Louisiana Bankers AssociationSecurity and HR Conference

Bank Cybersecurity: From a Management Perspective

• Strategic• Reputational risk• Core of Community Banking• Provide the necessary resources e.g.

senior management attention, budget, personnel etc.

Cybersecurity Is “NOT” an IT Issue

• How to handle unknown threats• Understanding technology related to the

FFIEC Cyber Assessment Tool (CAT)• Three questions to ask your IT folks

(takeaways)• Technology available to Community Banks• Stay connected to the process

Agenda

Known Threats/Signatures

• What percentage of cyber threats are known?

• Experts: 50% +/- of threats are known

• Firewall, Virus/Malware, Intrusion Detection/IDS, Intrusion Protection/IPS, email filters and end point systems

• Depending on known threats/signatures is not enough

Question One

• Are we able to detect unknown cyber threats?

• If yes, how/what technology?

Five Maturity Levels FFIEC CAT

• Innovative• Advanced• Intermediate• Evolving• Baseline

In Addition to Being Safe• Audit log records and other security event logs are

reviewed and retained in a secure manner Domain 2, Baseline

• Computer event logs are used for investigations once an event (incident) has occurred Domain 2, Baseline

• Security Incident Event Monitoring Tool (SIEM/Big Data)

Question Two

• Are we able to aggregate ALL security event logs?

• If yes, how/what technology?

In Addition to Being Safe

The institution is able to detect anomalous activities through monitoring across the environment Domain 3, Baseline

Question Three

• Are we able to detect anomalous behavior through monitoring across the environment (network).

• If yes, how/what technology?

Five Maturity Levels FFIEC CAT

• Innovative• Advanced• Intermediate• Evolving• Baseline

Available Technology

• SIEM (Security Incident Event Management)

• Anomaly detection (advanced machine learning)

• Managed service provider (24 hour monitoring)

EXISTING THREAT FEEDSBlock known threats before they infect your network

SIEM ToolsDiscover known & unknown threats

Threat Released Threat Discovered

Unknown Threats

THREAT TIMELINE

Known Threats

VULNERABILITY WINDOW

VULNERABILITY WINDOWSearch historically for domains,IP addresses, file hashes

EXISTING THREAT FEEDS

SIEM ToolsZero Day DVR – Prove you were not infected

Threat Released Threat Discovered

Unknown Threats

THREAT TIMELINE

Known Threats

Block known threats before they infect your network

Look at your network as a shopping Mall

Firewalls/IDS/IPS only cover the Main Entrances

Everything Needs to be Watched

ANOMALY DETECTION Advanced Machine Learning

Detects changes in data volume for each host on your network

“Someone just uploaded our

entire database to

Dropbox“.

In and out network

activity

East-west movement

Rolling 250 hour window

Volumetric

Measures trends in different types of data on your network

“IRC usage has spiked recently"

Any network activity

Network scans

Policy violations

Protocol

Detects each device’s natural cadence and reports deviations

"Mainframe normally runs jobs at 1am, but there was significant activity at 3am."

Time based

East-West movement

Temporal

Discovers deviation from baseline behavior from different countries around the world

"There are a lot of login attempts from China, but we have very few customers there."

Building trend lines

where you normally visit

Advanced Persistent

Threats (APTs)

Phishing attempts

Geographic

Finds irregular internal traffic patternswith existing systems

"Why is Joe from Lending trying to connect to that IT database?"

East-West movement

Communications with

internal systems are very

predictable

Lateral

Detects abnormal user behavior on your network

"Thomas doesn't normally attempt to connect to random shared drives across the network"

Insider threats

Unknown or

advanced malware

Policy violations

Role

Community Bank Challenges

• Attracting Information Security personnel

• Acquiring the proper information security technology at an affordable price

• Operating the technology with your existing staff

Personnel Challenges• IT Security talent is very expensive

• IT Security talent is hard to find

• If you could find the talent it is difficult to pay

• If you could pay, it is difficult to attract

• If you could attract, it is difficult to retain

• Need to find technology vendors that provide managed services

Technology Options

• In house/On premises SIEM

• Managed service providers/Cloud based solutions

• Unknown threats/anomaly detection

In-House/On Premises SIEM

• Gartner Magic Quadrant• Software can be free• Personnel to implement/administer

Cloud Based SIEM

• Robust functionality

• Turnkey implementation

• Anomaly detection

• 24/7/365 monitoring

• Community Bank friendly (ability to implement/administer with existing staff)

• Affordable

Summary• Protection from known treats is not enough

• Stay connected to the process

• Ask the three questions to your IT department

• Evaluate current IT security technology offered to Community Banks

• There ARE technology providers that are affordable and can help solve your issues

• DefenseStorm offers to discuss your specific bank needs

Alex Hernandezalex@DefenseStorm.com

678-571-2724