Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Similar documents
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Fostering Incident Response and Digital Forensics Research

Protecting against cyber threats and security breaches

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Things To Do After You ve Been Hacked

Building a Business Case:

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

State of Security Survey GLOBAL FINDINGS

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

The Symantec Approach to Defeating Advanced Threats

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Cybersecurity. Are you prepared?

OVERVIEW. Enterprise Security Solutions

Big Data, Big Risk, Big Rewards. Hussein Syed

Into the cybersecurity breach

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Testing the Security of your Applications

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Endpoint Threat Detection without the Pain

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Breaking the Cyber Attack Lifecycle

2012 Endpoint Security Best Practices Survey

INTRODUCING isheriff CLOUD SECURITY

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Microsoft s cybersecurity commitment

WEBSENSE TRITON SOLUTIONS

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Energy Cybersecurity Regulatory Brief

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Defending Against Cyber Attacks with SessionLevel Network Security

CyberArk Privileged Threat Analytics. Solution Brief

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

Cyber security Building confidence in your digital future

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

I D C A N A L Y S T C O N N E C T I O N

How To Protect Your Network From Attack From A Network Security Threat

Combating a new generation of cybercriminal with in-depth security monitoring

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

National Cyber Security Policy -2013

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

POLICIES TO MITIGATE CYBER RISK

20+ At risk and unready in an interconnected world

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Global IT Security Risks

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

CGI Cyber Risk Advisory and Management Services for Insurers

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

HP Fortify Software Security Center

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Middle Class Economics: Cybersecurity Updated August 7, 2015

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Cloud Computing Security Considerations

The Cyber Threat Profiler

Security and Privacy

Capabilities for Cybersecurity Resilience

CYBER SECURITY TRAINING SAFE AND SECURE

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Security Intelligence

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Requirements When Considering a Next- Generation Firewall

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

The Protection Mission a constant endeavor

Cyber Security - What Would a Breach Really Mean for your Business?

Internet threats: steps to security for your small business

CYBER SECURITY, A GROWING CIO PRIORITY

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Integrating MSS, SEP and NGFW to catch targeted APTs

NATIONAL CYBER SECURITY AWARENESS MONTH

Marble & MobileIron Mobile App Risk Mitigation

Analyzing HTTP/HTTPS Traffic Logs

Transcription:

MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.

The banking industry is charged with protecting the assets of businesses and consumers alike, and its members are well aware cybercriminals are continually looking for ways to access their systems. Their chief security concerns are: The protection of monetary funds. Personally identifiable information. Intellectual property. Business critical data. As cyber attacks continue to rise, the financial industry is on the forefront of the latest methods of detection, remediation, and resolution to threats on their systems. According to the British Banking Association, 2013 heralded an exponential increase in cyber attacks i. The impact a breach has on a bank s reputation and client confidence is increasingly viewed as a critical risk. As the British Banking Association notes in its May 2014 Cyber Report, If publicized, network security breaches can affect share prices, cause irreparable reputational damage and impact on the stability of the wider financial market. Unsurprisingly, the banking sector places a high priority on mitigating these risks. Last year, more than 700million was invested in cyber security in the UK alone. In addition to bolstering its technological defense systems, the banking community shares information about the latest cyber attack methodologies including specific information on hacks, breaches, phishing websites and known criminals targeting them. A lot of this intelligence comes via the British Banking Association and various government incentives including the CBEST ii vulnerability testing framework, launched by the Bank of England in June 2014, and the British Banking Association s Financial Crime Alert Service iii which provides real-time cyber crime intelligence from the National Crime Agency, the government and partner agencies. Financial services organizations across the globe are also increasingly participating in Services Information Sharing and Analysis Centres (ISACs). They are becoming a global go-to resource for cyber and physical threat intelligence analysis and sharing. The information includes analysis and recommended solutions from leading industry experts. The Financial Services ISAC iv is currently active with members and partners across countries and regions throughout North and South America, Europe, the Middle East and Asia/Pacific. The FS-ISAC is unique in that it was created by and for members and operates as a member-owned non-for-profit entity. Banks have technology ceilings when it comes to email collections...we had a requirement for a potential solution for indexing and querying Microsoft Exchange data on the fly. Team member at top five global bank Challenge One of the UK s top banks recently reviewed its security technology to assist it in combatting new cyber threats. The company s director of forensics and ediscovery explained that a variety of security tools are employed by the bank as part of its depth defense strategy. These tools are designed to prevent external attackers from getting into their systems. They also monitor internal systems for data attempting exfiltration, whether as a result of compromised systems, a malicious insider, or employees falling prey to social engineering. 2 2015 Resolution1 Security

While aspects of data protection are heavily regulated, some information is also considered sensitive to meet the bank s own business requirement to maintain confidentiality, he said. One of the ways that this risk is mitigated is through the monitoring of email and internet traffic. However, the bank was limited in the volume of traffic that it could process. Banks have technology ceilings when it comes to email collections, explained a second team member, the company s global head of computer forensic investigations. We had a requirement for a potential solution for indexing and querying Microsoft Exchange data on the fly. Solution The bank sent out an RFI (Request for Information) to 40 forensics vendors including IBM, Symantec, Guidance, UIX, EMC 2 (RSA), Resolution1 Security (formerly AccessData) and Standard Query. A scoring index was used to narrow the final round of vendors to three. Based on its analysis, the bank selected Resolution1 CyberSecurity for cyber incident response. Explaining the selection process, the company s director of forensics and ediscovery stated, Each vendor s product was assessed. It had to be compatible with Excel and it had to be compliant with financial industry regulations. Resolution1 Security was the only security vendor that provided the indexing needed to query Exchange data on the fly. We capture 24.5 Megabytes of internet traffic every 1.5 seconds and currently don t do anything with it, stated the company s global head of computer forensic investigations. We intend to denote specific content and use Resolution1 s lightweight network analysis capability to identify that content within internet traffic. Working in Partnership As part of its security and cyber incident resolution strategy, the bank required an extension of the Resolution1 endpoint analysis capabilities. The security team asked Resolution1 for a roadmap feature that would automatically recover forensic material from endpoints impacted by malware. When the bank makes a major purchase, it s a partnership. We work with the selected vendor to develop the tools that we need. During the final selection we brought each of the vendors in, because we wanted their software engineers to meet our own internal software engineers, reported the company s director of forensics and ediscovery. By having the Resolution1 Security team embedded, they worked to quickly address hurdles at the proof of concept stage and delivered what the bank needed. We were looking for a proactive partnership. He added that the endpoint agent was initially introduced for remediation of malware infections and used to restore laptops and desktops and recover malware for diagnosis and threat intelligence. Resolution1 CyberSecurity had the capability to not only identify malware, but to restore endpoints to a known good point, kill malicious processes and recover malware, so that to some extent you could perform diagnostics. The company s global director of director of forensics and ediscovery explained We capture 24.5 Megabytes of internet traffic every 1.5 seconds and currently don t do anything with it. We intend to denote specific content and use Resolution1 s lightweight network analysis capability to identify that content within internet traffic. Head of Computer Forensic Investigations at top five global bank 2015 Resolution1 Security 3

Where previously you had to recover laptops and issue new ones; Resolution1 allows remote remediation on-thefly. There s a given savings from not having to swap and replace hardware. Head of Computer Forensic Investigations at top five global bank that by working in partnership with the bank Resolution1 Security developed additional capabilities to identify cyber incidents as they are unfolding. This allows the bank to perform incident resolution without having physical access to infected endpoints and has delivered an immediate cost saving to the bank. Where previously you had to recover laptops and issue new ones; Resolution1 allows remote remediation on-the-fly. There s a given savings from not having to swap and replace hardware, he added. On average, there is a cost of between $450 to $680 per desktop or laptop replaced, and in a bank there are many hundreds, so there s a real saving in cost. Users of Resolution1 CyberSecurity include the bank s incident response team, forensics team, data leakage team and intelligence team. He predicts that the firewall/ids team is also likely to adopt it. A major benefit of introducing Resolution1 is that the bank is now able to manage its own incident response in-house. This has enabled the bank to dramatically improve its cyber incident response times (Mean Time to Resolution) from ten days to five hours. Benefits The bank s team also reported the forensic feature set of Resolution1 was easy for their staff to learn because many of the bank s incident response team are former police officers who are therefore familiar with using AccessData s Forensic Toolkit (FTK). FTK s interoperability with Resolution1 enables the bank to correlate massive data sets from different sources, such as computer hard drives, network storage, mobile devices and internet storage. Resolution1 also assists in collaboration and intelligence-sharing between teams, to speed incident response. An additional benefit of Resolution1 is that forensic teams have the same toolset as the incident response team who are reacting to any malware outbreak, so it provides a skill set and ease of use. We have a tool that can be used on the same platform, so the incident response team working on a malware outbreak can convert it into a forensic investigation at the same time, enthused the company s director of forensics and ediscovery. Another key benefit cited by the bank is the reduction of time and travel costs associated with each incident owing to the remote remediation and resolution enabled by Resolution1. For every incident, the fact that our team members don t have to fly to Singapore to help address it saves the bank 10,000, said the company s director of forensics and ediscovery. This is a nice value add, a bonus, but what we are more interested in is swiftness to respond and the avoidance of damage to our reputation. Incident response reduced from 10 days to 5 hours. The company s director of forensics and ediscovery explained that certain regulatory bodies demand that banks report an incident within a matter of hours. Depending on an incident s severity, remediation must be completed within six to twenty four hours. He stated that a major benefit of introducing Resolution1 is that the bank is now able to manage its own incident response in-house. This has enabled the bank to dramatically improve its cyber incident response times (Mean Time to Resolution 1, MTR) from ten days to five hours. 4 2015 Resolution1 Security

I think a better way of explaining the benefit is having an internal resource and software versus an external resource and software. If the bank ran an external forensics or incident response team, it generally takes external vendors about ten days from start to finish to do this as a project. You ve got to identify the problem, raise a statement of work, raise a PO, bring investigators in on site, allow the investigators to undertake the retrieval, that normally involves traditional forensics work, where you go and image x number of hard drives, do the investigation and deliver the report. This takes about ten working days. The same response, using automated tools and trained incumbent staff, takes about four to five hours. Future plans In line with the British Banking Association s recommendations, the bank states that its key priority is intelligence sharing. When an event occurs, the system activates an alert. The incident response teams immediately react and remediate, or pass it to forensics. One of the key things we are looking at is asking other financial services entities and partners whether they ve seen that type of attack before, stated the company s director of forensics and ediscovery. While the bank regularly monitors for evolving classes of cyber attack, he explained that the majority of security issues are still tied to the inadvertent actions of insiders, such as clicking on malicious links in phishing emails. Our current technology investment and sophisticated procedures allow us to detect the exfiltration of data as it is attempted. The bank is also investigating investments in solutions for incident response on mobile devices as part of its BYOD security strategy. We would be very keen to adopt an endpoint agent on mobile devices. However, BYOD data capture is difficult because of the legal issues surrounding privacy of data on personal devices, he stated. He also reported that the next key step with the Resolution1 Platform is incident response that will assist the bank with compiling social media data and managing risks related to cloud-based application use. The company director also predicts that traditional computer forensics will be fundamentally changed by cloud computing. We took a collaborative approach when working with Resolution1 Security and that has paid off. It s not about what they are selling--it s about what we require, said the company s global director of computer forensic investigations and ediscovery concluded. By having the Resolution1 Security team embedded, they worked to quickly address hurdles at the proof of concept stage and delivered what the bank needed. We were looking for a proactive partnership. 1 Mean Time to Resolution (MTR) is the average time taken from initial detection of a cyber threat, through analysis and full remediation of the breach or attack. This measure is a key performance indicator of an organization s overall preparedness to handle cyber breaches and attacks. Head of Computer Forensic Investigations at top five global bank 2015 Resolution1 Security 5

References i. British Banking Association The Cyber Threat to Banking, https://www.bba.org.uk/wp-content/uploads/2014/06/bbaj2110_cyber_report_may_2014_web.pdf ii. Bank of England launches CBEST, June 2014 http://www.bankofengland.co.uk/financialstability/fsc/pages/cbest.aspx iii. British Banking Association Financial Crime Alerts Service, 23rd September 2014 https://www.bba.org.uk/news/press-releases/banks-team-up-with-government-to-combat-cyber-criminals-and-fraudsters/#.vda5ffmzg6n iv. Financial Times, JP Morgan data breach triggers calls for deeper collaboration, 3rd October 2014 http://www.ft.com/cms/s/0/7897ef22-4b1b-11e4-8a0e-00144feab7de.html#axzz3fcw0xfri 6 2015 Resolution1 Security

Learn more about how Resolution1 CyberSecurity can help you deliver enhanced security and aggressive ROI for your enterprise. http://resolution1security.com GLOBAL HEADQUARTERS +1 801 377 5410 1100 Alma Street Menlo Park, CA 94025 USA NORTH AMERICAN SALES +1 800 574 5199 Fax: +1 801 765 4370 sales@resolution1security.com 2015 Resolution1 Security

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information