SPECIAL REPORT: Case Study: Neil Daniell, Information Security Specialist at People’s Bancorp
Cyber attacks on the banking industry are growing more sophisticated, frequent, and dynamic. This includes risks from distributed denial-of-service (DDoS) attacks, viruses and malware, phishing, internal threats, exploitable vulnerabilities related to online and mobile device banking, and potential hacking breaches to obtain sensitive financial information.
It is therefore critical that banks and other financial institutions protect their networks, systems, and information from unauthorized access or disruption.
However, even today, most of the available cybersecurity offerings do not deliver the primary item on every information security checklist – true, continuous monitoring of all assets in real-time, without burdening the network.
“When you are responsible for cybersecurity for the banking industry, you always have to be concerned about what is coming next,” says Neil Daniell, Information Security Specialist at Peoples Bancorp. “We can try to be as preventative as possible, but for those things we don’t know are coming, we have to have resources available immediately ensuring our customers and employees are not affected.”
Cybersecurity Product “Noise”
Over the years, Daniell says cybersecurity has become an industry in which there is a tremendous amount of “noise,” with competing products and services making similar claims about the comprehensive nature of the protection provided.
A more realistic assessment of the available options is that for the most part, there are a handful of products and service categories that exist. Among these are traditional endpoint monitoring solutions, including SIEM (Security Information and Event Management) systems, along with other less comprehensive cybersecurity solutions.
Furthermore, traditional endpoint monitoring solutions often sell security consulting services with the software to maintain the system, interpret reports, and prioritize remediation. This drives up the overall cost and is a key profit center for the provider.
Daniell says that in the past 5-10 years he has seen many cybersecurity companies acquire others to fill in holes in their product offerings.
“A lot of companies realized that they didn’t have an all-encompassing security product, so they began acquiring other companies in the hopes that they could fill loopholes in their existing product offering and gain market share,” says Daniell.
Peoples Bancorp Continuous Monitoring
In business in excess of 115 years, Peoples Bancorp Inc. (NASDAQ: PEBO) is a diversified financial services holding company with $3.6 billion in total assets with 75 sales offices including 66 full-service bank branches and 73 ATM’s in Ohio, West Virginia, and Kentucky.
In addition, the company operates retail, commercial, trust & investment services, and the Peoples Insurance Agency, LLC.
From an Information Technology (IT) perspective, the challenge is finding a way to incorporate the various disparate systems. According to Daniell, Peoples Bancorp is acquiring 8 additional locations in the next quarter that will need to be integrated into the existing systems. The challenge will always be incorporating all of the systems to work harmoniously as one.
For cybersecurity protection that extends to all these locations, Peoples Bancorp utilizes AristotleInsight from Sergeant Laboratories.
The comprehensive IT and security management platform combines several IT and security functions behind a single-pane of glass to provide insights, actionable items, and the data needed to properly manage and audit configurations, assets, user behavior, threat analytics, and risk.
Perhaps most importantly, the software meets the requirements of Continuous Diagnostics and Mitigation as outlined by the Department of Homeland Security.
The Continuous Diagnostics and Mitigation (CDM) program is the government’s approach to fortifying the cybersecurity of government networks and systems. This includes tools that identify vulnerabilities and risks on an ongoing basis, prioritizing those risks based on potential impact, therefore enabling network cybersecurity personnel to mitigate the most significant problems first.
“It is critical to have real-time monitoring to see exactly what is going on at any time,” says Daniell. “The software allows one to, at any moment, observe everything from keystrokes, to who is downloading information, or installing software. This is very important from an information security viewpoint.”
“If someone downloads a virus, that is not something you want to find out about on tomorrow’s report,” he adds.
The product collects security metrics down at the kernel level. There is so little burden on the network that, in fact, the system is typically not even noticed by network security or virus scanners while operating.
“What is unique about AristotleInsight is it is essentially an all-inclusive product that provides a lot of different functionality, gathers a lot of information, and has a relatively small footprint that doesn’t impact user access or response time,” says Daniell.
Within 24 hours of installation, the program is able to determine what is happening on the network, even with tens of thousands of computers involved. Within 48 and 72 hours, it will be clear if the network has been breached, if there has been illegal access, or if other issues exist.
Reporting and Remediation
One of the challenges, when a breach is suspected, is the ability to sift through the mass of information available. Therefore, the priority is to utilize a security platform that effectively analyzes, prioritizes and presents information in organized, understandable reports.
The AristotleInsight software prioritizes vulnerabilities and risks and then walks network administrators through the steps to remediate the problem.
The data is organized into an accounting double entry system developed in 1494 by Luca Pacioli, which provides forensic auditing capabilities. A unique Bayesian Inference Engine and data linking techniques are then used to interpret and prioritize the data.
The information is organized into 3-tiers of logical layers using a top-down approach. Specialized knowledge, training, or the help of security consultants is not required.
The reports are presented in an understandable format for management, while also providing more detailed information for security and compliance professionals to protect their organization.
“You can have 10 layers of information, but if no one is looking at the logs, it’s useless,” says Daniell.
Instead, he appreciates the ability to apply filters to the data to hone in on the most relevant information along with the ability to set alerts.
“The dashboard provides real-time information. Alerts and reports can also be set to trigger emails immediately or routinely (i.e. hourly/daily/weekly/monthly), depending on the type of issue or concern,” explains Daniell.
According to Daniell, Peoples Bancorp’s security posture has improved significantly since the software was implemented.
“Protecting our customer’s and company’s information is the top priority,” says Daniell. “AristotleInsight gives us peace of mind that we have implemented the necessary controls to help identify and resolve any issues that need to be addressed.
To download a PDF version of this story, please click here.
About the Author
Cyber Security Expert, PUBLISHER, CYBER DEFENSE MAGAZINE
Gary is a globally recognized cybersecurity expert, speaker and keynote, investor, advisor and consultant. He is the inventor and founder of technologies and corporations sold and/or licensed to Hexis Cyber, WatchGuard, Intel/McAfee, IBM, Computer Associates and BlackBox Corporation. He is currently the CEO of Cyber Defense Media Group (CDMG), which is the Publisher of Cyber Defense Magazine and Cyber Defense TV, is a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cybercrime and cyber terrorism, also covered in Inc, Forbes and Fortune Magazines. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org) and the OVAL advisory board of MITRE responsible for the CVE Program (http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary is a member of ISC2.org and is a CISSP®.