Tag: Managed Perimeter Defense

27 Jan 2023
What to Look for in a New Firewall Vendor

What to Look for in a New Firewall Vendor

What to Look for in a New Firewall Vendor

If your bank or credit union needs a firewall vendor, it’s important to know what to look for to meet your security and regulatory requirements. Maybe you are proactively searching for a new firewall provider or suddenly discovered that you need to replace your current one. Whatever the case, you should search for a firewall vendor that specializes in the financial industry. This will ensure your financial institution has access to expertise and insights that are more specific to banking regulations.

In addition, you should look for a vendor that can serve as a “one-stop-shop” that covers all the security angles. The company should provide an all-inclusive solution that encompasses firewall monitoring, and management as well as intrusion detection and prevention. It’s also important to find a firewall vendor that offers concise and digestible reporting, along with meaningful insights created specifically for the banking community.

It is also equally important to search for a firewall vendor that can meet your institution’s implementation time frame. Ideally, you should plan five to six months out for a firewall implementation to compensate for hardware lead times; however, this may not always be possible. For example, your institution may have encountered an unexpected problem with renewal and need to quickly pivot to another firewall vendor. In this case, you will need to look for a vendor that is capable of deploying a firewall within a tight timeline.

As a precautionary measure, financial institutions must stay on top of contract management. Institutions should have a good relationship with their vendors and review contracts well before they are scheduled to renew. They should closely examine the contract terms and ask questions to ensure they are aware of any upcoming revisions or new developments. This can help them avoid getting caught off guard by any last-minute contractual issues that may disrupt their operation.

So how can banks and credit unions find a prospective firewall vendor? They can consult peers in the banking industry and inquire if their current service providers also offer firewalls. Ultimately, financial institutions should make sure their selected vendor has the appropriate security layers and reporting needed to check all the boxes from an examiner’s perspective. Safe Systems’ Managed Perimeter Defense (MPD), for example, employs multiple layers of advanced tools to help financial institutions protect their IT security environment. MPD’s next-generation firewall capabilities provide deeper analysis and improved detection of modern threats, which makes it easier for institutions to enhance their security posture.

06 Dec 2021
How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

With the increasing complexity of cyberattacks, financial institutions need to implement more effective—and comprehensive—security measures. They need a variety of elements to create a layered approach to secure their data, infrastructure, and other resources from potential cyberthreats.

Many organizations rely on a castle-and-moat network security model where everyone inside the network is trusted by default. (Think of the network as the castle and the network perimeter as the moat.) No one outside the network is able to access data on the inside, but everyone inside the network can. However, security gaps may still exist in this model and others. The best approach to compensate for gaps is to surround the network with layers of security.

The basic “table stakes” for a layered security approach include a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process. Banks and credit unions could also invest in additional and more sophisticated layers but each one will have associated acquisition and management costs, along with ongoing maintenance. So, it’s prudent for institutions to invest only in the number of layers/solutions they can competently manage.

Key Concerns

Today the top IT security concern for many organizations is ransomware. Due to the proactive measures many financial institutions have taken, the banking industry has fewer security breaches than health care and some other industries thus far. However, when a breach does happen to a financial institution, the impact is more costly than breaches occurring in other industries.

Four-Layer Security Formula

With these concerns in mind, here’s a four-layer “recipe” organizations can employ to improve their security posture:

  • Training and Testing: Using email phishing tests can serve as a good foundation for minimizing BEC and other social engineering threats.
  • Network Design: Institutions should refresh older networks to segment their components into different zones. It’s no longer sufficient to have servers, workstations, and printers sitting in one IP space together.
  • Domain Name System (DNS) filtering: DNS filtering prevents potentially damaging traffic from ever reaching the network. Because it proactively blocks threats, this makes it one of the most effective and affordable security layers institutions can apply.
  • Endpoint Protection: Institutions should have this type of protection on each of their endpoints, and the best endpoint protection tools have built-in ransomware solutions.

Other Important Considerations

It’s important to back up data regularly and ensure that those backups are well beyond the reach of ransomware and other threats. (Backups done to a local server that’s on-site and are still on the network may be susceptible to ransomware.) One way to address this issue is to have immutable backups, which are backup files that can’t be altered in any way and can deploy to production servers immediately in case of ransomware attacks or other data loss. Another option is to send backups to a cloud solution like Microsoft Azure Storage, which is affordable and easy to integrate because there are no servers to manage.

Another crucial element in security is Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption protocol, which can be somewhat of a double-edged sword. About 80 percent of website traffic is encrypted to protect it from unauthorized users during transmission. Traditional firewalls don’t have the ability to scrutinize traffic against a content filtering engine, which means savvy hackers can hide ransomware and other dangerous content inside. But firewalls with advanced features are capable of TLS/SSL inspection; they can decrypt content, analyze it for threats, and then re-encrypt the traffic before entering or leaving the network.

There’s an array of security solutions that institutions can implement to establish layered protection against cyber threats. For more insights about this topic, listen to our webinar on “Cyber Threats, Why You Need a Layered Approach.”

23 Nov 2021
Importance of Security Layers

Importance of Security Layers

Importance of Security Layers

In the past, it wasn’t uncommon for organizations to maintain basic information security: a firewall, anti-malware software, and maybe a few other resources. But modern operating environments require financial institutions to go beyond limited measures and implement multiple security layers to protect their sensitive information, infrastructure, and other assets.

Today banks and credit unions have a variety of elements that comprise their computer networks, and these components require numerous security solutions for them to operate securely. There’s no such thing as having too many solutions—although some entities invest in more resources than they can competently manage. The most appropriate approach is for institutions to employ all the security layers they can afford to pay for and oversee effectively.

The security landscape has changed significantly over the years. With the evolution of technology, cybercriminals are launching more frequent and sophisticated attacks against organizations. (The bad guys have it easy; they only have to get it right once. Security professionals, on the other hand, have to get it right all the time.) Currently, the top security threats for financial institutions are a remote workforce, ransomware, and the Internet of Things devices like webcams, Amazon Alexa, and Google Chromecast.

Security Considerations

Financial institutions often select security products based on what their security posture requires to pass exams. But the emergence of new threats is motivating more institutions to select solutions not just based on examiner expectations, but to also consider what is essential for operational safety. Generally, the security products that institutions invest in are determined by their cost and ability to mitigate risk.

For the most part, the financial services industry is interested in solutions that require minimal management involvement and customization to be effective. The industry also tends to adopt solutions once they’ve reached a certain level of commoditization and are priced lower. For example, well-commoditized solutions like anti-virus agents and anti-ransomware tools allow institutions to protect against expensive threats for the minimum cost. An effective anti-malware agent—especially one with some specific anti-ransomware technology—is another essential layer for endpoint protection.

Ultimately, increased competition leads to technology innovation and consolidation. A good example of this is what’s happened with firewalls. Implementing a firewall used to equate to a simple router that separated public and private networks. Things evolved when people began adding dedicated appliances like intrusion detection and prevention systems, antivirus gateways, web content filters, and other technologies. Through commoditization, these different elements became consolidated into the firewall to create a unified threat management system. More recent innovations that allow institutions to inspect encrypted traffic and sandbox potentially hazardous traffic have ushered in the next-generation firewall.

Going Beyond Basic Requirements

A fundamental requirement for layered security is multi-factor authentication (MFA), which involves several elements for validating the identity of users. While some organizations have concerns about MFA negatively impacting user experience, the technology provides an advanced level of protection that strengthens security.

Transport Layer Security is now implemented to secure over 80% of web traffic. The TLS protocol is used to encrypt data between a web browser and a website. While this is great for user privacy, it prevents institutions from inspecting all user traffic for threats. Transport Layer Security (TLS) Inspection has become a more common—and critical—security tactic for financial institutions. TLS inspection allows institutions to decrypt and inspect TLS traffic, so they can filter out malicious information and protect their network.

The increased adoption of endpoint security and other innovative technologies is making it easier for financial institutions to implement a layered approach to security. Safe Systems offers a wide range of security solutions to help community banks and credit unions incorporate multiple levels of protection to enhance their security posture.

18 Aug 2021
How Banks and Credit Unions Are Responding to Emerging Cybersecurity Threats

How Banks and Credit Unions Are Responding to Emerging Cybersecurity Threats

How Banks and Credit Unions Are Responding to Emerging Cybersecurity Threats

Cybercriminals are always looking for new ways to bypass defense measures and exploit emerging weaknesses. Today, financial institutions are fending off security threats that are more ubiquitous, complex, and costly.

As more employees than ever before engage in remote work and online collaboration, this presents a host of potential security gaps. Unsecured home Wi-Fi networks, remote servers, mobile devices, a lack of encryption, and inadequate intrusion detection software are just a few of the factors that contribute to a spike in cyber attacks.

From an internal operations standpoint, it’s equally as important for financial institutions to secure data from basic human error, as 85 percent of data breaches involve a human element, according to the Verizon 2021 Data Breach Investigations Report. Employee awareness training can be the first (and best) defense against emerging cybersecurity threats like business email compromise which is designed to trick people into processing a payment or sharing valuable information.

Leveraging the Latest Technology

Next-generation firewalls (NGFWs) and cloud platforms can also support organizations’ efforts to combat cybersecurity threats. NGFWs offer advanced features that make risk easier to detect, manage and eliminate. SSL/TLS inspection can ensure that encrypted traffic is safe to transmit over the firewall. In addition, threat feeds can help firewalls effectively analyze traffic and route potentially dangerous traffic to a virtual “sandbox,” where it can be processed securely. Automated log analysis is then used to enhance the difficult job of managing voluminous logs and resolving security issues. To learn more about how these advanced features work, listen to our recorded webinar, “Firewall Chat: A Panel Discussion on the Technical Advances in Firewalls”.

Cloud computing is also providing benefits to financial institutions to enhance their security resources. While cloud technology is nothing new, innovations from major platforms like Microsoft, Amazon and Google offer enticing advantages to moving data and business processes into the cloud. But it’s important to keep in mind that employing cloud services requires institutions to use different security practices in order to minimize data breaches and other cyber threats.

Growing Need for Insurance and Expertise

As another developing trend, more companies are adding cyber insurance to their security toolbox. A cyber insurance policy can be an effective way to mitigate risk related to financial losses from cyber attacks. But with more cybercrime happening, organizations can expect to see higher premiums, decreased limits, and changes in exclusions for certain losses.

As cybersecurity threats become more frequent, sophisticated and expensive, financial institutions need to apply more vigilance and expertise to keep hackers at bay. Safe Systems can help ensure that community banks and credit unions have the technical resources they need to effectively address the latest security issues. Managed Perimeter Defense (MPD) offers a combination of professional IT solutions, including device monitoring and management, sandbox analysis, dynamic threat feed analysis, and SSL/TLS inspection.

02 Apr 2021
Is Cybersecurity Your Weakest Link

Is Cybersecurity Your Weakest Link?

Is Cybersecurity Your Weakest Link

Is Cybersecurity Your Weakest Link?

The financial landscape has changed drastically in the last 20 years, one of the most notable changes being the variety of financial services now being offered online. Although the wide-spread use of internet has made it possible to receive financial guidance from anywhere in the world, it has also created an environment where sensitive information and data could potentially be compromised by cybercriminals.

Today, professional hackers are spending more time and money than ever before to gain access to personal information for both monetary gain and “professional” recognition. The sensitive information that the financial services industry has access to continues to make them a prime target for hackers and other cybercriminals. Attacks can range from malware threats, DDOS attacks, phishing attempts and data breaches – all of which bad actors can use to commit fraud themselves or sell to a third-party.

Importance of Being Secure

 

Cybercrime continues to be a growing problem for banks and credit unions across the country. The impact of a cybercrime can be very costly for a financial institution, both financially and from a reputational standpoint. The main risks include theft or unauthorized access to sensitive customer information along with the disruption of normal business operations.

In addition, as the number of security threats continues to increase in the financial services industry, regulators are taking a closer look at financial institutions’ policies and procedures to ensure that they can effectively safeguard confidential and non-public information. As an example, the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT) is designed to ensure financial institutions are prepared in the event of a cybersecurity attack. The FFIEC CAT is now the guide regulators are using to examine institutions and determine their level of cybersecurity preparedness.

Some of the most common security threats financial institutions face today include:

Malware and Ransomware

 

Ransomware has established itself as one of the leading cyber threats for many organizations, but especially financial institutions. Using ransomware technologies, hackers can gain complete access and control over legitimate websites, often by encrypting data or programs, and extort ransom payments from victims in exchange for restoring access to the individual or business. Malicious software, or “malware”, is no longer characterized by simple aggravating popups and sluggish computer performance, but rather the encryption of all data on a machine, rendering it unusable.

Internet of Things (IoT) Attacks

 

Unsecured Internet of Things (IoT) devices such as DVRs, home routers, printers and IP cameras are vulnerable to attack since they are not required to have the same level of security as computers. To breach a financial institution, attackers will target insecure devices to create a pathway to other systems. Unsecure IoT devices are also used to launch distributed denial-of-service attacks (DDoS) against institutions. These DDoS attacks prevent legitimate users from accessing computer systems, devices or other online resources. The perpetrator floods the victim’s machine or network with false requests from various sources to overload the system and prevent legitimate access. A well-executed attack can interrupt a host of banking services including website access, ATM networks, and online banking platforms, in addition to internal systems and functions.

Phishing Scams

 

Phishing scams that specifically target financial institutions’ employees, attempting to obtain sensitive information such as usernames and passwords, have become increasingly common within the last few years. The goal of phishing is to direct employees to a fraudulent website where they are asked to share login credentials and other personal information. The information that employees are tricked into providing then allow for cybercriminals to read a bank or credit union’s critical information, hack into the employee’s bank and social media accounts, send emails on an employees’ behalf, and gain access to internal documents and customer financial information.

Lack of Third-Party Vendor Security

 

While a financial institution might have the right security systems and policies in place to protect itself and its customers from a cyber-attack, its third-party providers may not have the same level of security and diligence. This creates a major vulnerability for the financial institution. Without a proactive approach to vendor management, financial institutions are opening themselves up to increased levels of risk that can have a negative impact on the institution’s financial standing, compliance posture and overall ability to serve its customers. Federal regulators have issued guidelines to help institutions better understand and manage the risks associated with outsourcing a bank activity to a service provider. The FFIEC IT Examination Handbook was revised to help guide banks to properly establish and maintain effective vendor and third-party management programs.

Insider Threats

 

Often, all it takes is a disgruntled employee or ex-employee to release valuable security information and compromise system and data security. Additionally, cybercriminals are increasingly realizing success through bribery as a means to entice bank employees to give up their login credentials or other security information, allowing direct access to internal systems.

Lack of Employee Training and Security Expertise

 

The COVID-19 pandemic has certainly brought its share of challenges to the financial sector of business, including increased network vulnerability and internal threats as employees transitioned to a remote work environment. These changes required cybersecurity personnel to change their online security baseline and continuously adapt to the changing IT security landscape. With the increased popularity of remote work, company IT staff are encouraging employees to take charge of their own online security through testing and training. The training includes topics like the importance of password security and multi-factor authentication and helps employees understand their roles and responsibilities in protecting against security threats. Until this learning gap is resolved, financial institutions will continue to struggle to efficiently manage cybersecurity threats.

Combating Security Threats and Ensuring Institution Security

 

While cybersecurity has become a major point of discussion among professionals within the financial industry, the truth is that many financial institutions are too complacent when it comes to protecting themselves. With hackers using advanced technology, the “bare minimum protection” is no longer enough to keep sensitive information safe. To adequately protect against security threats, financial institutions must ensure that every device on the network has up-to-date antivirus software, adequate firewall protections and that all patches are up-to-date as a minimum requirement. In addition, financial institutions should also employ a layered security strategy, from the end-user to the internet to establish a secure IT environment. Adding preventive, detective and responsive layers to IT security strategy will help strengthen an institution’s approach and build an effective security foundation.

A uniquely tailored layered security approach enables financial institutions to:

  • Monitor antivirus for servers, workstations, and off-site laptops
  • Use services that evaluate site lookups to avoid exposure to compromised websites
  • Scan the network for vulnerabilities and detect unusual activity against hackers and rogue employees
  • Block access to all external ports while also monitoring the access of various machines
  • Meet government regulations and requirements
  • Counter extortion threats by preventing a hacker from holding your customer’s personal data for ransom with special customized software for stopping ransomware
  • Patch machines, encrypt laptops, and install alerts on new devices plugged into the network

The security landscape is constantly evolving, and it is imperative to have a solid security plan in place that accounts for this evolution. It should be a fluid document that is frequently reviewed, updated and that specifically outlines administrative, technical, and physical controls that mitigate evolving risks. It is also important to test the full plan on a regular basis to ensure all procedures can be executed successfully and verify that all regulatory requirements are met.

Managing Security Needs

 

Many community banks and credit unions find that managing the security needs of their organization can be a time-consuming and challenging task. To help augment the security responsibilities, these institutions are turning to financial industry-specific IT and security service providers to act as an extension of their organization, provide timely support, and help the financial institution successfully design and execute a comprehensive security strategy. The right solution provider couples security measures with an understanding of and support for the unique security and compliance demands of the financial industry.

At Safe Systems, we believe that proactively protecting customer data will always be more cost effective than falling victim to malicious activity. To that end, we have the unique expertise to ensure that financial institutions employ the right combination of both broad and specific security products to create an ecosystem of protection. Safe Systems helps secure an organization’s endpoints, devices, and users by assessing vulnerabilities, detecting unwanted network activity, safeguarding against data loss, and preventing known threats while staying ahead of developing ones.

11 Feb 2021
Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

A traditional firewall can only do so much to protect a network against the invasive security threats that financial institutions are facing. Add to that, cybercriminals are becoming more sophisticated and creative with their schemes, meaning banks and credit unions need more advanced defensive measures in place.

Malware and other cyber threats have been steadily increasing—especially against financial institutions, which are 300 times more likely than other companies to be targeted by a cyberattack, according to research by Boston Consulting Group. Institutions can capitalize on next-generation firewall (NGFW) features and other advanced technologies to increase the likelihood of warding off attacks, including:

Antimalware Scanning

Malware is intentionally designed for a perverse purpose: to damage a computer, server, client, or computer network. To keep malware at bay, banks and credit unions can use antimalware to thoroughly scan their computer network and detect and remove malicious ransomware, spyware, and other software that might be lurking on the system. Taking this proactive step can help institutions keep their network from being damaged, disrupted or compromised and overall improve the delivery of their services in a safe and secure manner.

Dynamic Threat Feeds

Threat intelligence data feeds can provide institutions with constantly updated information about potential sources of attack. Industry-specific feeds deliver up-to-date information on the latest security threats in the banking industry. Dynamic threat feeds make it easy for institutions to permit “good” network traffic in and “bad” traffic out while ensuring critical processes continue to work.

Dynamic threat feeds, essentially, take valuable parts of the information related to establishing connections and find similarities within them to act on potential or current threats. A key type of threat intelligence feed that institutions can implement are GEO-IP threat feeds. With this technology, a bank can map an IP address to the geographic location of an Internet-connected computing device. Then, they can analyze the Geo-IP data to detect threats from high-risk locations to improve their security posture. This analysis can be accomplished with processing times equal to less than a few milliseconds.

Another effective threat feed that institutions can use is IBM X-Force Exchange. This cloud-based threat intelligence platform allows banks to consume, share, and act on a variety of threat intelligences. IBM X-Force enables users to quickly research the latest security threats, gather actionable intelligence, consult with experts, and collaborate with peers. They can also integrate other tools to facilitate configuring feeds, providing a major benefit for smaller institutions with fewer resources. With dynamic threat feeds, banks and credit unions can have greater peace of mind with their firewall and security posture.

TLS/SSL Inspection

NGFWs offer capabilities that go beyond traditional firewalls, including inspecting TLS/SSL encrypted traffic. TLS/SSL technology helps protect online traffic; it creates an encrypted link between a web server and browser, ensuring the privacy of the data being transmitted. TLS/SSL inspection is important because it allows firewalls to scrutinize this encrypted web traffic and close holes in security. These security gaps could be exploited by would-be cybercriminals who attempt to use encrypted traffic for malware to circumvent the firewall’s inspections.

TLS/SSL traffic inspection allows institutions to decrypt traffic, inspect the decrypted payload for threats, then re-encrypt the traffic before it enters or leaves the network. Such deep content inspection can better protect institutions from internal and external risks. This makes TLS/SSL inspection the ideal defensive weapon against menacing malware and other security issues.

Sandboxing

Sandboxing can also help institutions augment their network security efforts. Traditional firewalls evaluate traffic based on static factors like where it originated, it is destination going, and the port being used. However, these are no longer sufficient for combating modern security threats. Sandboxing—physically or virtually segmenting a system, network, or entire environment—creates a secure location to test and neutralize potential hazards. Having a safe space to “detonate” payloads for analysis results in less risk and damage to the production environment, and, ultimately, enhances network security.

For more information about using advanced firewall features and other technology to strengthen network security, read our “Improving Security Posture Through Next-Generation Firewall Features” white paper.

04 Feb 2021
Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

In 2020, 80 percent of firms experienced an increase in cyberattacks, and the pandemic was at the root of a 238-percent spike in attacks on banks, according to Fintech News. In a world of ever-increasing cyberattacks, does your bank or credit union have the appropriate security layers in place to effectively thwart these threats?

There are some proven, preemptive measures that financial institutions should take, including:

Effective Log Analysis

Logs record every activity and event that occurs on a network, providing valuable clues about potential performance, compliance, and security issues. But it can be challenging for an institution to analyze, manage, and tailor all the log data that it receives—which can exceed millions of lines in just a 24-hour period. Without sufficient data analysis tools, information technology (IT) professionals are severely limited. They have to depend on their own processing capabilities to manually analyze data, which can be a labor-intensive, mistake-prone task.

Effectively managing log analysis has become more problematic with shifts in the security landscape: the expansion of security features, increase in firewall complexity, rapid emergence of new security threats, and constant growth in endpoints. This creates a situation that no security team can effectively manage on its own without some level of automated log collection and analysis.

With this technology, firewall logs are sent to a device that deftly collects and interprets the data. Information is then displayed in a format that is more readable, searchable, and useful for security engineers. While this process can go a long way toward improving the gathering of raw data, institutions can do even more to enhance their log management by building in additional security layers through the automated threat identification.

Log analysis automation equips security professionals to more effectively receive alerts about current and possible threats. Many banks and credit unions have limited personnel and expertise available to analyze their vast amount of traffic logs manually. But automated log analysis allows institutions to maximize their resources by leveraging more advanced technologies, like artificial intelligence (AI), cloud-based computing, and big data to collect alerts more efficiently.

Improved Education and Continuous Improvement

Staff training and education are also an important aspect of solidifying an institution’s security posture, and institutions can employ a variety of tactics to ensure their employees are better able to interpret and respond to alerts. Bank tellers, loan officers, and administrative staff all benefit from informative seminars, brochures, and other learning opportunities. Information security operations personnel can improve simply by calling on experienced colleagues to share their expertise in a more informal exchange of information. These combined efforts can help institutions minimize the number of threats and manage their operations more efficiently on a daily basis.

Financial institutions must also commit to continuous improvement in regard to their firewall security. While enhancing log analysis is not an exact science, there is value in institutions asking targeted questions to help determine the need for specific enhancements to help ensure that the most actionable and best information is being presented to the individuals who need to review it.

Integrating Advanced Technologies

Additionally, banks and credit unions should leverage next-generation firewall (NGFW) features and other advanced technologies – like dynamic threat feeds – to optimize their security initiatives, helping ensure they allow “good” traffic in and keep “bad” traffic out while maintaining critical processes.

NGFWs also enable financial institutions to perform functions beyond that of a traditional firewall, including deeper inspections of transport layer security (TLS) and secure socket layer (SSL) encrypted traffic. The practice of “sandboxing” to physically or virtually segment a system, network, or entire environment creates a secure location to test and neutralize potential threats.

Learn more about how your institution can incorporate the right security layers to combat today’s threats by downloading our “Improving Security Posture Through Next-Generation Firewall Features” white paper.

31 Dec 2020
Best Practices in Leveraging Firewalls and Encryption

The Importance of a Layered Approach to Financial Institution Security: Best Practices in Leveraging Firewalls and Encryption

What You Need to Know About Securing Azure AD

Over the last decade, we have seen major advances in the world of online security, mainly with the development of firewalls and encrypted data options.

Safe Systems hosted a live webinar earlier this month discussing how firewalls, encryption and other online security measures work; why a layered security approach is best in all situations; possible threats to each security measure; and what your financial institution can do to keep your information secure and uncompromised. In case you missed it, here are a few key points from the webinar.

What are firewalls and how did we get to where we are today?

Firewalls became a necessity when banks and credit unions started connecting all of their computers to the same network that was then connected to the internet. Firewalls functioned as the first line of defense – but were nowhere near the caliber of defense we have available today.

When attacks started to occur, it put company computers and the data stored on them in a compromised position. A need arose to come up with appliances that were either in line with the firewall or were an additive to the firewall’s system. The new appliances included IDS/IPS systems, AV Gateways and Web filters – all of which added new layers of security to the firewall.

Today, the latest generation of firewalls, known as Next Generation Firewalls, combines earlier firewall models and offers multiple layers of protection as part of the firewall service. However, some of the additional layers may be included by default and some require extra licensing to take advantage of specific features.

What is the layered security approach and how do today’s firewalls implement that strategy?

What we have learned over the last several years is that security solutions may be incredibly strong in some regards but have gaping holes in others. A layered security approach assists in closing those gaps and lessens the potential risks for an online attack.

What is encryption, how does it work and what can we do better?

Encryption is another aspect of the layered security approach. The two encryption types highlighted in the webinar are Secure Socket Layer (SSL) and Transport Layer Security (TLS), and while they use different nomenclature, the two encryption types are essentially the same – TLS is just a slightly new version.

The goals of TLS:

  1. Encrypt Data
  2. Authentication
  3. Data Integrity

In the last 5 years, there has been major growth in website encryption. It has expanded from being used only when a user types in their username and password to include approximately 90% of the most visited websites today encrypting all of their webpages.

Although having encrypted sites gives users a more secure experience, encryption has some unintended consequences. When traffic is encrypted between the website and the desktop browsing the site, the firewall cannot evaluate the traversing traffic. This means, in the past, a firewall could evaluate a large majority of web traffic. Now, the firewall can only evaluate about 10% of web traffic, because the rest is encrypted.

Bad actors have focused on these security holes and have built their malware to navigate encrypted traffic to get through the firewall and to the workstation. To fight this issue, TLS inspection can be implemented on a Next Generation Firewall to inspect the encrypted traffic passing through on a daily basis.

Today, with TLS inspection, firewalls can get back to inspecting a majority of web traffic farther than just 10% that isn’t encrypted today. This closes a major security gap many institutions may not even know they have.

What steps can you take to increase your online security?

Although there are several ways you can increase your level of online security, as of now, there is no software that guarantees you will not be compromised. However, in addition to encryption, you can take several steps to keep your online presence safe and secure.

A few of the steps you can take to fight malware are:

  1. Anti-Malware Scanning – an anti-virus engine that came about in the Universal Threat Management (UTM) devices. Anti-malware is a software program designed to prevent, detect and remove malicious software on IT systems.
  2. Sandbox Analysis Piece – an additive that enables a firewall to analyze a file and determine its risks level. If the file is determined to possibly be malicious, the file can be sent to the sandbox where the file can be detonated. If the file appears malicious after detonation, the file is blocked from being downloaded to the end user. If the sandbox determines the file is likely safe, the file is allowed to pass through the firewall to the end user for us.

To learn more ways to protect your institution, watch our recorded webinar, “Why You Shouldn’t Ignore Encryption.”

10 Dec 2020
Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

A firewall is a key defense measure to combat cyber threats and having the right firewall solution can provide financial institutions with top-rate protection to meet regulatory requirements as well as useful security tools to identify, analyze, and thwart malicious activity. But does your current firewall security meet these expectations and prepare your institution to scale and reach its IT strategic goals?

Challenge

Leesa Anderson, Chief Technology Officer at Bank of Wrightsville, wanted to ensure her institution had the right tools in place to ensure network security, meet compliance requirements, and keep banking operations running smoothly. After an IT audit and third-party vulnerability assessment, it was recommended for the bank to update its firewall to include Secure Sockets Layer (SSL) inspection. However, at the time, this feature was not available on the bank’s current firewall solution. The bank knew it needed to find a new firewall product to improve the bank’s security posture and meet regulatory expectations.

“We needed to have SSL inspection set up on our firewall solution, but our provider at the time wasn’t offering this capability,” said Anderson. “We began looking for a solution that met all of the basic requirements for firewall protection but also included more of the next-gen features that could help us be more proactive and stay ahead of the curve with our perimeter security.”

Solution

After attending Safe Systems’ user conference, Anderson decided to take a closer look at Safe Systems’ Managed Perimeter Defense (MPD) next-gen firewall solution. The solution deploys powerful machine learning algorithms, SSL inspection capabilities, advanced reporting, and alerts to help financial institutions detect and combat malicious activity on the network. After careful consideration, Anderson selected and implemented MPD as the bank was looking to enhance its network security and needed new hardware as well.

Managed Perimeter Defense has provided many benefits to Anderson and her team. Read the full case study to learn how this next-gen firewall solution transformed Bank of Wrightsville’s firewall security and improved its compliance posture.

03 Dec 2020
How to Improve Network Security With Cyber Threat Intelligence Feeds

How to Improve Network Security With Cyber Threat Intelligence Feeds

How to Improve Network Security With Cyber Threat Intelligence Feeds

While industry-specific threat intelligence feeds keep financial institutions up to date on the latest security threats in the banking industry, the sheer amount of information collected can be challenging for community banks and credit unions to process efficiently. In this blog post, we outline three key information-sharing organizations that community banks and credit unions should consider utilizing and offer a few tips to improve cybersecurity processes as well.

Types of Threat Intelligence Feeds

According to the Federal Financial Institution Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT), it is important for financial institutions to have processes in place to effectively discover, analyze, and understand cyber threats. Implementing bank-specific threat intelligence feeds provides financial institutions with industry-specific security information needed to meet this requirement. Here are a few of the top threat intelligence feeds:

1. Geo-IP Threat Feed

IP-based geolocation is a mapping of an IP address to the geographic location of an Internet connected computing device. Financial institutions can use IP geolocation data to monitor threats from high-risk locations and use this data to strengthen their cybersecurity posture.

2. FS-ISAC

FS-ISAC is an information sharing organization designed specifically for financial services organizations and financial institutions. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.

3. IBM X-Force

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows organizations to consume, share and act on threat intelligence. With this platform, you can quickly research the latest global security threats, collect actionable intelligence, consult with experts and collaborate with peers.

Strengthening Your Cybersecurity Posture

Regulators expect financial institutions to belong to an information sharing organization or utilize a crowdsourced security feed because they believe that if institutions can share threat information they’re seeing in the industry, then other financial institutions of similar size and complexity will know how to deal with new and emerging security threats. However, there are two key issues with this concept:

  1. Financial institutions are receiving large amounts of information and don’t know what to do with it
  2. Financial institutions are consuming threat information but are not sharing security threats they’ve encountered with their peers

For smaller financial institutions with limited resources, engaging with a knowledgeable third-party provider that has a solid methodology in place to analyze all of the data disseminated from threat intelligence feeds and filter the information to identify key threats can be a great benefit to the institution’s cybersecurity efforts. It is equally important for these institutions to share cybersecurity threats or incidents they’ve encountered with information sharing organizations to ensure other financial institutions are informed, strengthening the banking industry as a whole.

For more information on enhancing your cybersecurity posture, view our cybersecurity resources.

21 Sep 2020
Three Often Overlooked Elements of an Effective and Compliant Incident Response Plan (IRP)

Three Often Overlooked Elements of an Effective and Compliant Incident Response Plan (IRP)

Three Often Overlooked Elements of an Effective and Compliant Incident Response Plan (IRP)

In today’s security environment, it’s not if a cybersecurity incident will impact your institution, but when and how big? That’s why having an effective and compliant incident response plan (IRP) is so important to ensure your institution is prepared for the unexpected and equipped to recover.

When a financial institution experiences a cyber incident, the information security officer (ISO), along with the incident response team, must assess the situation and determine if this incident has resulted (or might reasonably result) in exposure of non-public personal information (NPI). If the answer is “yes,” then the team must activate the IRP to contain and control the situation and ensure quick and efficient response and recovery. When activating an IRP, there are three key elements that we sometimes see financial institutions overlook:

1. Incident Response Team Participation

When building your incident response team, it is important to include representatives from each functional unit of the institution. Too often the incident response team consists of IT personnel only. While an incident might seem to be isolated to a certain department (like IT), there could be residual effects impacting other parts of the organization.

For example, let’s say you have an incident that seems to be limited to a group of customers who received a phishing email appearing to be from the institution asking them to click a link to change their ebanking password.

In this situation, you may be inclined to simply involve IT and deposit operation teams. However, because there could be a ripple effect that goes beyond that one incident, you’ll want to include other departments such as lending, human resources, and accounting. For instance, the customer could have a lending relationship or home equity line with the institution that might be impacted as well. Or, the customer could also be a vendor. Furthermore, with the increased possibility of pretexting during a social engineering attack, the Human Resources department may want to use the incident as an opportunity to conduct refresher training to ensure employees know how to verify customer information. As such, it’s important to have all your bases covered and include all functional units on the incident response team.

2. Designated Spokesperson and Social Media Monitoring

Once you’ve activated your plan, it’s important to understand that you cannot simply hope to contain the incident within your organization. A cyber incident may involve key external stakeholders including the Board and senior management, regulatory agencies, law enforcement, third-party service providers, insurance, legal, customers, and may even attract the attention of the media.

When an incident occurs, it is important to have designated spokespeople pre-selected to communicate with each external stakeholder that needs to be informed. For example, you’d want to have your IT admin in contact with the point person at your outsourced IT company because they most likely have a direct relationship with this vendor. However, you probably wouldn’t want that same person reaching out to regulators or customers. A member of senior management would be the best choice for that. In addition, you should designate one or more individuals to be your media contact. Don’t forget to have someone monitoring social media channels to ensure news about the incident isn’t spreading online potentially exposing you to reputational harm.

When developing an incident response plan, designating spokespeople to communicate with external stakeholders and monitoring online social media channels often gets overlooked because the main focus is usually on how the incident happened and how to fix it quickly. The moment the incident response plan is activated it is critical for the incident response team to assign these roles and keep these individuals updated with any interactions they may have with stakeholders.

3. Detailed Incident Documentation and Log Retention

It is imperative that the incident response team creates detailed documentation outlining everything that occurred from the time the event was first identified, even before it became classified as an incident. Again, this is often overlooked as the team engages in containment and control activities. However, regulators, insurance companies, third-party forensics companies, the Board, law enforcement, etc., will need full details when and if they are drawn into the incident. The documentation should detail who responded, what actions were taken, when each action was taken, (the timeline), and why and how (if known) the incident occurred.

Equally important is the retention of any data logs that might assist with the response and recovery phase. Often insurance carriers will need this information if they are involved, and forensic firms will definitely need it if they are drawn into the investigation phase.

We’ll dive deeper into security event logging and best practices for responding to a cyber incident in a future blog post.

10 Oct 2019
5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

The final months of the year signal the beginning of many traditions. For community banks and credit unions, the Fall marks the start of budget season. Financial institutions use this time to assess the year’s performance, make necessary adjustments—or full upgrades—for 2020 and beyond.

As you know, technology and security are constantly evolving, and compliance continues to be a moving target, so it’s time to consider important areas your institution needs to budget for in the next year. To ensure that your institution heads into 2020 on an upward trajectory, here are five key items to include on your list.

  1. Hardware
  2. Every year hardware should be evaluated to see if it is under warranty; in good working condition; and that the operating system hasn’t reached end of life.

    Two dates to be aware of:

    • SQL Server 2008 R2 reached end of life on 7/9/2019
    • Windows Server 2008 and 2008 R2 reach end of life on January 14, 2020

    These items will need to be upgraded or replaced as soon as possible with supported software. If the decision is to replace a server based on these products being end of life, there are options to consider as covered in number 2 in this article.

  3. Cloud vs. In-house Infrastructure
  4. Free eBookEverything You Need to Know About the Cloud Get a Copy

    Moving internal infrastructure out of the office is the new trend. This move feels similar to the move to virtualization, in that everyone agrees this is the next logical step in the evolution of computing. You should be asking the same question about cloud infrastructure as you did about virtualization—when is the right time for your institution to make the move and what are the pros and cons of this move? When the time comes to replace pieces of your infrastructure, start to gather information about the benefits of moving to the cloud and the costs associated with it. Remember, each server has both direct and indirect costs.

    Direct:

    • Server Hardware
    • Warranty
    • Software

    Indirect:

    • Electricity
    • Cooling
    • Storage/physical space
    • Maintenance
    • Backup
    • Disaster Recovery

    Each year as hardware becomes outdated and needs to be replaced, evaluate whether moving that server to the Cloud makes sense. Be sure that the functions of the server can be accomplished in a cloud environment. Once a presence in the cloud is established, future growth and changes become much easier and quicker.

  5. Firewalls
  6. Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

    Firewalls continue to evolve as network and cybersecurity threats evolve and change. Ten years ago, adding intrusion prevention systems (IPS) to firewalls became commonplace in the industry. Now there are a host of new features that can be added to your firewall to improve your institution’s security posture. Many of these fall under products using the term next-gen firewalls. A few key features to consider include:

    • Secure Sockets Layer, or SSL, is the industry standard for transmitting secure data over the internet. The good news is most websites on the internet now use SSL to secure the traffic between the PC and the website. The bad news is, your firewall may be protecting your institution from fewer sites than ever before. Google researchers found that 85% of the websites visited by people using the Chrome browser are sites encrypted with SSL. This means that for many firewalls, 85% of web traffic cannot be inspected by the firewall. Many firewalls can perform SSL inspection but may require a model with more capacity; a new license to activate the feature; and configuration changes to enable this feature to work.
    • Sandbox analysis is a security mechanism used to analyze suspect data and execute it in a sandbox environment to evaluate its behavior. This is a great feature to introduce to your infrastructure because it provides more testing and insight into the data coming into your institution.
    • Threat intelligence feeds (like FS ISAC), built-in network automation, and correlation alerting are also important features that can help you keep track of emerging security threats; automate key processes; and improve your institution’s cybersecurity posture.

    Consider enhancing your firewall features or upgrading to a next-gen firewall to ensure the traffic traversing your firewall is truly being evaluated and inspected.

  7. Virtual Information Security Officer (VISO)
  8. A newer service that has grown in popularity over the last year is the Virtual ISO or VISO role. While services like this have been available for a while, this is the first year we have heard so much talk from community financial institutions. As the job of Information Security Officer (ISO) has become more involved the expertise needed has grown as well. These VISO services offer a way to supplement the internal staff with external expertise to accomplish the tasks of the ISO. Budgeting for a service like this becomes critical if one of the following is true:

    • No one else in the institution has the needed knowledge base and finding this knowledge set in your area is difficult or expensive;
    • Your current ISO does not have a background in the field or is wearing too many hats to do it well;
    • Your current ISO is likely to retire or leave due to predictable life change events; or
    • The role of ISO and Network Administrator or other IT personnel do not provide adequate separation of duties at the institution.

  9. Disaster Recovery (DR)
  10. Many institutions do not have a fully actionable or testable disaster recovery process. A verified DR process is a critical element of meeting business continuity planning (BCP) requirements. Therefore, this can be a significant reputational risk for the financial institution, if not done correctly. If your institution hasn’t completed a thorough and successful DR test in the last 12 months, it is time to evaluate your current DR process. Using a managed site recovery service can ensure you have the proper technology and support to thoroughly test your DR plan and recover quickly in the event of a disaster.

    Budget season is a time to address needs and wants, but also a time to seek improvement or evaluate key changes for the new year and beyond. For example, moving your infrastructure to the cloud may not make sense for the coming year, but the insight gained by evaluating it this budget season improves your knowledge-base for when it is time to make that decision. As we conclude 2019, we hope these insights position your institution for a productive budget season and a successful 2020.

24 Jan 2019
What Community Financial Institutions Should Look for in a Managed Services Provider

What Community Financial Institutions Should Look for in a Managed Services Provider

What Community Financial Institutions Should Look for in a Managed Services Provider

The majority of banks and credit unions rely on managed services providers to help them improve efficiencies in their organization, meet mounting regulatory compliance requirements, and provide the competitive products and services their customers and members expect.

However, selecting the right managed services provider can be challenging. We have highlighted some key qualities that community banks and credit unions should look for when choosing trusted partners.

A managed services provider should have a true understanding of the following areas:

The community banking and credit union industries

Complimentary White PaperAutomating Your Compliance Processes with Technology Get a Copy

A managed services provider must truly understand the “ins and outs” of operating a community bank or credit union. This includes recognizing the industry trends, realizing the importance of priorities, such as customer- and/or member-service related touch points, and understanding regulatory and compliance issues. Not knowing how a community financial institution operates is a hindrance that can prohibit the provider from effectively meeting the demands of the institution and makes it unlikely that it will be in a position to offer informed recommendations on improvements and solutions to existing issues.

Financial services technology

Technology is ever-changing and it is nearly impossible for any one person to successfully keep up with all of the advancements. To provide the technological solutions and services that a community bank or credit union requires, a managed services provider should understand the technical requirements of all banking technology solutions, starting with the core platform. Since many applications have to work with — and integrate into — the core platform, it is impossible to design an efficient and comprehensive network without first an understanding of core platforms and banking technology.

Regulatory compliance requirements

The evolving world of financial regulatory compliance governs every aspect of your IT network and that includes what hardware and software you choose to deploy. In today’s banking environment, vendors must be able to make recommendations on how to manage hardware and software to meet regulatory expectations, meet regulatory expectations such as, verifying all patches, ensuring security measures are up to date, and maintaining access to critical services during a disaster.

Working with the wrong managed services provider can be time-consuming, cumbersome, and even stressful. However, working with a provider who offers the desired services and who truly understands your industry can help guide the institution in today’s challenging financial environment. A good partnership is key to ensuring your organization remains competitive and profitable for years to come.

28 Nov 2018
What Community Banks and Credit Unions Should Budget for in 2019

What Community Banks and Credit Unions Should Budget for in 2019

What Community Banks and Credit Unions Should Budget for in 2019

As 2018 winds down, banks and credit unions are thinking ahead to 2019. They are determining the new solutions, products, and enhancements needed to meet their strategic plans in 2019 and beyond. In addition, they are evaluating what needs to be updated or upgraded and the processes that can be improved upon.

There are three key areas banks and credit unions should focus on during budgeting season – technology, security and compliance. While lines that separate technology, security, and compliance are blurry at best, 2019 budgeting items for operations fall largely into these three buckets.

Compliance

Complimentary White PaperManaging Risk with Truly Secure Vendor Management Program Get a Copy

While the focus of many examiners has shifted back to financial aspects of institutions, the top three findings our customers report relate to:

  1. Vendor Management – Typically the current vendor management solution (if it exists at all) is deemed inadequate or insufficient. Often the solution doesn’t cover all vendors or provide a way to adequately assess these vendors.
  2. Business Continuity Planning (BCP) – In the mid to late 2000’s many banks and credit unions updated their Business Continuity Plan. However, for many institutions, these plans have remained relatively unchanged for a decade now. Technology and business processes on the other hand, have changed rapidly over the last decade. The Federal Financial Institutions Examination Council (FFIEC) has also updated their guidance to address the current challenges of BCP. If the institution’s plan has not been thoroughly updated in a while, the institution may be at risk of a finding on a future exam.
  3. With both of these findings there may be an additional finding of inadequate management or board oversight. Often these findings happen on the same exam and are followed with a concern with oversight. Many of the calls Safe Systems gets after an exam relate to these issues.

Avoid finding yourself under a Memorandum of Understanding or a Matters Require Attention by budgeting to ensure your compliance processes are up to date.

Vendor Management solutions can run from $2,500 to more than $6,000 per year. Business Continuity Plans can range more significantly from a couple of thousand to more than seven thousand dollars per year. Do some research and find some solutions that would meet your institution’s needs and identify their year one cost and annual cost thereafter.

Security

With attacks on the rise and businesses continually falling victim to cybercrime, security needs to be an institution’s priority. There are innovative solutions coming to market every day to help address security risks. These solutions can help mitigate the risks that your institution faces, but they can also cause confusion on where you should focus your attention. For the next several years, it is in the institution’s best interest to continually focus on the impending security landscape and verify that your budget reflects your strategy.

One place to start is to review your current solutions. Verify that your current investments are still applicable for your ever-changing environment. Upon investigation, you might find features that are available as an add-on to your current solution to help mitigate risk. You may also find holes in your current strategy that may need to be rectified.

Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

As of October 2018, 90% of web traffic accessed through Chrome, the most popular web browser, was encrypted. These numbers have been increasing rapidly over the last few years. Many firewalls can only inspect unencrypted web traffic. This was a small risk when encrypted websites were less common. With the sudden rise of encrypted web traffic, many firewalls are NOT equipped to scan this data. It is possible to scan encrypted web traffic, but for many institutions this will require changes and additional investment. The risk of not scanning this encrypted web traffic significantly increases the chances of your institution becoming a victim of a malware outbreak or a data breach. Examiners in some regions have started to pick up on this security hole, and they are encouraging institutions to address this issue.

Another area of concern for institutions is new and emerging threats. Attackers are continually innovating and improving their attack methods, and basic security solutions may not be enough to detect and prevent these advanced attacks. Newer solutions specifically designed to analyze the growing attack techniques have been developed. The use of sandbox technology and machine learning are being tasked to make it more difficult for attackers to be successful. In many instances, these solutions can be imbedded within your perimeter firewall solution. These types of defenses can vastly increase the effectiveness of your security landscape.

Even though your firewall is viewed as a technical security device, it is also the device that grants users access to the internet. The internet has quickly become a business-critical service. When strategizing about upcoming budget aspects, the institution should consider the business risks involved when an internet device causes downtime. There are ways to mitigate internet downtime using high availability solutions. High availability involves having two firewall devices configured in a cluster. If one device fails, the second device seamlessly takes over responsibility so that downtime is avoided.

Additional devices and licensing will also affect the budget. These changes can be small or very large depending on the scope and goals of your strategy. Going forward, have a plan and strategy to deal with the ever-changing security landscape.

Technology

The biggest move in technology over the last half decade has been the move to the cloud. This will continue to be the case in 2019. The cloud offers benefits such as low maintenance, high availability and rapid disaster recovery that can’t be easily or affordably addressed with in-house solutions. The future likely means more servers and business functions moving to the cloud. This likely is where technology spend will move over the next 5 years. Another term for this is Infrastructure as a Service (IaaS). There are three likely situations that will lead to this move and determine how your institution makes the transition.

  1. Your institution desperately needs high availability and/or disaster recovery and is willing to incur the cost of moving from a hardware-based solution to a cloud-based solution.
  2. Your institution’s hardware infrastructure is reaching the end of its life and it is time to purchase all new hardware or move in a new direction. This can be a good time to evaluate your current setup and what is best for the future.
  3. Your institution has some regular hardware turnover scheduled for next year and wants to evaluate slowly moving to the cloud. Instead of buying a new server, it may be time to evaluate what the future of your infrastructure will look like and if the cloud is a long-term solution.

Free eBookEverything You Need to Know About the Cloud Get a Copy

Some vendors pitch the move to IaaS as a cost savings move. There are cost savings involved. No more hardware to buy and maintain; no more electricity to run the devices; no more cooling to keep hardware cool; and the ability to achieve high availability is easier and more efficient. However, the move to IaaS is typically not a cost savings, but a feature advantage. Most institutions will be lucky if they break even with moving to an IaaS model, but they will gain great redundancy, uptime, reliability, and disaster recovery capabilities.

Generic cost estimates are impossible due to the fact that everyone has different infrastructure, needs, wants, etc. But if flexibility and added freedom is something your institution wants or needs, start investigating what IaaS might cost for your institution. This technology has matured greatly over the last few years and continues to evolve, making it viable now and likely the wave of the future.

In moving into 2019, focus on two things. Are my current processes and products adequate? Not have they passed exams this year, but are they mitigating the current risks to the institution? Too often measuring by exams leaves the institution open to a false sense of security and potential exam issues in the future. For compliance, ensure the institution’s processes are thorough, up to date, and adequate to meet the needs of the institution. For technology, consider what the long-term goals of the institution are and start working on a plan to implement these changes. Security is going to need new investments each year for the foreseeable future. The historical solutions for security problems have been successful which has forced criminals to find ways around them. It’s time to realize that the threats have changed, and it is time to address the new threat landscape.

24 Oct 2018
One Key Feature All Banks and Credit Unions Need in their Firewall Cyber Threat Intelligence Feeds

One Key Feature All Banks and Credit Unions Need in Their Firewall – Cyber Threat Intelligence Feeds

One Key Feature All Banks and Credit Unions Need in their Firewall Cyber Threat Intelligence Feeds

Banks and credit unions have been using firewalls as part of their network-perimeter defense to make security decisions efficiently and protect networks from outside attacks for more than three decades. However, over the years, as technology and threats change, firewalls must also evolve.

In today’s security landscape, the biggest threats are often unknown until it is too late. One IT administrator cannot keep track of all malicious threats and activity and thoroughly understand how they will impact a network or system. This process takes too much time, and the volume of threats to manage is too large, as there are numerous new threats created daily. In fact, according to Kaspersky Lab’s Number of the Year for 2017, there were at least 360,000 new malicious files detected every day in 2017. This is an 11.5% increase from the previous year.

Discover, Analyze, and Understand

An updated approach that includes an automated cyber threat intelligence feed to uncover threats and new risks is required for firewalls to be effective in today’s environment. According to the Federal Financial Institution Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT), it is important for financial institutions to have processes in place to effectively discover, analyze, and understand cyber threats. With a cyber threat intelligence feed, banks and credit unions can keep track of emerging security threats through information sharing or crowdsourcing security feeds that source information on current and emerging security threats. Consuming this data helps financial institutions improve security processes to detect, prevent, and respond to cyber threats quickly and efficiently.

Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

When a cyber threat intelligence feed is integrated directly into the firewall platform, it eliminates the need for one or two individuals to correlate and filter the overwhelming volume of alerts from a variety of standalone systems and manually update rulesets. With cyber threat intelligence, financial institutions have thousands of people sourcing threat information. This ensures that malicious threats and activity are caught in a time-efficient manner, and IT personnel are able to better understand the various threats to their network. Implementing bank-specific feeds, such as those provided by the Financial Services Information Sharing and Analysis Center (FS-ISAC) will provide industry-specific threat information that enables the IT team to analyze relevant threats and the impact they may have on the institution.

How to Develop an Integrated Security Ecosystem

It is imperative that banks and credit unions are keeping their firewall security top of mind and are proactively monitoring the firewall solution to ensure it is able to effectively combat current malicious activity. Ensuring your firewall is up to date and using the latest technology solutions enables your institution to discover and address vulnerabilities before breaches occur and regulators identify weaknesses. With the increase in breaches and malicious activities, a cyber threat intelligence feed is necessary to stay up to date on the latest threats and vulnerabilities and ensure your financial institution is adequately protected.

For more information on key features of next-generation firewalls, download our white paper, Moving Beyond Traditional Firewall Protection to Develop an Integrated Security Ecosystem.

17 Oct 2018
A New Approach to Firewalls How to Maximize Security and Flexibility for Banks and Credit Unions

A New Approach to Firewalls: How to Maximize Security and Flexibility for Banks and Credit Unions

A New Approach to Firewalls How to Maximize Security and Flexibility for Banks and Credit Unions

Technology solutions and applications have seen significant changes and advancements in the last 20 years. The traditional firewall, which is still one of the most basic cyber deterrents available to banks and credit unions, remains a foundation for all security strategies. Firewalls act as an intrusion prevention system and gatekeeper for a network by examining all inbound and outbound traffic to determine whether it meets the designated criteria to continue through or if it is malicious.

Over the years, there have been various iterations of firewalls as technology evolves. However, in order for firewalls to continue to be effective, they must evolve to go beyond traditional perimeter protection to safeguarding the entire network. This requires systems to be more intelligent, scalable and customizable, and to better utilize automation to be more effective. To accomplish this, today’s firewalls should be built using an open architecture. By employing the open architecture philosophy, firewall and perimeter security solutions can be seamlessly integrated with other third-party solutions to increase visibility into all activity and leverage network automation.

Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

Some of the advantages of firewalls built on open architecture include:

  • Increased flexibility and agility;
  • Scalability;
  • Ability to support and implement future changes, upgrades and additions;
  • Can be easily modified and adapted for customized business requirements;
  • Easy integration with other systems and platforms;
  • Ability to create a unified technology ecosystem; and
  • Seamless data exchange between platforms and solutions.

With more flexibility, your institution can maximize security and implement firewall protection that fits its unique security and compliance goals. It’s important to note that firewalls are simply one piece of the security ecosystem. There needs to be an integrated security approach between all security layers to adequately protect the entire network and establish an effective security foundation, which requires the use of flexible architecture and technology solutions. Integration and automation of all security aspects enable the various layers to communicate, providing a secure IT environment and a better chance of resisting attack. Proactively protecting customer data will always be more cost effective than falling victim to malicious activity.

For more information, download our white paper, Moving beyond Traditional Firewall Protection to Develop an Integrated Security Ecosystem.