Securing Financial Services: There are No Vaults to Deter Cyber Criminals
The Internet has revolutionized the way financial institutions do business, from online customer banking services to high-speed global transactions to payment processing. Customers can conduct online transactions anywhere, from their homes, offices, and on the road, at any time, and, increasingly, from any number of different devices (smart phones, tablets, laptops). They conduct their business in the expectation that their information is secure and the services will be reliable, fast and always available when they need them. Financial transactions are processed in huge volumes and at high speeds around the globe, enabling institutions, partners and customers to react swiftly to changing financial conditions and market requirements.
As the Internet has opened up new business opportunities, it also introduced new elements of risk into financial services sectors: it has revolutionized crime, as criminals have moved where the money is. Cyber crime attacks are now listed as the FBI's third highest priority, behind terrorism and espionage. Financial institutions must factor this into their risk assessment and risk mitigation programs.
Criminal Threats: DDoS and Information Breach
These risks, broadly speaking, manifest themselves in two broad categories:
- DDoS Attacks on Site Availability and Business Continuity. For online banking and Internet financial transactions, time is quite literally money. Millions of dollars can be lost in minutes if service is slowed or interrupted. In performance-sensitive environments such as transaction processing and high-volume trading, major service interruptions can be catastrophic, both in terms of actual loss and damage to the corporate brand.
In just a few years, millions of customers have grown dependent on online banking for a wide range of services, from monitoring their accounts to executing transfers. Their computers and mobile devices are an attractive, practical and convenient alternative to conducting most of their banking at physical locations. Disruption of that service for any extended period, as we have seen, impacts business and severely undermines customer confidence.
- Information breach. Financial institutions, from the largest banks and trading houses to regional credit unions, are entrusted with and responsible for thousands, often millions of customer records, including account credentials, financial records, credit cardholder data and personally identifiable information. Financial service providers are required by regulations and their obligations to their customers and partners to protect these records against unauthorized access.
Malicious cyber activity represents a continuous threat to both online transactions and services, and sensitive information. Many banks, stock exchanges and other financial institutions, including Bank of America, U.S. Bancorp, and Rabobank and the New York and Hong Kong stock exchanges, have been victims of distributed denial of service (DDoS) attacks. Hacktivist groups such as Anonymous and LulzSec (or any capable splinter groups or individuals) launch DDoS attacks over a political position, what they deem unfair or unethical business practices or whatever perceived affront may motivate them. Extortion under threat of DDoS attack and pure malicious behavior for its own sake are also very real sources of DDoS.
Among the most prevalent contemporary DDoS attacks are application layer, or connection-based, attacks. Unlike the more familiar network layer flooding attacks, such as SYN Floods, application layer attacks are insidious: They appear to be normal requests to the website and don't overwhelm network devices, firewalls and servers with conspicuously huge volumes of traffic.
Information breaches are a continuous problem, and strike both very large and very small institutions. The 2011 Verizon Data Breach Report, which analyzes some 800 breach investigations by Verizon and the U.S. Secret Service, found that nine out of 10 breaches involved external agents (a 22% increase over the 2010 report), indicating a continued, even growing need for protection against outside attacks. Half the attacks involved some type of malware (an 11% increase), again underscoring the need for improved defenses on the network.
Interestingly, the volume of breached records in these investigations have declined dramatically, indicating, perhaps, greater selectivity in what information is taken and the stepped up focus on smaller banking institutions, which are typically less well protected. Large and smaller institutions alike are victimized by both mass, automated attacks that exploit targets of opportunity, and intentional targeted attacks exploiting unpatched or, in some spectacular cases, previously unknown or zero-day vulnerabilities.
Corero Network Security Solutions
Corero Network Security provides superior solutions that protect financial institutions against both DDoS attacks and intrusions aimed at stealing sensitive corporate and customer information.
DDoS Defense System
Corero DDoS Defense System (DDS), leveraging Corero's award-winning DDoS defense technology, delivers nondisruptive protection from attacks against the networks and servers that support Internet financial transactions. It provides maximum protection for critical IT assets, detecting and blocking malicious traffic while allowing full access to legitimate users and applications. DDS keeps financial transactions and online banking up and available at full service levels.
DDS delivers unmatched DDoS attack detection and mitigation against both the well-known network layer flooding attacks and the more insidious application layer attacks that are nearly impossible to detect without DDS patented technology. DDS delivers on-premise protection that traditional network security technologies, such as firewalls and other vendors' IPS cannot. And Corero provides a level of security that goes beyond dealing with DDoS by simply buying more bandwidth, which is expensive and useless against application attacks. "Clean pipe" and "black hole routing" techniques that may be used by your ISP or cloud anti-DDoS provider are not as effective as dedicated Corero on-premises solutions and are blind to insidious application layer attacks.
In concert with DDS, SecureWatch PLUS DDoS defense configuration/implementation, 24/7 monitoring and incident response services provide the most comprehensive DDoS defense available on the market.
Intrusion Prevention System
Corero Intrusion Prevention System (IPS) provides continuous, comprehensive protection against external attacks, leveraging unique technology that discerns between legitimate and malicious traffic, providing more accurate detection and fewer false positives than other IPS products. Corero uses stateful protocol inspection and inspection of payload data files to determine if suspect traffic is behaving correctly or represents a threat.
Corero IPS features bidirectional traffic inspection, enabling response behavior analysis, in order to stop application layer attacks and detect compromised computers communicating with their command-and-control servers.
Corero solutions provide a high level of visibility into network activity, and helps meet internal audit and regulatory compliance requirements critical in the financial sector through its Network Security Analyzer (NSA), a security information and event management tool. NSA provides robust and highly flexible logging, reporting and forensics capabilities.
Financial institutions can deploy both the Corero DDS and IPS solutions inline in full confidence that they will maintain full levels of performance and service, which are absolutely critical to successful business operations. Corero appliances offer the lowest latency and highest reliability of any security products available on the market today. Corero's Core Platform, built on the purpose-built Tilera multicore processor architecture and CoreOS, provides real-world protection at real-world performance levels.
Corero’s First Line of Defense® is an organization’s new perimeter. It stops the latest breed of cyber-attacks, including DDoS attacks, zero-day exploits, remote exploit insertions, server targeted threats and access attempts from malicious IP addresses and unwanted geo-locations, all of which easily bypass traditional network security defenses and compromise enterprise networks.