intelligent
security intelligence that transcends borders
A
intelligent
PUBLICATION
Securing compa
ny email
Why busines
ses should bolster
their email
securit y strateg
ies.
Tool sprawl
Exploring how
the ‘tool sprawl’
is fast becom
problem for
companies.
ing a
security intellig
Disaster Recov
ence that transc
ery
How Kuwait
Credit Bank
has enabled
Disaster Recove
a cloud-based
ry backup system
.
ends borde
rs
issue 19 | www.int
elligentciso.com
HA
RANSOMW LTING
ARE ATTAC
KS
INTELLIGENT
ENDPOINT
SECURITY PARTNER
GLOBAL CISO
KNOWLEDGE
PARTNER
INTELLIGENT
THREAT
MANAGEMENT
PARTNER
DATA SECURITY
PARTNER
INTELLIGENT
NETWORK
SECURITY PARTNER
INTELLIGENT
BANKING
& FINANCE
PARTNER
GLOBAL
INNOVATION
PARTNER
INTELLIGENT
ACCESS
MANAGEMENT
PARTNER
Eliminating the blind spot
36. feature
Sascha Giese, Head
Geek at SolarWinds
industry unlocked
industry unlocked
Public sector organisations are heavily targeted
due to the rich quantity of data they hold.
It’s crucial that citizens can trust government
organisations not to let their personal information
fall into the wrong hands. SIEM tools might just
be the answer to this. Sascha Giese, Head Geek
at SolarWinds, identifies exactly what a SIEM is
and how public sector organisations, including
governments, can make the right decision when
choosing which SIEM tool is right for them.
C
Cybersecurity is one of the biggest challenges
being faced throughout the public sector today.
Keeping the data of the general public safe and
inaccessible is not only crucial for maintaining
the trust of citizens, but also for ensuring critical
and sensitive data doesn’t fall into the wrong
hands. The task of maintaining and advancing
cybersecurity in a public sector organisation is
complex and while no single tool or technology
can solve this problem, Security Information and
Event Management (SIEM) software might just be
the answer to the biggest dilemmas.
Spelling it out
So, what is SIEM? SIEM tools blend Security
Information Management (SIM) with Security
Event Management (SEM) capabilities into a
single solution, with the intention of providing
comprehensive threat detection, incident
response and compliance reporting capabilities.
SIEM tools work by collecting data from event
logs of most devices in an organisation, from
servers and firewalls to anti-malware and spam
filters. The software then analyses these logs,
identifies any anomalous activity and issues an
alert – or, in many cases, responds automatically.
Specifically, with SIEM software, an IT professional
can quickly identify potentially suspicious activity,
learn who has been affected and implement
automated mechanisms to stop an attack before
it affects the organisation. And when the IT
organisation in question is part of the public
sector, protecting central government data from
harm means protecting people across the UK.
44
36
Securing company email
41. expert opinion
One tool too many? Getting past the tool
glut of the modern enterprise
One of the main advantages of SIEM
software is how it pulls together data
consolidation and centralisation. When
data is coming from multiple places – for
example, from different departments of a
hospital, or across different sites – SIEM
software consolidates and analyses this
data in its entirety; the IT team can then
view all the data from a single dashboard.
A single, unified view can help find
trends, spot any unusual activity and
help establish a proactive (as opposed
to a reactive) response.
Making the right decision
The range of SIEM tools from third-
party businesses today is huge,
with each offering its own benefits.
These tools can provide everything
an organisation needs, from Big Data
analytics to centralised forensic visibility
to Artificial Intelligence-driven behaviour
analytics. However, it can be a real
challenge to choose a tool to best fit the
organisation’s requirements.
There are multiple things to consider
when choosing a SIEM solution. Some
are more obvious than others, such as
scalability; IT teams understand the
importance of investing in a tool that
will grow as the organisation’s needs
grow. Cost is also always a major factor,
particularly for the public sector where
budgets are typically quite restricted.
Issue 19
|
www.intelligentciso.com
HOW BANKS CAN
COMBAT IDENTITY
FRAUD WITH
VERIFICATION
4
INTELLIGENT
DATA
PROTECTION
PARTNER
33. predictive intelligence
33
48
Racing Post, a
specialist print
and online
number of cybert
hreats after deploy digital publisher, has protected
agains
ing a next genera
tion endpoint securit t a growing
y solution.
ENTERPRISE
FIREWALL PARTNER
Other things to consider may be less
obvious, but are just as important,
such as:
• Does the SIEM provide enough
native support for all relevant log
sources? It will be integrating a lot of
data from a lot of different sources.
Be sure the chosen toolset matches
well with the types of devices from
which it will be collecting and
analysing information.
• If the SIEM doesn’t have native
support for a relevant log source,
how quickly and easily can it
be created, and can it support
custom log sources for applications
developed in the organisation?
Government IT teams will often have
to develop bespoke applications
to handle their unique activities,
so choose a tool that can easily
be extended to support new data
sources as needed.
www.intelligentciso.com
|
• How well, and quickly, can the SIEM
tool analyse data? The quicker the
IT security team can identify and
contain threats, the more secure the
organisation and its data. Reducing
the time to detection (TTD) is critical
Choose a SIEM tool
with the ability to
provide advanced
analysis quickly,
with little security
team intervention to
free up their time for
other tasks.
to prevent exposure, data loss and
compromise. Choose a SIEM tool
with the ability to provide advanced
analysis quickly, with little security
team intervention to free up their time
for other tasks.
• Does the SIEM include useful,
relevant, easy-to-use out-of-the-box
reports? The value in the visibility
provided through SIEM software is
the ability to see one report or one
chart encompassing a vast amount
of data. Be sure the organisation’s
chosen tool provides templates
that can be easily implemented and
just as easily customised where
necessary. The quicker the tool
is up and running, the quicker
security threats can be identified
and thwarted.
• Does the SIEM make it easy to
explore the log data and generate
custom reports from this? Out-of-
the-box reports are always useful,
44
45
Issue 19
use this information to takeover victims’
accounts or create new bank accounts
in their name.
Account takeover fraud (ATO) and new
account fraud (NAF) saw a major spike
last year, increasing 119%. After the
2018 Marriott attack which saw 5.3
million unencrypted passport numbers
exposed, the hotel chain provided
victims with free identity theft monitoring
services, highlighting the threat PII can
pose if left in the wrong hands.
Despite the increase in identity fraud,
banks and financial institutions are
still relying on legacy methods of
identity verification, such as manual ID
verification and static credit agency data
checks which are putting customers at
risk. Once this data has been exposed,
it’s near impossible to prevent it
spreading and using it to successfully
commit identity fraud becomes an easy
task for fraudsters.
Identity verification: Moving away
from legacy solutions
Given the serious implications
associated with identity fraud, banks
must keep pace with attackers and
adopt more modern ways to verify their
customers’ identities. But how do they
achieve this in a constantly shifting
cybersecurity landscape?
Legacy verification methods blended
with Artificial Intelligence and Machine
Learning techniques can offer banks
extensive, context-aware identity
verification. This includes a multitude
44. industry unlocked
SIEM: The solution to the public sector’s
security problem?
of checks, such as real-time account
checking, ID document capture,
biometric comparison verification (using
a ‘selfie’ to cross-reference with an ID)
and device geolocation.
This means organisations can analyse
in real-time an array of information from
several different data sources and digital
The days of tediously
visiting bank
locations to open
new accounts
are fading.
55. intelligent technologies
Identity fraud is a major issue that’s costing the UK banking
industry an estimated £1.2 billion, with a new incident of
financial fraud being reported every 15 seconds in 2018.
Tim Bedard, Director, Security Product Marketing, OneSpan,
explores how banks can combat identity fraud by moving
beyond legacy approaches to identity verification.
T
he UK banking
industry is facing
a million-pound
fraud problem,
with 2018 seeing
new incidences
of financial fraud
being reported every 15 seconds.
Identity fraud in particular has hit
record levels in the UK according to
national fraud prevention service Cifas,
largely as a result of the increasing
number of data breaches.
However, although fraud cost the
British banking industry approximately
£1.2 billion in 2018, UK banks and
financial institutions (FIs) continue
to use outdated approaches to
identity verification, which is giving
cybercriminals the upper hand.
The good news is that technology has
evolved to the point where modern
74
identity verification tools are now
available for banks to use in their fight
against identity fraud. So what are they
and what difference will they make?
Identity fraud: A modern-
day problem
Digital banking and payments have
revolutionised the banking experience,
particularly with the rise of mobile and
online banking. However, cybercriminals
are quick to adapt their methods to
new channels and exploit existing
vulnerabilities in devices, illustrated by
the 20% rise in mobile banking fraud
compared to the previous year.
Data breaches are also contributing
to the rise in identity fraud, with a
single breach having the potential to
distribute vast amounts of personally
identifiable information (PII) online – a
gold mine for cybercriminals who can
62. business surveillance
Tim Bedard, Director, Security Product
Marketing, OneSpan
Given the serious
implications
associated with
identity fraud, banks
must keep pace
with attackers and
adopt more modern
ways to verify
their customers’
identities.
Issue 19
|
www.intelligentciso.com
www.intelligentciso.com
|
Issue 19
74
Taking action on cybersecurity:
The incident response programme
75
67. decrypting myths
48. feature
Kuwait Credit Bank has
enabled a cloud-based
Disaster Recovery
backup system allowing
it to respond robustly to
unexpected emergencies
and prevent loss of
critical data.
Why security has yet to move from
beyond the ‘castle walls’ – and how to
do it
71. go phish
Paul Anderson, Head of UK and Ireland
at Fortinet
74. end-point analysis
How banks can combat identity fraud
with verification
Issue 19
|
www.intelligentciso.com