BANKING CASE STUDY:
From SIEM to Security Intelligence

Advanced Analytics and Threat Detection

THE BUSINESS

The customer is a high profile international bank servicing a diverse customer base with an equally diverse set of products across corporate and commercial banking, trade finance and treasury. Due to the geopolitical region it serves, the bank operates in a high-threat environment where effective IT threat management is a critical capability beyond simply demonstrating compliance. The bank serves customers across a number of industries including oil and shipping, manufacturing, construction, education and healthcare.

THE CHALLENGES

As a mid-sized bank with under 10,000 employees but serving a very large and diverse customer base the bank finds itself managing a very complex application and system environment. This combined with the very nature of the region in which they do business creates a constant level of external and internal threat from fraud, data theft, and system sabotage.

The bank invested in a SIEM solution to help manage this threat but soon after realized that it lacked the necessary analytics and risk-monitoring capabilities for detecting insider and advanced external attacks. Furthermore, the bank’s CISO had a serious blind spot over his key business applications and systems that were the very target of threats about which he was concerned.

THE SECURONIX SOLUTION

Faced with the prospect of building out its own analytical capabilities on top of the SIEM solution, the bank chose to deploy Securonix on-top of their existing SIEM as a “security intelligence” layer. This Securonix Cyber Threat Intelligence solution leverages the existing SIEM for data collection while using Securonix’s advanced detection and monitoring capabilities that the bank desperately needed beyond the network perimeter to critical applications, systems, and users.

Overview

Industry

  • Banking

Securonix Products

  • Securonix Threat & Risk Intelligence 4.0

Securonix Solutions

Securonix Use Cases

  • External Attack Detection
  • Data Snooping from Malicious Sources
  • Customer Account Auditing
  • Privileged Account Monitoring
  • Geo-Location based account Monitoring
  • Terminated User Monitoring
  • Application Monitoring
  • Access Cleanup

Business Impact

  • Reduce risk of sensitive data theft
  • Proactively detect data theft and fraud
  • Reduce impact of loss situations
  • Lowers compliance cost
  • Quantified, non-subjective threat and risk reporting

Data Sources

  • Active Directory
  • Firewall
  • IPS
  • ASM
  • ACS
  • Windows
  • Unix
  • Internet Banking Applications
  • Core Banking Applications
  • Windows Applications

Solution Tour

  • Advanced Threat Detection

  • Continuous Risk Monitoring

  • Privileged Account Monitoring

  • Cyber Attacks from Malicious Sources

  • Geo-Location Based Account Monitoring

  • Effective Case Management for Risk Routing and Risk Mitigation

Securonix aggregates security events and analyzes these events for indicators of advanced threats. By using behavior based analytics, the Securonix solution identifies abnormal and suspicious events. By tagging security events with risk scores and aggregating security events for identifying high risk users and systems, the Securonix solution provides security analysts with a limited set of high risk events.

Securonix calculates the risks associated with each fraudulent event and aggregates the risk from a user and device level, enabling the security team to focus on the highest risk users and devices.

Securonix monitors for suspicious or non-authorized changes performed by privileged accounts on the bank’s internet facing devices and creates alerts in real time.

Securonix uses Threat Intelligence information from multiple third party threat intelligence sources to identify attacks from known malicious sources that are continuously attacking the bank’s environment for client and sensitive data.

Securonix detects account compromise or misuse by monitoring the changes in geo-location information associated with account access over short periods of time.

In addition to risk intelligence, Securonix provides a complete Case Management facility whereby once threats are identified they are automatically routed to the appropriate person.