Financial services companies are most susceptible to cyber-attacks and online threats. Ignorance to the need of a robust cyber security and resilient framework can lead to a series of catastrophic events.
While most companies are getting increasingly aware of the nature of cyber-attacks, they often do not know how to combat such threats or how to report attacks. According to a study from the Institute of Directors and Barclays last year which was published in March 2016, a total number of 94pc of firms believe IT security is important, but only 56pc have a strategy in place to deal with it. Log Management Tool can help combat this by providing a robust solution.
The Reserve Bank of India (RBI) has provided guidelines on Cyber Security Framework vide circular DBS.CO/CSITE/BC.11/33.01.001/2015-16 dated June 2, 2016, where it has been highlighted that there is an urgent need to put in place a robust cyber security/resilience framework to ensure adequate cyber-security preparedness amongst banks on a regular basis.
The RBI Cyber Security guidelines mentioned above regulates all financial institutes; banks included, to adhere to cyber security policy and also change/adapt as needed due to various parameters. These guidelines are designed with a view of assisting them in structuring proactive threat identification.
RBI also calls out all financial institutes to be prepared by July 31st, 2017 to be able to report any incident pertaining to data security/breach within 6 hours of its occurrence!!
One of the important parameters on the back burner today is data security while it should be given paramount importance in any organization. Every employee in an organization is paranoid about its crucial data, and wants to make sure it does not reach wrong hands! Though financial institutes & banks acknowledge the significance of the problem that cyber risks pose, this peremptory is not always adequately recognized or accounted for across the enterprise.
What we have understood after a deeper analysis of guidelines for Cyber Security Framework that the Banks need to develop a comprehensive approach to cyber risk management specifically in the following areas:
- Monitor each and every activity in their IT infrastructure
- Best prevent, but at least detect anomaly within a couple of hours
- Preparedness for defending cyber-attacks for safe and sound operations
While most of the financial institutes have already invested in tools and products claiming to be able to provide comprehensive monitoring of events, logs and network data, a close examination though it shall be easy to find holes in their preparedness for meeting RBI’s requirements.
Take a look at key problems they face:
- Banks and such financial institutes generate tremendous amount of data and events, in recent times probably due to demonetization it has reached insane levels due to more number of digital transactions and more people coming into formal financial markets. Volume is going to grow rapidly!
- The main concern is – Do their current product/tools handle such volume? Unless their product can handle in tune of 50,000 to 100,000 events per second in single instance, they would find themselves always catching up by adding more hardware, increasing TCO every year and then scratching their heads on how to handle such an add on in their IT infrastructure!
- Even after they manage to handle 100,000 events per second scale of incoming data – the real use would be to be able to extract real and actionable information intelligently – such as reporting breach within 6 hours and coming with a plan to plug the hole!
Current need of the hour is to replace such multiple monitoring tools giving fragmented view of situation with a unified monitoring tool. Though apps run on servers, servers are connected in network their monitoring happens on different systems! Each of them generate valuable log data which again go unmonitored and hence unanalyzed! In case of outages or DDOS attacks many are hardly equipped with analyzing network flow data to pinpoint problems to isolate and fix them.
Unless they invest in a true Unified monitoring system that can correlate all data and analyze in real time with actionable inputs across multiple channels – the task of meeting RBI’s requirement looks pretty daunting!
As the saying goes “Results are gained by exploiting opportunities, not by solving problems.” Using Motadata 6.x every bank will be able to proactively initiate the process of setting up of and operationalizing a Security Operations Centre to monitor and manage cyber risks in real time. Banking IT staff can also consider monitoring solutions available in the market according to section 4.2 from Baseline control section RBI has stated that “The bank may consider implementing solutions to automate network discovery and management.”
As Peter Drucker puts it “Long-range planning does not deal with the future decisions, but with the future of present decisions.” We understand how difficult it is at present for IT teams to even know when the problem occurs because there are multiple tools/lack of unified monitoring/ lack of runtime log management and escalations and biggest of all – no correlation of events for easy analysis of data being generated to decipher if there is a problem/threat/attack. Most of the time in large & complex IT systems symptoms get manifested very far from actual root cause – and ability to find out the relation between such events is key in managing such IT environment.
Famously quoted by Mr. Abraham Lincoln “The best way to predict the future is to create it.”– with Motadata’s correlated log management tool one can proactively identify root cause of attacks, classify them into identified categories and suggest solutions to contain further attacks of similar types. Wait! There’s more to it, Motadata’s log management tool has the ability to assess threat intelligence and then proactively identify/visualize impact of threats on the bank like,
Who did what? When? Along with preservation of evidence!
Motadata is capable of processing any kind of log data generated from multiple heterogeneous sources thus it becomes an excellent choice than anything else out there. Its log management tool keeps a real-time check on activities being done across your IT infrastructure and detects anomalies. Let’s you gather relevant data in case of security breach i.e. it has a room for Security Forensic Analysis too! You don’t need to be proficient in the query to drill-down conversion, just breeze through intuitive data-model mapping. Scheduling remedy actions when something happens is just a click away! Since Motadata’s log management tool has automated rectifying actions for undesirable events.
Post RBI’s recent release on Cyber Security Guidelines for all Commercial Banks we also analysed how we could help our clients from banking sector.
We have numerous features which prove to be of great help in this case.
- If unauthorized personnel tries to log in/access important files, Motadata has a provision to alert you instantly. We will be able to alert you within seconds along with IP address of the attacker.
- Even if the server/interface is down and someone tries to access files/confidential data, then too logs will get generated & eventually you will receive an alert.
- With Motadata’s Root-cause analysis you can get Nth level drill down to solve the issue.
- Number of transactions can be tracked
- Number of users logged in can be tracked (with source IP address).
- Thus you will always be aware of number of users who are currently online.
- You will get complete information on failed transactions along with reason for failure, time, date and solution.
- Prevent unauthorized logins. You will get alerted on any unauthorized login in seconds, thus you can block the user using Motadata’s custom alerts. For example: Post working hours someone tries to login & access gets denied to that particular attacker/user, then Motadata identifies the same & alerts you in the nick of time.
- Keep a track of resource utilization i.e. get updates post 80% disk/CPU/Memory utilization. Thus you can ensure 100% uptime of your transactional activities. For example – Let’s assume your server is capable of supporting 50 users at a time and if it exceeds your limit then the server goes down, with Motadata you can customize alerts (Default: 80% utilization) and ensure maximum uptime of your services.
- You can also generate custom reports from alerts in excel & PDF format which you can forward to upper level management in case of security breach, hence helping you save more time and effort.
Motadata’s log management tool can derive intelligence out of your bulk log data & help you achieve 100% uptime of your resources making sure that there is no exploitation of the same. Try Now