Tag: Firewall Security

31 Dec 2020
Best Practices in Leveraging Firewalls and Encryption

The Importance of a Layered Approach to Financial Institution Security: Best Practices in Leveraging Firewalls and Encryption

What You Need to Know About Securing Azure AD

Over the last decade, we have seen major advances in the world of online security, mainly with the development of firewalls and encrypted data options.

Safe Systems hosted a live webinar earlier this month discussing how firewalls, encryption and other online security measures work; why a layered security approach is best in all situations; possible threats to each security measure; and what your financial institution can do to keep your information secure and uncompromised. In case you missed it, here are a few key points from the webinar.

What are firewalls and how did we get to where we are today?

Firewalls became a necessity when banks and credit unions started connecting all of their computers to the same network that was then connected to the internet. Firewalls functioned as the first line of defense – but were nowhere near the caliber of defense we have available today.

When attacks started to occur, it put company computers and the data stored on them in a compromised position. A need arose to come up with appliances that were either in line with the firewall or were an additive to the firewall’s system. The new appliances included IDS/IPS systems, AV Gateways and Web filters – all of which added new layers of security to the firewall.

Today, the latest generation of firewalls, known as Next Generation Firewalls, combines earlier firewall models and offers multiple layers of protection as part of the firewall service. However, some of the additional layers may be included by default and some require extra licensing to take advantage of specific features.

What is the layered security approach and how do today’s firewalls implement that strategy?

What we have learned over the last several years is that security solutions may be incredibly strong in some regards but have gaping holes in others. A layered security approach assists in closing those gaps and lessens the potential risks for an online attack.

What is encryption, how does it work and what can we do better?

Encryption is another aspect of the layered security approach. The two encryption types highlighted in the webinar are Secure Socket Layer (SSL) and Transport Layer Security (TLS), and while they use different nomenclature, the two encryption types are essentially the same – TLS is just a slightly new version.

The goals of TLS:

  1. Encrypt Data
  2. Authentication
  3. Data Integrity

In the last 5 years, there has been major growth in website encryption. It has expanded from being used only when a user types in their username and password to include approximately 90% of the most visited websites today encrypting all of their webpages.

Although having encrypted sites gives users a more secure experience, encryption has some unintended consequences. When traffic is encrypted between the website and the desktop browsing the site, the firewall cannot evaluate the traversing traffic. This means, in the past, a firewall could evaluate a large majority of web traffic. Now, the firewall can only evaluate about 10% of web traffic, because the rest is encrypted.

Bad actors have focused on these security holes and have built their malware to navigate encrypted traffic to get through the firewall and to the workstation. To fight this issue, TLS inspection can be implemented on a Next Generation Firewall to inspect the encrypted traffic passing through on a daily basis.

Today, with TLS inspection, firewalls can get back to inspecting a majority of web traffic farther than just 10% that isn’t encrypted today. This closes a major security gap many institutions may not even know they have.

What steps can you take to increase your online security?

Although there are several ways you can increase your level of online security, as of now, there is no software that guarantees you will not be compromised. However, in addition to encryption, you can take several steps to keep your online presence safe and secure.

A few of the steps you can take to fight malware are:

  1. Anti-Malware Scanning – an anti-virus engine that came about in the Universal Threat Management (UTM) devices. Anti-malware is a software program designed to prevent, detect and remove malicious software on IT systems.
  2. Sandbox Analysis Piece – an additive that enables a firewall to analyze a file and determine its risks level. If the file is determined to possibly be malicious, the file can be sent to the sandbox where the file can be detonated. If the file appears malicious after detonation, the file is blocked from being downloaded to the end user. If the sandbox determines the file is likely safe, the file is allowed to pass through the firewall to the end user for us.

To learn more ways to protect your institution, watch our recorded webinar, “Why You Shouldn’t Ignore Encryption.”

10 Dec 2020
Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

A firewall is a key defense measure to combat cyber threats and having the right firewall solution can provide financial institutions with top-rate protection to meet regulatory requirements as well as useful security tools to identify, analyze, and thwart malicious activity. But does your current firewall security meet these expectations and prepare your institution to scale and reach its IT strategic goals?

Challenge

Leesa Anderson, Chief Technology Officer at Bank of Wrightsville, wanted to ensure her institution had the right tools in place to ensure network security, meet compliance requirements, and keep banking operations running smoothly. After an IT audit and third-party vulnerability assessment, it was recommended for the bank to update its firewall to include Secure Sockets Layer (SSL) inspection. However, at the time, this feature was not available on the bank’s current firewall solution. The bank knew it needed to find a new firewall product to improve the bank’s security posture and meet regulatory expectations.

“We needed to have SSL inspection set up on our firewall solution, but our provider at the time wasn’t offering this capability,” said Anderson. “We began looking for a solution that met all of the basic requirements for firewall protection but also included more of the next-gen features that could help us be more proactive and stay ahead of the curve with our perimeter security.”

Solution

After attending Safe Systems’ user conference, Anderson decided to take a closer look at Safe Systems’ Managed Perimeter Defense (MPD) next-gen firewall solution. The solution deploys powerful machine learning algorithms, SSL inspection capabilities, advanced reporting, and alerts to help financial institutions detect and combat malicious activity on the network. After careful consideration, Anderson selected and implemented MPD as the bank was looking to enhance its network security and needed new hardware as well.

Managed Perimeter Defense has provided many benefits to Anderson and her team. Read the full case study to learn how this next-gen firewall solution transformed Bank of Wrightsville’s firewall security and improved its compliance posture.

03 Dec 2020
How to Improve Network Security With Cyber Threat Intelligence Feeds

How to Improve Network Security With Cyber Threat Intelligence Feeds

How to Improve Network Security With Cyber Threat Intelligence Feeds

While industry-specific threat intelligence feeds keep financial institutions up to date on the latest security threats in the banking industry, the sheer amount of information collected can be challenging for community banks and credit unions to process efficiently. In this blog post, we outline three key information-sharing organizations that community banks and credit unions should consider utilizing and offer a few tips to improve cybersecurity processes as well.

Types of Threat Intelligence Feeds

According to the Federal Financial Institution Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT), it is important for financial institutions to have processes in place to effectively discover, analyze, and understand cyber threats. Implementing bank-specific threat intelligence feeds provides financial institutions with industry-specific security information needed to meet this requirement. Here are a few of the top threat intelligence feeds:

1. Geo-IP Threat Feed

IP-based geolocation is a mapping of an IP address to the geographic location of an Internet connected computing device. Financial institutions can use IP geolocation data to monitor threats from high-risk locations and use this data to strengthen their cybersecurity posture.

2. FS-ISAC

FS-ISAC is an information sharing organization designed specifically for financial services organizations and financial institutions. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.

3. IBM X-Force

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows organizations to consume, share and act on threat intelligence. With this platform, you can quickly research the latest global security threats, collect actionable intelligence, consult with experts and collaborate with peers.

Strengthening Your Cybersecurity Posture

Regulators expect financial institutions to belong to an information sharing organization or utilize a crowdsourced security feed because they believe that if institutions can share threat information they’re seeing in the industry, then other financial institutions of similar size and complexity will know how to deal with new and emerging security threats. However, there are two key issues with this concept:

  1. Financial institutions are receiving large amounts of information and don’t know what to do with it
  2. Financial institutions are consuming threat information but are not sharing security threats they’ve encountered with their peers

For smaller financial institutions with limited resources, engaging with a knowledgeable third-party provider that has a solid methodology in place to analyze all of the data disseminated from threat intelligence feeds and filter the information to identify key threats can be a great benefit to the institution’s cybersecurity efforts. It is equally important for these institutions to share cybersecurity threats or incidents they’ve encountered with information sharing organizations to ensure other financial institutions are informed, strengthening the banking industry as a whole.

For more information on enhancing your cybersecurity posture, view our cybersecurity resources.