SlideShare una empresa de Scribd logo

Managed security services for financial services firms

J
Jake Weaver

Leveraging IT Infrastructure as a Service Enables Agile Responses to Constantly Changing Threats

Tecnología
1 de 10
Descargar para leer sin conexión
Managed Security Services for Financial Services Firms Leveraging IT Infrastructure as a Service Enables Agile Responses to Constantly Changing Threats WHITE PAPER Chris Richter, Vice President, Security Products & Services, Savvis Dave Mahon, Vice President and Chief Security Officer, CenturyLink Tony Kroell, Vice President Product Marketing, Savvis
WHITE PAPER: MANAGED SECURITY SERVICES TABLE OF CONTENTS 2 Financial services firms are under attack 3 Raising the drawbridge is not an option 3 Your firm has already been infected 4 What is the next attack? 4 Where is the next attack coming from? 6 What does an attack cost you? 6 What can your firm do for itself? 8 Buying IT security as a managed service 9 A State-of-the-art solution: Savvis/CenturyLink managed IT security services 10 Can you afford state-of-the-art security? Can you afford not to have it?
WHITE PAPER: MANAGED SECURITY SERVICES Financial services firms are under attack The data security and IT integrity of financial services firms is under unprecedented attack. A startling increase in the so- phistication and number of cyber attacks is forcing virtually every company to rise to a level of security consciousness that would have seemed excessive or even paranoid just a decade or two ago. That was then, before the words “phish,” “spam,” “virus,” and “Trojan” acquired new meanings and became part of every- one’s vocabulary. This is now. According to a recent study 1 of 130 enterprise and network operations professionals, both cloud service providers and traditional data centers are under attack. During the course of a 12-month period: • 94 percent of data center managers reported some type of security attacks. • 76 percent had to deal with distributed denial-of-service (DDoS) attacks on their customers. • 43 percent had partial or total infrastructure outages due to DDoS. • 14 percent suffered attacks targeting a cloud service. Today, with so many potential attackers, it’s hard to draw up a reliable short list so that you can start the process of plan- ning your defensive strategy. It’s even harder to thwart an attack if you don’t know what an attacker might be trying to achieve. Is someone launching a distributed denial-of-service (DDoS) attack to shut you down for a few hours and create uncertainty among your customers? Or is that just a smokescreen for stealing credit card information? Or perhaps they’re trying to overwhelm your ISP so they can slip behind the defenses of another ISP customer. It’s hard to say, especially because it’s no longer enough to just look for a profit motive. The attackers may be trolling for intellectual property. Or they may be seeking to cause damage for their political benefit. Often attacks are not motivated by monetary gain but by nihilism, vandalism, politics or ideology, bragging rights, or a host of other motives. Just as the landscape of potential attackers and motives keeps changing, so too does the arsenal of disruptive tools and techniques available to them. Today’s adversaries are much more sophisticated than ever before, with access to more code and expertise than existed just a few years ago. It’s not enough for your organization simply to thwart an attack: you have to continually prepare for the next one even though you can’t predict much about it — except that it’s likely to be smarter and stronger than the one you’ve just survived. You need to build up a dynamic and proactive defensive capability that protects you from attack and increases the speed and agility of your response to any threat.
WHITE PAPER: MANAGED SECURITY SERVICES Raising the drawbridge is not an option Financial services businesses — like organizations in all industries — have been outgunned by the hackers. Attacks are bigger and more sophisticated, and perimeters are more permeable than ever before. As Booz Allen observed, “The exponential growth of mobile devices drives an exponential growth in security risks. Every new smart phone, tablet or other mobile device, opens another window for a cyber-attack, as each creates another vulnerable access point to networks.”2 It’s tempting to imagine walling off corporate systems, but current business practices won’t allow it. Cloud, social, and mobile technolo- gies, including “Bring Your Own Device” (BYOD), are simply too cost-efficient and effective for institutions to ignore. And, as a services institution, you have to meet your clients’ demands for easy access. Online banking has become the norm, with some 48 percent of SMBs conducting at least 50 percent of their banking online, up from 29 percent in 2010 and 39 percent in 2011, according to a recent survey.3 In addition, the percentage of respondents who complete all their transactions online has more than doubled, from nine percent in 2010 to 20 percent in 2012. There’s no retreating from the levels of openness and access that customers have come to expect. Your firm has already been infected These days, every organization must base its security strategy on an acceptance that it is already “infected” with some form of mal- ware, to some degree, with or without knowing it. Because perimeters must be permeable to allow web server traffic to flow and employees to interface with customers and vendors, complete protection is impossible. Traditional defenses are still useful, from blocking and tackling to defense in depth. But you have to augment them by dealing with attack mechanisms that have infiltrated your business. You need to shift the focus of cyber-security tactics from building walls to analyzing, detecting, and expunging threats already inside your system. How can those be identified, stymied, and removed? Due to the complex kaleidoscope of attackers, motives, and tools, these are difficult questions to answer. Yet the SEC — and your stakeholders — are going to be holding you responsible for doing so. SEC guidance is now that firms must declare any material risk to their networks, including the following: • Aspects of your business or operations that give rise to material cybersecurity risks, and the potential costs and consequences of those risks. • Functions that you outsource that have material cyber- security risks, and how you address them. • Description of cyber-incidents you’ve experienced that are — individually or in the aggregate — material, including a description of the costs and other consequences. • Risks related to cyber-incidents that may remain undetected for an extended period.4 2 “Booz Allen Reports Top Ten Cyber Security Trends for Financial Services in 2012,” www. Boozallen.com 3 “2012 Business Banking Trust Trends Study,” Ponemon Institute, August 2012 4 Bloomberg Law Reports, January 3, 2012, Vol 6 No 1 “High-profile data breach events have hastened stakeholder focus on the ways in which sensi- tive data is housed and whether management is taking a holistic and comprehensive approach to protecting the data.” - Bloomberg Law Reports
WHITE PAPER: MANAGED SECURITY SERVICES This is a lot of responsibility for a firm to shoulder; so many banks have reached out to the United States government for help. Firms have banded together to pool resources and knowledge in the face of this common threat. Increasingly, even the largest, most sophis- ticated financial services firms — like businesses in every other industry — have begun to realize that mitigation of security risks has become such a complex task that it’s much like a separate line of business. Which raises the question every firm should ask itself: do you want to be in the cyber-security business? Is state-of-the-art IT security a specialty that you want — or can afford — to build in house? What is the next attack? Today’s threat environment comprises more attackers — and more tools — than ever before. It’s impossible to describe all the tools and other resources that may be used to launch an attack on your organization, because the scope is expanding all the time. Criminal enterprise supply chains sell inexpensive software tools that can be quickly customized to suit the attacker’s goals and avoid detection by systems. Commercial DDoS attack services and DDoS bots that combine high-volume bandwidth and low-volume application-level attacks are readily available and can be used to shut down your online services — and can also serve as a distraction while a more focused and stealthy attack takes place on your organization or on another organization that uses the same ISP. Public websites that your staff visits can be infected in a way that specifically targets your business. Well-crafted spear-phishing emails can hook even se- nior and savvy employees. And new “bots” are continually evolving to be smaller, harder to detect, more effective, and more organized, making them impossible to flush out of systems. Where is the next attack coming from? This continually evolving arsenal of tools is in the hands of a wide range of attackers, from shadowy organizations and individuals such as nation-states, criminals, hacktivists and terrorists, to the most damaging attackers of all — well-known and even well-liked insiders. Nation-states Recent news has highlighted the cyberterrorist activities of nation-states motivated by political and ideological differences. Iranian terrorists carried out cyber-attacks on nine of the US’s leading banks using data networks or clouds — like those run by Amazon and Google — as well as a host of smaller companies. They may have been behind the “Operation Ababil” DDoS attacks that caused disruptions at major banks. Using servers and customized malware, the attackers leveled between 70 Gbps and 100 Gbps of peak traffic at the targeted sites and tailored the campaign to get around defenses specifically designed to stop floods of data. Nation-states Recent news has highlighted the cyberterrorist activities of nation- states motivated by political and ideological differences. Iranian terrorists carried out cyber-attacks on nine of the US’s leading banks using data networks or clouds — like those run by Amazon and Google — as well as a host of smaller companies. They may have been behind the “Operation Ababil” DDoS attacks that caused disruptions at major banks. Using servers and customized malware, the attackers leveled between 70 Gbps and 100 Gbps of peak traf- fic at the targeted sites and tailored the campaign to get around defenses specifically designed to stop floods of data. Today’s threat landscape: • 111,111 unique strains of malware deployed every day • 10,000 malicious new domains deployed every day • 1,100 DDoS attacks launched every day • 47.59 Gbps peak attack (just one recent example) • 1,057 active botnets
WHITE PAPER: MANAGED SECURITY SERVICES Cybercriminals Criminals are everywhere — and cybercriminals are also nowhere, making them virtually impossible to catch. Young hackers are being offered large sums of money — and bragging rights — in exchange for taking on the challenge of bringing down major institutions. As one example, a cyber-gang thought to be based in Eastern Europe and the former Soviet Union is recruiting dozens of people to partici- pate in a scheme to steal millions of dollars from 30 major U.S. banks, according to RSA. The organizers are thought to be associated with the Hangup Team, which claims to have used a proprietary Trojan family, called Gozi, to siphon $5 million through online banking accounts since 2008. This is just one example. There are likely to be many more such gangs in operation. Hacktivists and cyber-terrorists Hacktivists and cyber-terrorists, some sponsored by nation states and others working only for themselves or small groups, are motivat- ed mostly by the desire to destroy prosperity and stability. Security organizations track pending campaigns, and warn that some of the threats on the horizon could be devastating to financial services firms. Project Blitzkrieg, for example, is a “credible threat” according to McAfee Labs, because though it hasn’t yet infected thousands of victims, the attackers have managed to run an operation undetected for several months while infecting a few hundred businesses. This attack combines an innovative technical backend with the tactics of a successful, organized cybercrime movement. Rather than launch a sweeping attack, McAfee said the campaign selectively targets accounts at investment banks, consumer banks, and credit unions, because doing so makes it easier for attackers to evade network de- fenses. While it is possible that Project Blitzkrieg will fizzle out, causing almost no damage, there will be more such attacks, and some of them will be larger, more sophisticated, and potentially more devastating to the financial services industry. Insiders Insiders include current or former employees, contractors, or other business partners who have or had authorized access to your network, system, or data. Because they can bypass your security measures through legitimate means, they can misuse that access and knowledge to impact the confidentiality, integrity, or availability of your information or information systems. Privileged access enables insiders to inflict more damage than almost any other attackers. Sometimes, they do so unintentionally, through error or carelessness. But if managers in financial services organizations set out to commit fraud, studies show that their schemes tend to cost organizations twice as much as when non-managers instigate these crimes. Your customers’ employees pose an insider risk, too. SMBs report malicious or rogue company employees as the cause of online fraud in 42 percent of fraud cases involving their financial institutions. One survey revealed simple employee carelessness to be the root cause of a data breach in 78 percent of such cases, but despite this trend, only 15 percent of SMBs conduct fraud prevention educa- tion.5 5 2012 Business Banking Trust Trends Study, Ponemon Institute, August 2012
WHITE PAPER: MANAGED SECURITY SERVICES What does an attack cost you? Some attacks are aimed at defrauding financial services firms. In these cases, it can be relatively easy to quantify the monetary damage your firm suffers: an average mid-sized enterprise with $10 million in annual revenue could lose more than $150,000 from just one suc- cessful DDoS attack.6 But attacks can be even more damaging in ways that are less easy to measure. Your firm’s credibility suffers when customers experience down time as a result of a DDoS attack. Your brand loses value. Customer satisfaction decreases, too, as some attacks can take a site offline — or reduce performance to a crawl — for hours. During that time banks often suffer losses in sales opportunities and revenue because they are unable to respond promptly to market conditions. Produc- tivity takes a hit as well, as highly-paid employees are forced to idle, waiting for service to be resumed. Long after the attack is over, your firm could still feel the effects of loss of customer confidence. Your SMB customers view security as your job, not theirs. In fact, according to a recent survey, 10 percent of SMBs don’t even use basic firewalls and perimeter controls, anti-virus/anti-malware solutions, or database security tools. This means that if a fraud incident occurs, they will blame you. In a recent survey, 70% of SMBs who had experienced a single instance of fraud reported diminished confidence; approximately 40% closed their accounts and switched to other financial services providers.7 What can your firm do for itself? Like most financial services firms, you have probably already taken extensive precautions in house. You’ve almost certainly locked down applications and servers, configured perimeter firewalls to block known network DDoS attacks, and implemented as many of the other 30 or so security best practices set out in various websites8 as you could afford to do. But is that enough? In every industry, firms are asking the same question — and in the high-profile, high-stakes world of financial services the question is even more urgent. Increasingly, firms are weighing the merits of buying IT security services, rather than trying to build (and maintain) their own. Today’s constantly changing landscape of threats and rapid evolution of new technologies make it difficult for most firms to fend off attacks. Leveraging the scale and — most importantly — the expertise of IT security services providers offers your organiza- tion a way to gain higher-quality protection, more cost-effectively, than you could do on your own. 6 2011 DDoS Attacks: Top Ten Trends and Truths, Neustar, 2012 7 2012 Business Banking Trust Trends Study, Ponemon Institute, August 2012 8 http://www.checkpoint.com/defense/advisories/public/cpsa_index.html
WHITE PAPER: MANAGED SECURITY SERVICES Buying IT security as a managed service Depending on the provider and package, buying IT security as a managed service can provide your firm the hardware, software, infrastructure, and — most critically — the information and expertise that you need to protect your business in today’s complex and evolving threat environment. This is not a complete list, but it does cover some of the most important — and some less well-known — security issues to consider. DDoS mitigation services should be at the top of your list of required services. Consider only those providers who can detect attack traffic on their or your network before it impacts your infrastructure. Providers should be able to divert traffic and cleanse it of malicious packets before forwarding it to your site. Services can be expensive, so look for one that charges only a low monthly “retainer fee,” plus an hourly charge for traffic cleansing, so you get protection but don’t pay a large monthly premium for mitigation you may rarely need. You’ll also want one that commits fully to standing by you in case of an attack, with skilled analysts who not only monitor the network for attack traffic, but also work with you around-the-clock during an attack to deploy any available countermeasures to keep your site protected. Web application protection can help your organization to cost-effectively protect its sensitive financial, human resources, and customer credit card data from application-based attacks by detecting and blocking malicious web requests, learning the expected usage and monitoring activity of protected applications, and inspecting outbound traffic to ensure no data leakage — all with minimal latency. Cloud computing security services are essential for your hosted or internal cloud. Your provider should secure your data through encryp- tion and masking but allow you to remain in control of it. In order to buffer your infrastructure from the dangerous world that exists beyond your network, the provider should proactively identify attacks that can pose the greatest threats to your highest-value IT assets, filter out insignificant attacks so you can focus on the more critical ones, and continually scan for internal vulnerabilities. Log management may not seem like a front-line security issue, but it is important as the volume of log data you accumulate increases and as compliance requirements proliferate. There’s a lot of work involved in collecting, analyzing, and archiving IT logs. Look for a service that can cost-effectively assist your organization in addressing its compliance requirements, such as the PCI DSS requirement that any entity that processes credit card data must securely gather, analyze, and archive specific log data, making it available online for 90 days and archiving it for 12 months. And to help you get value from that data, it should also provide an easy-to-use interface that includes a broad range of standardized reports as well as the ability to customize reports to meet your specialized requirements.
WHITE PAPER: MANAGED SECURITY SERVICES Buying IT security as a managed service Network intrusion detection and prevention can help you keep pace with the growing volume of increasingly complex cyber-attacks. Look for a service that will alert you when a critical threat that might have a significant impact on your security infrastructure appears and respond around-the clock with appropriate action based on your preferences. Even when no threat is on the horizon, you should seek a service that configures, monitors, and maintains Intrusion Detection and Prevention (IDP) sensors, and provides ongoing detailed monitoring and reporting for a better view of potential problems and vulnerabilities. Content integrity monitoring too often flies under the radar of internal security groups. But with some attacks focused on tampering with data in files, you need a service that helps you keep a constant watch on your mission-critical files and programs. Look for one that monitors critical directories and files residing on a host computer and alerts you whenever specified files undergo an unexpected change. A State-of-the-art solution: CenturyLink managed IT security services CenturyLink offers all the state-of-the-art services described in this paper — and more. Whether you want security protection delivered at your premises, within a CenturyLink datacenter, or “in the cloud,” we’ve got you covered. Our services range from a basic firewall to comprehensive security coverage that includes threat management, DDoS attack mitigation, log management, web application protec- tion, authentication and authorization services, and physical data center security. When you select CenturyLink as your managed security services provider, we enter into a partnership with you, helping you assess your organization’s unique risk profile and threat landscape, spelling out the protective measures available to you, and then working with you as you decide which security tasks you’d prefer to handle in-house and which you would like us to take on. No matter which path you choose, you’ll be able to tap into the unmatched range of skills of our corporate security team. Security is not a sideline for us: it’s the heart of our business, and we invest in it accordingly. We have staff focused exclusively on network security, physical data security, infrastructure, law enforcement, national security, fraud management, enterprise technology protec- tion, and enterprise security. Specialists in each of these areas interact to gain fresh perspectives on current, emerging, and future threats to our clients. In addition, we are engaged in state-of- the-art information sharing and technology through public-private partnerships, including the FCC Communications Security, Reliabil- ity and Interoperability Council (CSRIC), and with the Department of Defense, Department of Homeland Security, FBI, and The White House. Savvis/CenturyLink infrastructure by numbers: • 50+ data centers in North America, Europe and Asia • 1,500+ enterprise security clients • Hundreds of financial services clients • 5,000+ security installations under management • 12+ years of delivering security
WHITE PAPER: MANAGED SECURITY SERVICES Government and private-sector organizations worldwide must take responsibility for protecting cyberspace, and information sharing among these organizations is likely to grow, particularly following President Obama’s announcement of an executive order to improve the nation’s cybersecurity. Savvis is positioned to be a key player in any such initiatives: through our merger with CenturyLink we have become a global-scale premier provider of managed hosting, colocation, outsourced IT, and cloud services. The combined Savvis/ CenturyLink infrastructure includes more than 50 data centers in North America, Europe, and Asia, serving more than 1,500 enterprise security clients and hundreds of financial services clients. With more than 5,000 security installations under management, and a track record of more than 12 years of delivering security, we have unparalleled expertise in security for enterprise IT. And, unlike some ven- dors, we are completely technology agnostic. We adopt only best-of-breed products to address emerging threats. Can you afford state-of-the-art security? Can you afford not to have it? Growing a financial services business has always required cultivating customer relationships and decreasing churn. These days, secu- rity and customer confidence are critical to that effort — and your business’ revenues. You should consider making security a prominent part of your marketing and outreach activities, to communicate to customers and prospects that you offer unparalleled security for their business. To deliver the security customers demand of their financial services providers today requires expertise and resources that few firms have in house. If you wanted to create state-of-the-art security in house, just keeping your equipment and software current would take up a huge share of your total IT budget. Security technologies are expensive, and constantly changing. But that’s not enough. You would also need to find — and recruit and retain — skilled security professionals. These people are rare, and charge a premium for their services. You might choose to turn to your partners and third party providers for assistance with security, but unless you can be certain of every member and every system within that larger ecosystem, you could be increasing your company’s vulnerability rather than decreasing it. CenturyLink has the scale and resources to provide the world-class security your firm needs in order to maintain and grow its business in today’s ever-changing and darkening threat environment — all at a commodity price. Call us today to start the conversation about how CenturyLink Managed Security Services can help your organization protect itself — and its customers — from evolving internal and external threats. To learn more about CenturyLink visit www.centurylink.com/business © 2013 CenturyLink, Inc. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product names are the property of CenturyLink, Inc. All other marks are the property of their respective owners. WP 120452 4-13 www.centurylink.com/business

Recomendados

Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 

Recomendados

Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Risky Business
Risky BusinessRisky Business
Risky BusinessSamantha Park
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
CTI Report
CTI ReportCTI Report
CTI ReportAlex Deac
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money mengiorgiogarrido6
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperDuncan Hart
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 

Más contenido relacionado

La actualidad más candente

CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money mengiorgiogarrido6
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperDuncan Hart
 

La actualidad más candente (20)

Risky Business
Risky BusinessRisky Business
Risky Business
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
CTI Report
CTI ReportCTI Report
CTI Report
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money men
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO Review
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_Whitepaper
 

Similar a Managed security services for financial services firms

5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent ThreatsBooz Allen Hamilton
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf
10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf
10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdfDrysign By Exela
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemAustin Eppstein
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 

Similar a Managed security services for financial services firms (20)

5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf
10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf
10 Cybersecurity Threats and How eSignatures Can Protect Your Business.pdf
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystem
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 

Más de Jake Weaver

Whitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureWhitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureJake Weaver
 
CenturyLink Network
CenturyLink NetworkCenturyLink Network
CenturyLink NetworkJake Weaver
 
Washington trust bank case study
Washington trust bank case studyWashington trust bank case study
Washington trust bank case studyJake Weaver
 
CenturyLink Case Study Childrens Hospital
CenturyLink Case Study Childrens HospitalCenturyLink Case Study Childrens Hospital
CenturyLink Case Study Childrens HospitalJake Weaver
 
University federal credit union case study
University federal credit union case studyUniversity federal credit union case study
University federal credit union case studyJake Weaver
 
Bank and office interiors case studies
Bank and office interiors case studiesBank and office interiors case studies
Bank and office interiors case studiesJake Weaver
 
SIP Trunking - The cornerstone of unified communications
SIP Trunking - The cornerstone of unified communicationsSIP Trunking - The cornerstone of unified communications
SIP Trunking - The cornerstone of unified communicationsJake Weaver
 
Centurylink Enterprise Cloud & Network
Centurylink Enterprise Cloud & NetworkCenturylink Enterprise Cloud & Network
Centurylink Enterprise Cloud & NetworkJake Weaver
 
The TCP/IP and OSI models
The TCP/IP and OSI modelsThe TCP/IP and OSI models
The TCP/IP and OSI modelsJake Weaver
 
Fast track to the cloud whitepaper
Fast track to the cloud whitepaperFast track to the cloud whitepaper
Fast track to the cloud whitepaperJake Weaver
 
Centurylink Business Technology in 2020 ebook
Centurylink Business Technology in 2020 ebookCenturylink Business Technology in 2020 ebook
Centurylink Business Technology in 2020 ebookJake Weaver
 
Savvis Case Study featuring Enwisen
Savvis Case Study featuring EnwisenSavvis Case Study featuring Enwisen
Savvis Case Study featuring EnwisenJake Weaver
 
CenturyLink - Moneytree MPLS Case Study
CenturyLink - Moneytree MPLS Case StudyCenturyLink - Moneytree MPLS Case Study
CenturyLink - Moneytree MPLS Case StudyJake Weaver
 
CenturyLink - Life Lock Call Center Case Study
CenturyLink - Life Lock Call Center Case StudyCenturyLink - Life Lock Call Center Case Study
CenturyLink - Life Lock Call Center Case StudyJake Weaver
 
Centurylink - Isabella Bank Case Study
Centurylink - Isabella Bank Case StudyCenturylink - Isabella Bank Case Study
Centurylink - Isabella Bank Case StudyJake Weaver
 
Washington trust bank case study
Washington trust bank case studyWashington trust bank case study
Washington trust bank case studyJake Weaver
 
Centurylink - Sun National Bank Case Study
Centurylink - Sun National Bank Case StudyCenturylink - Sun National Bank Case Study
Centurylink - Sun National Bank Case StudyJake Weaver
 
American hospital association case study
American hospital association case studyAmerican hospital association case study
American hospital association case studyJake Weaver
 
Whitepaper outsourcing for innovations
Whitepaper outsourcing for innovationsWhitepaper outsourcing for innovations
Whitepaper outsourcing for innovationsJake Weaver
 

Más de Jake Weaver (19)

Whitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureWhitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructure
 
CenturyLink Network
CenturyLink NetworkCenturyLink Network
CenturyLink Network
 
Washington trust bank case study
Washington trust bank case studyWashington trust bank case study
Washington trust bank case study
 
CenturyLink Case Study Childrens Hospital
CenturyLink Case Study Childrens HospitalCenturyLink Case Study Childrens Hospital
CenturyLink Case Study Childrens Hospital
 
University federal credit union case study
University federal credit union case studyUniversity federal credit union case study
University federal credit union case study
 
Bank and office interiors case studies
Bank and office interiors case studiesBank and office interiors case studies
Bank and office interiors case studies
 
SIP Trunking - The cornerstone of unified communications
SIP Trunking - The cornerstone of unified communicationsSIP Trunking - The cornerstone of unified communications
SIP Trunking - The cornerstone of unified communications
 
Centurylink Enterprise Cloud & Network
Centurylink Enterprise Cloud & NetworkCenturylink Enterprise Cloud & Network
Centurylink Enterprise Cloud & Network
 
The TCP/IP and OSI models
The TCP/IP and OSI modelsThe TCP/IP and OSI models
The TCP/IP and OSI models
 
Fast track to the cloud whitepaper
Fast track to the cloud whitepaperFast track to the cloud whitepaper
Fast track to the cloud whitepaper
 
Centurylink Business Technology in 2020 ebook
Centurylink Business Technology in 2020 ebookCenturylink Business Technology in 2020 ebook
Centurylink Business Technology in 2020 ebook
 
Savvis Case Study featuring Enwisen
Savvis Case Study featuring EnwisenSavvis Case Study featuring Enwisen
Savvis Case Study featuring Enwisen
 
CenturyLink - Moneytree MPLS Case Study
CenturyLink - Moneytree MPLS Case StudyCenturyLink - Moneytree MPLS Case Study
CenturyLink - Moneytree MPLS Case Study
 
CenturyLink - Life Lock Call Center Case Study
CenturyLink - Life Lock Call Center Case StudyCenturyLink - Life Lock Call Center Case Study
CenturyLink - Life Lock Call Center Case Study
 
Centurylink - Isabella Bank Case Study
Centurylink - Isabella Bank Case StudyCenturylink - Isabella Bank Case Study
Centurylink - Isabella Bank Case Study
 
Washington trust bank case study
Washington trust bank case studyWashington trust bank case study
Washington trust bank case study
 
Centurylink - Sun National Bank Case Study
Centurylink - Sun National Bank Case StudyCenturylink - Sun National Bank Case Study
Centurylink - Sun National Bank Case Study
 
American hospital association case study
American hospital association case studyAmerican hospital association case study
American hospital association case study
 
Whitepaper outsourcing for innovations
Whitepaper outsourcing for innovationsWhitepaper outsourcing for innovations
Whitepaper outsourcing for innovations
 

Último

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Managed security services for financial services firms

  • 1. Managed Security Services for Financial Services Firms Leveraging IT Infrastructure as a Service Enables Agile Responses to Constantly Changing Threats WHITE PAPER Chris Richter, Vice President, Security Products & Services, Savvis Dave Mahon, Vice President and Chief Security Officer, CenturyLink Tony Kroell, Vice President Product Marketing, Savvis
  • 2. WHITE PAPER: MANAGED SECURITY SERVICES TABLE OF CONTENTS 2 Financial services firms are under attack 3 Raising the drawbridge is not an option 3 Your firm has already been infected 4 What is the next attack? 4 Where is the next attack coming from? 6 What does an attack cost you? 6 What can your firm do for itself? 8 Buying IT security as a managed service 9 A State-of-the-art solution: Savvis/CenturyLink managed IT security services 10 Can you afford state-of-the-art security? Can you afford not to have it?
  • 3. WHITE PAPER: MANAGED SECURITY SERVICES Financial services firms are under attack The data security and IT integrity of financial services firms is under unprecedented attack. A startling increase in the so- phistication and number of cyber attacks is forcing virtually every company to rise to a level of security consciousness that would have seemed excessive or even paranoid just a decade or two ago. That was then, before the words “phish,” “spam,” “virus,” and “Trojan” acquired new meanings and became part of every- one’s vocabulary. This is now. According to a recent study 1 of 130 enterprise and network operations professionals, both cloud service providers and traditional data centers are under attack. During the course of a 12-month period: • 94 percent of data center managers reported some type of security attacks. • 76 percent had to deal with distributed denial-of-service (DDoS) attacks on their customers. • 43 percent had partial or total infrastructure outages due to DDoS. • 14 percent suffered attacks targeting a cloud service. Today, with so many potential attackers, it’s hard to draw up a reliable short list so that you can start the process of plan- ning your defensive strategy. It’s even harder to thwart an attack if you don’t know what an attacker might be trying to achieve. Is someone launching a distributed denial-of-service (DDoS) attack to shut you down for a few hours and create uncertainty among your customers? Or is that just a smokescreen for stealing credit card information? Or perhaps they’re trying to overwhelm your ISP so they can slip behind the defenses of another ISP customer. It’s hard to say, especially because it’s no longer enough to just look for a profit motive. The attackers may be trolling for intellectual property. Or they may be seeking to cause damage for their political benefit. Often attacks are not motivated by monetary gain but by nihilism, vandalism, politics or ideology, bragging rights, or a host of other motives. Just as the landscape of potential attackers and motives keeps changing, so too does the arsenal of disruptive tools and techniques available to them. Today’s adversaries are much more sophisticated than ever before, with access to more code and expertise than existed just a few years ago. It’s not enough for your organization simply to thwart an attack: you have to continually prepare for the next one even though you can’t predict much about it — except that it’s likely to be smarter and stronger than the one you’ve just survived. You need to build up a dynamic and proactive defensive capability that protects you from attack and increases the speed and agility of your response to any threat.
  • 4. WHITE PAPER: MANAGED SECURITY SERVICES Raising the drawbridge is not an option Financial services businesses — like organizations in all industries — have been outgunned by the hackers. Attacks are bigger and more sophisticated, and perimeters are more permeable than ever before. As Booz Allen observed, “The exponential growth of mobile devices drives an exponential growth in security risks. Every new smart phone, tablet or other mobile device, opens another window for a cyber-attack, as each creates another vulnerable access point to networks.”2 It’s tempting to imagine walling off corporate systems, but current business practices won’t allow it. Cloud, social, and mobile technolo- gies, including “Bring Your Own Device” (BYOD), are simply too cost-efficient and effective for institutions to ignore. And, as a services institution, you have to meet your clients’ demands for easy access. Online banking has become the norm, with some 48 percent of SMBs conducting at least 50 percent of their banking online, up from 29 percent in 2010 and 39 percent in 2011, according to a recent survey.3 In addition, the percentage of respondents who complete all their transactions online has more than doubled, from nine percent in 2010 to 20 percent in 2012. There’s no retreating from the levels of openness and access that customers have come to expect. Your firm has already been infected These days, every organization must base its security strategy on an acceptance that it is already “infected” with some form of mal- ware, to some degree, with or without knowing it. Because perimeters must be permeable to allow web server traffic to flow and employees to interface with customers and vendors, complete protection is impossible. Traditional defenses are still useful, from blocking and tackling to defense in depth. But you have to augment them by dealing with attack mechanisms that have infiltrated your business. You need to shift the focus of cyber-security tactics from building walls to analyzing, detecting, and expunging threats already inside your system. How can those be identified, stymied, and removed? Due to the complex kaleidoscope of attackers, motives, and tools, these are difficult questions to answer. Yet the SEC — and your stakeholders — are going to be holding you responsible for doing so. SEC guidance is now that firms must declare any material risk to their networks, including the following: • Aspects of your business or operations that give rise to material cybersecurity risks, and the potential costs and consequences of those risks. • Functions that you outsource that have material cyber- security risks, and how you address them. • Description of cyber-incidents you’ve experienced that are — individually or in the aggregate — material, including a description of the costs and other consequences. • Risks related to cyber-incidents that may remain undetected for an extended period.4 2 “Booz Allen Reports Top Ten Cyber Security Trends for Financial Services in 2012,” www. Boozallen.com 3 “2012 Business Banking Trust Trends Study,” Ponemon Institute, August 2012 4 Bloomberg Law Reports, January 3, 2012, Vol 6 No 1 “High-profile data breach events have hastened stakeholder focus on the ways in which sensi- tive data is housed and whether management is taking a holistic and comprehensive approach to protecting the data.” - Bloomberg Law Reports
  • 5. WHITE PAPER: MANAGED SECURITY SERVICES This is a lot of responsibility for a firm to shoulder; so many banks have reached out to the United States government for help. Firms have banded together to pool resources and knowledge in the face of this common threat. Increasingly, even the largest, most sophis- ticated financial services firms — like businesses in every other industry — have begun to realize that mitigation of security risks has become such a complex task that it’s much like a separate line of business. Which raises the question every firm should ask itself: do you want to be in the cyber-security business? Is state-of-the-art IT security a specialty that you want — or can afford — to build in house? What is the next attack? Today’s threat environment comprises more attackers — and more tools — than ever before. It’s impossible to describe all the tools and other resources that may be used to launch an attack on your organization, because the scope is expanding all the time. Criminal enterprise supply chains sell inexpensive software tools that can be quickly customized to suit the attacker’s goals and avoid detection by systems. Commercial DDoS attack services and DDoS bots that combine high-volume bandwidth and low-volume application-level attacks are readily available and can be used to shut down your online services — and can also serve as a distraction while a more focused and stealthy attack takes place on your organization or on another organization that uses the same ISP. Public websites that your staff visits can be infected in a way that specifically targets your business. Well-crafted spear-phishing emails can hook even se- nior and savvy employees. And new “bots” are continually evolving to be smaller, harder to detect, more effective, and more organized, making them impossible to flush out of systems. Where is the next attack coming from? This continually evolving arsenal of tools is in the hands of a wide range of attackers, from shadowy organizations and individuals such as nation-states, criminals, hacktivists and terrorists, to the most damaging attackers of all — well-known and even well-liked insiders. Nation-states Recent news has highlighted the cyberterrorist activities of nation-states motivated by political and ideological differences. Iranian terrorists carried out cyber-attacks on nine of the US’s leading banks using data networks or clouds — like those run by Amazon and Google — as well as a host of smaller companies. They may have been behind the “Operation Ababil” DDoS attacks that caused disruptions at major banks. Using servers and customized malware, the attackers leveled between 70 Gbps and 100 Gbps of peak traffic at the targeted sites and tailored the campaign to get around defenses specifically designed to stop floods of data. Nation-states Recent news has highlighted the cyberterrorist activities of nation- states motivated by political and ideological differences. Iranian terrorists carried out cyber-attacks on nine of the US’s leading banks using data networks or clouds — like those run by Amazon and Google — as well as a host of smaller companies. They may have been behind the “Operation Ababil” DDoS attacks that caused disruptions at major banks. Using servers and customized malware, the attackers leveled between 70 Gbps and 100 Gbps of peak traf- fic at the targeted sites and tailored the campaign to get around defenses specifically designed to stop floods of data. Today’s threat landscape: • 111,111 unique strains of malware deployed every day • 10,000 malicious new domains deployed every day • 1,100 DDoS attacks launched every day • 47.59 Gbps peak attack (just one recent example) • 1,057 active botnets
  • 6. WHITE PAPER: MANAGED SECURITY SERVICES Cybercriminals Criminals are everywhere — and cybercriminals are also nowhere, making them virtually impossible to catch. Young hackers are being offered large sums of money — and bragging rights — in exchange for taking on the challenge of bringing down major institutions. As one example, a cyber-gang thought to be based in Eastern Europe and the former Soviet Union is recruiting dozens of people to partici- pate in a scheme to steal millions of dollars from 30 major U.S. banks, according to RSA. The organizers are thought to be associated with the Hangup Team, which claims to have used a proprietary Trojan family, called Gozi, to siphon $5 million through online banking accounts since 2008. This is just one example. There are likely to be many more such gangs in operation. Hacktivists and cyber-terrorists Hacktivists and cyber-terrorists, some sponsored by nation states and others working only for themselves or small groups, are motivat- ed mostly by the desire to destroy prosperity and stability. Security organizations track pending campaigns, and warn that some of the threats on the horizon could be devastating to financial services firms. Project Blitzkrieg, for example, is a “credible threat” according to McAfee Labs, because though it hasn’t yet infected thousands of victims, the attackers have managed to run an operation undetected for several months while infecting a few hundred businesses. This attack combines an innovative technical backend with the tactics of a successful, organized cybercrime movement. Rather than launch a sweeping attack, McAfee said the campaign selectively targets accounts at investment banks, consumer banks, and credit unions, because doing so makes it easier for attackers to evade network de- fenses. While it is possible that Project Blitzkrieg will fizzle out, causing almost no damage, there will be more such attacks, and some of them will be larger, more sophisticated, and potentially more devastating to the financial services industry. Insiders Insiders include current or former employees, contractors, or other business partners who have or had authorized access to your network, system, or data. Because they can bypass your security measures through legitimate means, they can misuse that access and knowledge to impact the confidentiality, integrity, or availability of your information or information systems. Privileged access enables insiders to inflict more damage than almost any other attackers. Sometimes, they do so unintentionally, through error or carelessness. But if managers in financial services organizations set out to commit fraud, studies show that their schemes tend to cost organizations twice as much as when non-managers instigate these crimes. Your customers’ employees pose an insider risk, too. SMBs report malicious or rogue company employees as the cause of online fraud in 42 percent of fraud cases involving their financial institutions. One survey revealed simple employee carelessness to be the root cause of a data breach in 78 percent of such cases, but despite this trend, only 15 percent of SMBs conduct fraud prevention educa- tion.5 5 2012 Business Banking Trust Trends Study, Ponemon Institute, August 2012
  • 7. WHITE PAPER: MANAGED SECURITY SERVICES What does an attack cost you? Some attacks are aimed at defrauding financial services firms. In these cases, it can be relatively easy to quantify the monetary damage your firm suffers: an average mid-sized enterprise with $10 million in annual revenue could lose more than $150,000 from just one suc- cessful DDoS attack.6 But attacks can be even more damaging in ways that are less easy to measure. Your firm’s credibility suffers when customers experience down time as a result of a DDoS attack. Your brand loses value. Customer satisfaction decreases, too, as some attacks can take a site offline — or reduce performance to a crawl — for hours. During that time banks often suffer losses in sales opportunities and revenue because they are unable to respond promptly to market conditions. Produc- tivity takes a hit as well, as highly-paid employees are forced to idle, waiting for service to be resumed. Long after the attack is over, your firm could still feel the effects of loss of customer confidence. Your SMB customers view security as your job, not theirs. In fact, according to a recent survey, 10 percent of SMBs don’t even use basic firewalls and perimeter controls, anti-virus/anti-malware solutions, or database security tools. This means that if a fraud incident occurs, they will blame you. In a recent survey, 70% of SMBs who had experienced a single instance of fraud reported diminished confidence; approximately 40% closed their accounts and switched to other financial services providers.7 What can your firm do for itself? Like most financial services firms, you have probably already taken extensive precautions in house. You’ve almost certainly locked down applications and servers, configured perimeter firewalls to block known network DDoS attacks, and implemented as many of the other 30 or so security best practices set out in various websites8 as you could afford to do. But is that enough? In every industry, firms are asking the same question — and in the high-profile, high-stakes world of financial services the question is even more urgent. Increasingly, firms are weighing the merits of buying IT security services, rather than trying to build (and maintain) their own. Today’s constantly changing landscape of threats and rapid evolution of new technologies make it difficult for most firms to fend off attacks. Leveraging the scale and — most importantly — the expertise of IT security services providers offers your organiza- tion a way to gain higher-quality protection, more cost-effectively, than you could do on your own. 6 2011 DDoS Attacks: Top Ten Trends and Truths, Neustar, 2012 7 2012 Business Banking Trust Trends Study, Ponemon Institute, August 2012 8 http://www.checkpoint.com/defense/advisories/public/cpsa_index.html
  • 8. WHITE PAPER: MANAGED SECURITY SERVICES Buying IT security as a managed service Depending on the provider and package, buying IT security as a managed service can provide your firm the hardware, software, infrastructure, and — most critically — the information and expertise that you need to protect your business in today’s complex and evolving threat environment. This is not a complete list, but it does cover some of the most important — and some less well-known — security issues to consider. DDoS mitigation services should be at the top of your list of required services. Consider only those providers who can detect attack traffic on their or your network before it impacts your infrastructure. Providers should be able to divert traffic and cleanse it of malicious packets before forwarding it to your site. Services can be expensive, so look for one that charges only a low monthly “retainer fee,” plus an hourly charge for traffic cleansing, so you get protection but don’t pay a large monthly premium for mitigation you may rarely need. You’ll also want one that commits fully to standing by you in case of an attack, with skilled analysts who not only monitor the network for attack traffic, but also work with you around-the-clock during an attack to deploy any available countermeasures to keep your site protected. Web application protection can help your organization to cost-effectively protect its sensitive financial, human resources, and customer credit card data from application-based attacks by detecting and blocking malicious web requests, learning the expected usage and monitoring activity of protected applications, and inspecting outbound traffic to ensure no data leakage — all with minimal latency. Cloud computing security services are essential for your hosted or internal cloud. Your provider should secure your data through encryp- tion and masking but allow you to remain in control of it. In order to buffer your infrastructure from the dangerous world that exists beyond your network, the provider should proactively identify attacks that can pose the greatest threats to your highest-value IT assets, filter out insignificant attacks so you can focus on the more critical ones, and continually scan for internal vulnerabilities. Log management may not seem like a front-line security issue, but it is important as the volume of log data you accumulate increases and as compliance requirements proliferate. There’s a lot of work involved in collecting, analyzing, and archiving IT logs. Look for a service that can cost-effectively assist your organization in addressing its compliance requirements, such as the PCI DSS requirement that any entity that processes credit card data must securely gather, analyze, and archive specific log data, making it available online for 90 days and archiving it for 12 months. And to help you get value from that data, it should also provide an easy-to-use interface that includes a broad range of standardized reports as well as the ability to customize reports to meet your specialized requirements.
  • 9. WHITE PAPER: MANAGED SECURITY SERVICES Buying IT security as a managed service Network intrusion detection and prevention can help you keep pace with the growing volume of increasingly complex cyber-attacks. Look for a service that will alert you when a critical threat that might have a significant impact on your security infrastructure appears and respond around-the clock with appropriate action based on your preferences. Even when no threat is on the horizon, you should seek a service that configures, monitors, and maintains Intrusion Detection and Prevention (IDP) sensors, and provides ongoing detailed monitoring and reporting for a better view of potential problems and vulnerabilities. Content integrity monitoring too often flies under the radar of internal security groups. But with some attacks focused on tampering with data in files, you need a service that helps you keep a constant watch on your mission-critical files and programs. Look for one that monitors critical directories and files residing on a host computer and alerts you whenever specified files undergo an unexpected change. A State-of-the-art solution: CenturyLink managed IT security services CenturyLink offers all the state-of-the-art services described in this paper — and more. Whether you want security protection delivered at your premises, within a CenturyLink datacenter, or “in the cloud,” we’ve got you covered. Our services range from a basic firewall to comprehensive security coverage that includes threat management, DDoS attack mitigation, log management, web application protec- tion, authentication and authorization services, and physical data center security. When you select CenturyLink as your managed security services provider, we enter into a partnership with you, helping you assess your organization’s unique risk profile and threat landscape, spelling out the protective measures available to you, and then working with you as you decide which security tasks you’d prefer to handle in-house and which you would like us to take on. No matter which path you choose, you’ll be able to tap into the unmatched range of skills of our corporate security team. Security is not a sideline for us: it’s the heart of our business, and we invest in it accordingly. We have staff focused exclusively on network security, physical data security, infrastructure, law enforcement, national security, fraud management, enterprise technology protec- tion, and enterprise security. Specialists in each of these areas interact to gain fresh perspectives on current, emerging, and future threats to our clients. In addition, we are engaged in state-of- the-art information sharing and technology through public-private partnerships, including the FCC Communications Security, Reliabil- ity and Interoperability Council (CSRIC), and with the Department of Defense, Department of Homeland Security, FBI, and The White House. Savvis/CenturyLink infrastructure by numbers: • 50+ data centers in North America, Europe and Asia • 1,500+ enterprise security clients • Hundreds of financial services clients • 5,000+ security installations under management • 12+ years of delivering security
  • 10. WHITE PAPER: MANAGED SECURITY SERVICES Government and private-sector organizations worldwide must take responsibility for protecting cyberspace, and information sharing among these organizations is likely to grow, particularly following President Obama’s announcement of an executive order to improve the nation’s cybersecurity. Savvis is positioned to be a key player in any such initiatives: through our merger with CenturyLink we have become a global-scale premier provider of managed hosting, colocation, outsourced IT, and cloud services. The combined Savvis/ CenturyLink infrastructure includes more than 50 data centers in North America, Europe, and Asia, serving more than 1,500 enterprise security clients and hundreds of financial services clients. With more than 5,000 security installations under management, and a track record of more than 12 years of delivering security, we have unparalleled expertise in security for enterprise IT. And, unlike some ven- dors, we are completely technology agnostic. We adopt only best-of-breed products to address emerging threats. Can you afford state-of-the-art security? Can you afford not to have it? Growing a financial services business has always required cultivating customer relationships and decreasing churn. These days, secu- rity and customer confidence are critical to that effort — and your business’ revenues. You should consider making security a prominent part of your marketing and outreach activities, to communicate to customers and prospects that you offer unparalleled security for their business. To deliver the security customers demand of their financial services providers today requires expertise and resources that few firms have in house. If you wanted to create state-of-the-art security in house, just keeping your equipment and software current would take up a huge share of your total IT budget. Security technologies are expensive, and constantly changing. But that’s not enough. You would also need to find — and recruit and retain — skilled security professionals. These people are rare, and charge a premium for their services. You might choose to turn to your partners and third party providers for assistance with security, but unless you can be certain of every member and every system within that larger ecosystem, you could be increasing your company’s vulnerability rather than decreasing it. CenturyLink has the scale and resources to provide the world-class security your firm needs in order to maintain and grow its business in today’s ever-changing and darkening threat environment — all at a commodity price. Call us today to start the conversation about how CenturyLink Managed Security Services can help your organization protect itself — and its customers — from evolving internal and external threats. To learn more about CenturyLink visit www.centurylink.com/business © 2013 CenturyLink, Inc. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product names are the property of CenturyLink, Inc. All other marks are the property of their respective owners. WP 120452 4-13 www.centurylink.com/business