noticed a spike of schemes taking advantage of Dynamic DNS services to download malware and host command and control traffic. All computers use IP addresses to identify and communicate with one another across a network. IP addresses can be difficult for humans to remember, so we use domain names to keep track of all of our favorite websites and network resources. That s where DNS comes into play. Simply put, DNS is responsible for taking a human-readable domain query, and translating it into a machine-usable IP address which the network can forward on to complete the task at hand. Due to their limited availability, static IP addresses can be difficult to obtain and expensive to purchase. Most ISPs hand out IP addresses to customers from a pool of available IP addresses which are continually being recycled as needed. Dynamic DNS is a legitimate service which allows users to quickly update a Domain Name Server when there is a change to the IP address of a device. Anyone who hosts a website or server using a dynamic IP can use Dynamic DNS to keep a domain pointed to the same host computer, even if the IP address of that computer changes. This gives the device a persistent and consistent method to be accessed by other devices, despite having an IP address which can possibly change. For many malicious actors, being limited to a static IP address represents a single point of failure. If an attacker loses control of their static IP address, through blacklisting, law enforcement, or other means, then it s game over for their attacks. However, if instead they are using Dynamic DNS, when an IP address becomes compromised, the attacker can merely switch over to a new, clean IP and continue his operation uninterrupted. As you can imagine, this makes shutting down the attacker incredibly difficult. Fraudsters use this architecture to host their malware and take advantage of its resilience as the backbone of their communications channel. Dynamic DNS presents an interesting challenge because the service itself is one with valid uses. This prevents blanket measures like blacklisting from being effective due to the possibility that these services may be in use for their intended purposes. Where defenders have found success is using behavioral analysis and other detection mechanisms, like those used by Gladiator s Threat Intelligence services, to identify cases in which Dynamic DNS is being used for nefarious purposes. Gladiator s Raw Traffic Analysis provided to all of our firewall CoreDEFENSE customers detects and alerts on malevolent downloads and infections, while Gladiator s Advanced Malware Protection (AMP) service has the ability to prevent and sinkhole malicious Dynamic DNS traffic altogether. Regardless of the mitigation strategies you choose to employ to protect your organization, traffic accessing Dynamic DNS websites should be scrutinized thoroughly, especially if it s being used on the network for legitimate purposes. 3

Tech Talk Security by the Numbers By DJ Goldsworthy, Senior Manager, Research & Development Renowned author and management expert Peter Drucker coined the phrase, If you can measure it, you can manage it. With regard to information security, the endeavor for meaningful metrics continues despite the abundance of professedly effective ones, primarily because many traditional methods simply do not measure up. They assess the functionality and efficiency of preventive security measures, but often miss the most important consideration; the effectiveness of a security program. The following are some key metrics tracked by Gladiator to gauge the effectiveness of the security services managed for our 800+ financial institution customers. 42 instances of identifying malware infections on commercial customers systems in the past five months. Gladiator s NetTeller ESM solution has the ability to analyze commercial customer connections using a threat intelligence engine to identify malware infections, a likely a precursor to online banking fraud. This service is delivered through our cloud security model and doesn t require any client software to be running. $4,848,914.64 in ACH, wire, and bill pay fraud prevented in the past nine months via NetTeller ESM. 66,532 systems that are monitored by Gladiator s state-of-the-art Raw Traffic Analysis (RTA) engine. This figure is significant because it represents how expansive the application of Gladiator s threat intelligence services has become at no additional cost to our customers. Raw Traffic Analysis is included with our Firewall Monitoring Service and covers all of the endpoints behind each monitored firewall. 44.9% reduction in RTA tickets in the past 12 months. RTA is a cutting-edge solution used to detect malware that may otherwise go undetected by Network IPS or endpoint antivirus solutions. The reduction of RTA tickets is reflective of a reduction in overall malware infections across our customer base, a direct result of the effectiveness of our new Advanced Malware Protection and Adaptive Threat Management services. 4,480,000 Internet threats presently tracked by Gladiator s Internet Threat Watch List. This is an integral component of our Threat Intelligence Engine which is leveraged by RTA, Advanced Malware Protection, and NetTeller ESM services. Since information security is ultimately about protecting the reputation and bottom line of your financial institution, we hope you find these numbers to be encouraging and in support of those objectives. Cyber criminals and fraudsters are not yielding, and Gladiator remains committed to upping the ante by innovating and adapting our services to meet the ever-changing threat landscape. 4

Compliance Corner Deployment of Mobile Banking Services: Why it Requires a Paradigm Shift in Compliance Strategy By Jackie Marshall, Director of IT Regulatory Compliance Banking online using an iphone or Android to check account balances, pay bills, and deposit checks is one of the hottest topics in the board room. Many community financial institutions (FIs) feel competitive pressure to offer new electronic banking (E-banking) services to deliver convenient and efficient mobile banking services to consumer and business customers. A recent study conducted by the Independent Community Bankers of America (ICBA) revealed that more than twice the number of community FIs now offer mobile banking compared to just two years ago. Plans to implement mobile banking by 2014 are expected by 44 percent of the community banks polled. Community FIs Top Concerns with Launching a Mobile Banking Channel Although many community FIs are eager to add mobile banking to their repertoire of E-banking services, lack of direction for regulatory compliance initiatives, challenges to mitigating the risk of potential transaction loss, and controlling admin costs top the lists of concerns for community bank technology and information security management teams. It s also clear that we may not see specific mobile banking guidance for a while (if ever). Some FIs attempt to capitalize on existing strategies and standards and will attempt to update the typical (one or two page) Internet Banking Policy, internal systems-focused Network or Microcomputer Policy, or create a standalone mobile banking policy. Unfortunately, these limited standards will not provide the proper framework for implementation and management of the unique mobile online banking environment for customer facing technology-based services. Successful deployment and ongoing mobile banking management requires a paradigm shift in strategy an enterprise-wide electronic channel strategy. Fortunately, federal standards do exist. The FFIEC IT Examination Handbook, E-Banking Booklet organizes E-Banking into services, service components, and service delivery channels. Also, this strategy complements other FFIEC guidance for Risk Management of RDC, and the recent (June 2011) Supplement to Authentication in an Internet Banking Environment. Advancing Strategic Goals The framework outlined in the FFIEC E-Banking Booklet spells out that not every bank product feature and not every bank customer is a viable candidate for electronic/mobile delivery, and that features and customers should be risk ranked for consideration. Initial steps to developing strategy include determining which markets and customer segments can and should be served through mobile banking channels, surveying customers to determine what transactions and features/functions would be appealing through mobile and estimate projected usage, and identifying which customer-facing transactions are most likely to migrate from branch delivery to electronic channels and in what volumes. This process should be repeated for all electronic delivery channels (including older channels such as ATMs and IVR/voice response unit [VRU] systems) and should be integrated into one coherent, enterprise-wide electronic channel strategy. You will find that your institution will gain competitive advantage as it reduces overall cost (continued) 5

of service, retains customers/attracts new ones, and identifies value-added service opportunities to grow fee income. This framework will also provide a logical strategy for near future opportunities such as mobile bill payment, P2P and other E-banking services. Gladiator s ITRC dept. is formally launching its ebanking Compliance Services in February 2013. Contact education@gladtech.net for more details or to request information. Education Zone IT Regulatory Training Solutions A New Chapter By Karen Crumbley, Product Manager Although regulatory requirements for ongoing Information Security Awareness Training are a constant, the cyber-threat landscape has significantly evolved. Fraudsters are finding new and creative ways to obtain non-public information (NPI) and commit fraud. Attack vectors such as DDOS attacks, POS and payment card attacks, and medical and government ID theft are just a few of the latest schemes that Gladiator is tracking. Our IT Regulatory Compliance (ITRC) department has responded accordingly with enhancements to both esat and ecommercial SAT online training solutions. These services now include new and enhanced features that will enrich the overall user experience. As a managed security service provider, we are leveraging our expertise and are continually updating the course content to reflect current security threats and controls. Gladiator s training solutions have an edge over other training course offerings for information security because we continually update and enhance ITRC services content based on feedback we receive from FI exams and audits, reflecting new best practices and evolving industry standards. This provides a great opportunity for us to take information learned from other FIs and pass it along so that others may avoid the pitfalls. Another benefit to the end user is a new focus on targeting different learning styles and the incorporation of audio and visual tools to increase comprehension. Enhanced features include: New examples of phishing and fraud using real world examples Streamlined navigation including new ebook format Audio/visual enhancements New quiz material Electronic acknowledgement option Mid-year content update event and assessment of participation Current IT Regulatory Compliance training customers will transition to the updated version(s) during the designated annual set up period and potential customers will have a live demo opportunity (TBA) to participate in a webcast. Look for future communications for this information. We look forward to this new chapter to our offerings in 2013! (continued) 6

The following table outlines Gladiator s unique education solutions: Employee Course Gladiator esat Educational training for a financial institution s employees on Information Security Awareness, Identity Theft Prevention, and Social Media Communications. Regulatory Compliance Objective: Assists with compliance objectives of 501(b) of the Gramm Leach Bliley Act (GLBA). Assists with compliance objectives with Section 114 of the Fair and Accurate Credit Transactions Act (FACTA). Assists with meeting standards of BITS Social Media Risks and Mitigations. Gladiator ecommercial SAT Commercial Customer Course Educational training targeting the financial institution s Cash Management customers and high net worth consumers on the latest fraud attack vectors and best practices for online banking transactions. Regulatory Compliance Objective: Assists with compliance objectives of the FFIEC s Supplement to Authentication in an Internet Banking Environment. Board of Directors Course (complements esat) Educational training targeting the Board of Directors on Information Security Awareness, Identity Theft Prevention, and Social Media Communications. Regulatory Compliance Objective: Assists with compliance objectives of 501(b) of the Gramm Leach Bliley Act (GLBA). Assists with compliance objectives with Section 114 of the Fair and Accurate Credit Transactions Act (FACTA). Assists with meeting standards of BITS Social Media Risks and Mitigations. Employee Course (complements ecommercial SAT) Educational training for financial institution employees directly involved with commercial online banking customers on the latest threats to online banking transactions as outlined in the FFIEC s supplemental guidance on Internetbanking security. Regulatory Compliance Objective: Assists with compliance objectives of the FFIEC s Supplement to Authentication in an Internet Banking Environment. 7

OMNI ORLANDO RESORT AT CHAMPIONSGATE KISSIMMEE, FL Registration is now open for the 2013 PEC Educational Conference, which will be held March 4-7, 2013, at the Omni Orlando Resort at ChampionsGate in Kissimmee, Florida. The conference will offer more than 200 information-packed educational sessions for ProfitStars and JHA Payment Processing Solutions (PPS) clients. It will also feature our Technology Showcase where you can discover the newest solutions from ProfitStars, PPS, strategic partners, and select providers. Our online system at www.pecconference.com will guide you through the registration process for the conference and will provide all of the information you ll need. We ve designed an agenda for the 2013 PEC Educational conference that has something for everyone including expanded educational sessions and training classes, as well as the opportunity to network and discuss industry trends and challenges with your peers and experts from ProfitStars and PPS. Attendees will also be eligible for CPE credits and AAP credits by attending select conference sessions. Register today for the 2013 PEC Educational Conference! Product Spotlight Update on Gladiator s New Advanced Malware Protection Service By Ben Murphy, Director of Software Engineering and Services The Gladiator Advanced Malware Protection service has been a huge success since launching in the fall. Here are some updates on the growth of the service s features and deployment: As of January, we have 57 financial institutions signed up for the service. We are protecting thousands of devices at hundreds of locations from malware downloads, data theft, and malicious communications, all from the cloud with no impact on staff or network performance. As of January, approximately 250,000 malicious communications have been intercepted and halted by Advanced Malware Protection. This is above and beyond the ongoing numerous threats stopped by traditional antivirus, network IPS services, Gladiator s Raw Traffic Analysis & Adaptive Threat Management services, and other layered security measures in effect at our clients. (continued) 8

We have added detection and protection for malicious dynamic DNS tactics. Dynamic DNS is often used by malware and phishing to circumvent protection. We have added Embargoed Nations protections to block illegitimate communications with any sites located in countries that have been embargoed by the United States. Legitimate business communications are rarely conducted with these countries, and due to their lax stance on cybercrime, they host many malware sites and malware control centers. Gladiator is also blocking access to high-traffic peer-to-peer (P2P) domains. These sites are frequently used to traffic malware and stolen data and rarely serve legitimate business purposes. Advanced Malware Protection is the latest addition to Gladiator s growing set of proprietary Adaptive Threat Management tools and processes, designed to deliver relevant, practical security protection based on the most current threat intelligence available. We are pleased with the growth and popularity of this service and look forward to continued success with it. If you have any questions or would like to request more information, please contact your JHA or Gladiator account executive, or contact the Security Operations Center (SOC) by calling 877-GLADHELP or by emailing us at soc@gladtech.net. Product Roadmap Gladiator Development News By Allen Eaves, Product Manager Gladiator NetTeller Enterprise Security Monitoring (ESM) Threat Intelligence Integration Gladiator s advanced correlation logic has continually evolved to identify the new patterns and attacks perpetrated against online banking. Our ability to evolve effectively to identify imminent and active attacks is sustained through our various threat intelligence feeds. The latest details of attack patterns comes from sources including findings from Gladiator s Research department and numerous partnerships with a mixture of government, quasigovernment and private organizations, along with the Jack Henry & Associates internal corporate security team. Intelligence feeds provide regular updates regarding where fraud attacks are being conducted, tracked accounts being used as money mules, and early warnings of legitimate online banking accounts that are communicating with financial fraud botnets. These attributes of suspicious activity are compared across all NetTeller activity in real time. Reliable threat intelligence provides an effective early indication of fraudulent activity or compromised accounts. Gladiator has also incorporated an online fraud database which is integrated into our correlation engine to detect logins to NetTeller from known malicious locations. NetTeller ESM Wire Behavioral Monitoring Enhancements Attacks to online banking come from many different directions and fraudsters methods to compromise accounts have grown more numerous than the myriad of ways to increase account security. Despite the often crafty methods a fraudster may use to gain access to the account to steal funds, a money mule or another method to launder the funds is needed. (continued) 9

A new enhancement to the NetTeller ESM Wire fraud detection is currently being tested by the Gladiator Development team and will incorporate the historical record of where each NetTeller account sends wires into the fraud detection correlation. NetTeller ESM customers will have an additional option within My Security Center to enable or disable this new logic per each policy grouping. Configuring funds to go to somewhere outside the customer s authorized recipients is one common denominator with online banking fraud. Through the incorporation of this knowledge we are able to focus more closely on the activity needing attention to identify transactions that is most suspicious and likely fraudulent along with reducing the number of false positive notifications. Over the next few weeks NetTeller ESM customers can expect to receive an announcement of the date the new functionality will become available and further details of the default settings and how to best leverage this new functionality to achieve the best fraud detection. NetTeller ESM ACH Custom policies NetTeller ESM ACH monitoring customizations that are currently available are being enhanced to allow Vault Users the ability to implement multiple monitoring policies. In addition to the default settings thresholds and trusted routing numbers may be customized per policy which may consist of one or more NetTeller account. The current interface for NetTeller Wire customizations will be mimicked with the ACH configurations. The Gladiator development team is currently working on introducing this new functionality and at the same time they are further refining the ACH learning engine. The current learning engine has built-in methods to prevent a fraudster from priming or tricking the system so as to avoid detection. These controls have been effective and as we are continuing to refine the system additional controls will be incorporated in the logic used to establish a normal, trusted destination for a particular NetTeller account. More details about the customization options will be made available in upcoming webinars and NetTeller ESM customers can expect further communication regarding these enhancements prior to release. Vault Client Portal Enhancements Planning for a new Client Portal has begun and the Gladiator team is working with current customers to identify the key enhancements for the future Vault. We have begun to map out several of the different roles that interface with the Vault and what their main objectives and interests are when they visit the site. The scope of this project involves updating the full Vault portal and as the project moves forward we will continue to interview clients regarding their use of the page currently along with what improvements they would most like incorporated in the new site. Here is a small peek into some of the new enhancements we have begun planning: Ticket search and interaction interface with an emphasis on the ability to quickly identify those items needing further attention and tickets a Vault user has already responded to. Permissions and content control administration allowing the Vault Account Administrator to more granularly configure who has various capabilities and which data those users should have access to. Landing page with a visualization of the overall security state focusing on displaying the most useful data on the forefront with the intent that the landing page will provide the most commonly used features without the user needing the navigate around through the site. (continued) 10

Data-mining tools to quickly provide context of what we have observed from a particular user or IP address. This data may help further explain some details regarding a security incident even if the events themselves are not suspicious. The details may also not directly relate to a security concern but may provide further context for understanding a device or user s activity. Gladiator s Product Management and Development teams are continually updating our security and fraud monitoring engines to protect customers systems and data. The consistent integration of enhanced detection methods based on the latest risks bolsters our fight against the ever-evolving and increasingly dangerous threat landscape. The Gladiator Research team s investigations frequently lead to new ideas for improved detection along with of our strategic information sharing partnerships. Constant improvements are also a direct result of our customers innovative ideas and feature requests. Ideas and enhancement requests are always encouraged and welcome and may be submitted through the Enhancement Submittal Process (ESP) or by emailing GladiatorProducts@gladtech.net. Webcasts Gladiator ITRC Webcast Series 2013 Gladiator s IT Regulatory Compliance department offers convenient, on-demand webcasts that address current issues faced by financial institutions, presented in an interview-style format (30-minute events). Here is the line-up, including the dates the webcasts are available for streaming. Email us at education@gladtech.net for more details. (The 2013 Series webcasts are complimentary for Compliance Package customers and $95 for others.) E-Banking 2013: Best Practices for Building a Multi-channel Delivery Strategy (February 21) Social Media: Mitigating Risk and Meeting Regulatory Expectations (June 13) Incident Response Plan Testing 101: An Essential Guide (August 15) Managing the Virtualized Environment: Security and Compliance Strategies (November 14) Additional information is available at www.profitstars.com or by calling 877.827.7101 Copyright 2013. Jack Henry & Associates, Inc. All rights reserved. ProfitStars is a registered trademark of Jack Henry & Associates, Inc. 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information