Louisiana Bankers Association Security and HR Conference Hernandez - Cybersecurity from a... ·...
Transcript of Louisiana Bankers Association Security and HR Conference Hernandez - Cybersecurity from a... ·...
Louisiana Bankers AssociationSecurity and HR Conference
Bank Cybersecurity: From a Management Perspective
• Strategic• Reputational risk• Core of Community Banking• Provide the necessary resources e.g.
senior management attention, budget, personnel etc.
Cybersecurity Is “NOT” an IT Issue
• How to handle unknown threats• Understanding technology related to the
FFIEC Cyber Assessment Tool (CAT)• Three questions to ask your IT folks
(takeaways)• Technology available to Community Banks• Stay connected to the process
Agenda
Known Threats/Signatures
• What percentage of cyber threats are known?
• Experts: 50% +/- of threats are known
• Firewall, Virus/Malware, Intrusion Detection/IDS, Intrusion Protection/IPS, email filters and end point systems
• Depending on known threats/signatures is not enough
Question One
• Are we able to detect unknown cyber threats?
• If yes, how/what technology?
Five Maturity Levels FFIEC CAT
• Innovative• Advanced• Intermediate• Evolving• Baseline
In Addition to Being Safe• Audit log records and other security event logs are
reviewed and retained in a secure manner Domain 2, Baseline
• Computer event logs are used for investigations once an event (incident) has occurred Domain 2, Baseline
• Security Incident Event Monitoring Tool (SIEM/Big Data)
Question Two
• Are we able to aggregate ALL security event logs?
• If yes, how/what technology?
In Addition to Being Safe
The institution is able to detect anomalous activities through monitoring across the environment Domain 3, Baseline
Question Three
• Are we able to detect anomalous behavior through monitoring across the environment (network).
• If yes, how/what technology?
Five Maturity Levels FFIEC CAT
• Innovative• Advanced• Intermediate• Evolving• Baseline
Available Technology
• SIEM (Security Incident Event Management)
• Anomaly detection (advanced machine learning)
• Managed service provider (24 hour monitoring)
EXISTING THREAT FEEDSBlock known threats before they infect your network
SIEM ToolsDiscover known & unknown threats
Threat Released Threat Discovered
Unknown Threats
THREAT TIMELINE
Known Threats
VULNERABILITY WINDOW
VULNERABILITY WINDOWSearch historically for domains,IP addresses, file hashes
EXISTING THREAT FEEDS
SIEM ToolsZero Day DVR – Prove you were not infected
Threat Released Threat Discovered
Unknown Threats
THREAT TIMELINE
Known Threats
Block known threats before they infect your network
Look at your network as a shopping Mall
Firewalls/IDS/IPS only cover the Main Entrances
Everything Needs to be Watched
ANOMALY DETECTION Advanced Machine Learning
Detects changes in data volume for each host on your network
“Someone just uploaded our
entire database to
Dropbox“.
In and out network
activity
East-west movement
Rolling 250 hour window
Volumetric
Measures trends in different types of data on your network
“IRC usage has spiked recently"
Any network activity
Network scans
Policy violations
Protocol
Detects each device’s natural cadence and reports deviations
"Mainframe normally runs jobs at 1am, but there was significant activity at 3am."
Time based
East-West movement
Temporal
Discovers deviation from baseline behavior from different countries around the world
"There are a lot of login attempts from China, but we have very few customers there."
Building trend lines
where you normally visit
Advanced Persistent
Threats (APTs)
Phishing attempts
Geographic
Finds irregular internal traffic patternswith existing systems
"Why is Joe from Lending trying to connect to that IT database?"
East-West movement
Communications with
internal systems are very
predictable
Lateral
Detects abnormal user behavior on your network
"Thomas doesn't normally attempt to connect to random shared drives across the network"
Insider threats
Unknown or
advanced malware
Policy violations
Role
Community Bank Challenges
• Attracting Information Security personnel
• Acquiring the proper information security technology at an affordable price
• Operating the technology with your existing staff
Personnel Challenges• IT Security talent is very expensive
• IT Security talent is hard to find
• If you could find the talent it is difficult to pay
• If you could pay, it is difficult to attract
• If you could attract, it is difficult to retain
• Need to find technology vendors that provide managed services
Technology Options
• In house/On premises SIEM
• Managed service providers/Cloud based solutions
• Unknown threats/anomaly detection
In-House/On Premises SIEM
• Gartner Magic Quadrant• Software can be free• Personnel to implement/administer
Cloud Based SIEM
• Robust functionality
• Turnkey implementation
• Anomaly detection
• 24/7/365 monitoring
• Community Bank friendly (ability to implement/administer with existing staff)
• Affordable
Summary• Protection from known treats is not enough
• Stay connected to the process
• Ask the three questions to your IT department
• Evaluate current IT security technology offered to Community Banks
• There ARE technology providers that are affordable and can help solve your issues
• DefenseStorm offers to discuss your specific bank needs
Alex [email protected]
678-571-2724