SlideShare una empresa de Scribd logo

5 Must Monitor Financial Applications Whitepaper

O
Oliver Levin
1 de 8
Descargar para leer sin conexión
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW 5 MUST MONITOR FINANCIAL APPLICATIONS THE SHORTLIST OF CORE BANKING AND WEALTH MANAGEMENT SYSTEMS YOU NEED VISIBILITY INTO. In today’s financial world, banks are relying on countless financial applications to help manage important tasks. Wealth Management, Trading, Revenue Management, Investor Accounting, along with many other business needs are consistently being improved by operating them through financial applications. However, now that these apps are containing vast amounts of customer and company data, organizations are having trouble keeping track of exactly “who did what” in these apps. In a couple of cases, this lack of insight has resulted in major problems. At Morgan Stanley, a financial advisor accessed their financial application and downloaded account data on 10% of their wealth management clients – about 350,000 people. JPMorgan also endangered themselves when an employee got access to one of JP Morgan’s banking applications and stole customer accounts in order to sell customer data, which included birth dates, Social Security numbers, passwords, bank account balances, and debit card numbers. Whereas these financial applications are extremely productive for business, they can also be extremely risky from a security perspective. But due to the sheer volume of activity and necessary access, questionable actions are often hidden in the large volume of normal user actions, leading to undetected and overlooked exposure of sensitive data. Below we breakdown some of the most popular applications used in the financial sector, and why it is important to know exactly “who is doing what” within these applications. FISERV Fiserv is a leading financial services company that specializes in banking and wealth management applications. These applications have a wide array of uses and functions.  Cleartouch is an online, real-time bank platform that delivers business analytics and customizable workflows. This platform is used to understand profit potential of customers and save time by centralizing business actions.  DNA is a real-time account-processing platform. The DNA data model organizes all account, transaction and related information around an accountholder and stores it in an enterprise database.  Precision supports new account and transaction processing, document management and imaging, online banking, business intelligence and risk management. This is Fiserv’s most user-friendly application platform.  The Premier platform focuses especially on banking applications. This platform is endorsed by the American Bankers Association and is known for its feature-rich functionality, open integration and scalability.  Signature is a comprehensive customer-centric banking solution that allows organizations to offer consistent information across multiple delivery channels, streamline business processes and mitigate risk.
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW Why Monitor?: Cleartouch is used to collect loads of customer data specifically within their bank account, such as credit and debit card numbers and bank pins. Cleartouch also centralizes business actions, which means numerous departments could have access to data they don’t necessarily need access to. It is important to monitor the activity on this application to make sure the customer data and company data are accessed solely by the correct and necessary employees. DNA uses an enterprise database, which means that there is a massive amount of data in one place. Most employees who have access to this information likely only need small bits of information at any given moment to do their jobs, but have authorized access to view large amounts of data. When modifying or setting up new accounts, application admins can adjust application entitlements to expand privileges to access more customer data such as Social Security numbers and contact information. Knowing who exactly is doing what with this data and tracking application admin entitlement changes is critical for any financial service using these applications. JACK HENRY Jack Henry supports approximately 1,300 banks – ranging from community banks to mid-tier institutions – with in-house and outsourced core processing solutions.  The SilverLake System at Jack Henry Banking is a high customizable, IBM Power System-based solution for commercial banks. The platform supports 140 applications and services aimed at information and transaction processing.  CIF 20/20 is a parameter-drive, IBM Power System-based solution. The platform is a bank-centric system that supports dynamic processing requirements by integrating robust core functionality, and supports 120 applications and services.  Core Director is a Windows-based core processing solution. Core Director is aimed at maximizing staff efficiency and productivity, by providing intuitive point-and-click operation to ensure ease-of-use. The platform supports 110 applications and services and is used by more than 200 banks. Why Monitor?: All three of these application-based solutions operate by centralizing business actions. Thus, with numerous departments within a company (Sales, Marketing, HR, R&D etc…) having access, customer and company data is significantly more vulnerable to improper or unnecessary usage. In a system like this, it is especially important to monitor administrator accounts, given their ability to create, modify or delete users. Creating a fake user or granting a user certain privileges can result in drastic consequences, such as in the case of JP Morgan mentioned earlier. Financial institutions need to be able to set parameters to trigger alerts for unnecessary access to critical information.
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW BLOOMBERG PROFESSIONAL Bloomberg Professional is used globally for countless functions. Their financial apps are among the most recognized in the world.  The Bloomberg Terminal is one of the most famous financial applications. The application functionality serves functions such as asset management, investment banking, treasury and risk management, and private equity. The application has been used since Bloomberg’s creation in order to make trades.  Instant Bloomberg is a leading chat tool used by financial organizations all over the world. It is integrated with the Bloomberg Terminal and is a globally used communication tool. Why Monitor?: Bloomberg Terminal is used for trading world-wide. With data going from city-to-city, country-to- country, it is important to be able to identify irregular or potentially malicious activities. It is imperative that organizations using Bloomberg Terminal can see who has privileges within the applications to make certain trades or transaction policies. Another important aspect to monitoring the Bloomberg Terminal is that many employees of organizations that use the Terminal, who don’t make trades, can possibly still access and review the data with the Terminal. Thus it is vital for companies to make sure the actions taking place within the Bloomberg Terminal are inline with company policy and compliance regulations. Instant Bloomberg is also a significant application to monitor in order to detect potential abnormal activity related to insider trading. By logging all the actions within Instant Bloomberg, any forensic investigation into unethical or insider trading will be much swifter by having a full record of the communication that took place in regards to the malicious activity. FUNDTECH Fundtech offers solutions for a variety of financial services such as payments, cash management and merchant services.  PAYplus USA is a wire transfer automation solution for US national and regional banks. The wire transfer system utilizes a Windows or browser-based user interface, incorporates high levels of straight-through processing (STP) and uses exceptions-based displays.  CASHplus is a highly configurable US domestic cash management solution. It incorporates a full suite of functionality with secure access to account balance and activity reporting, account transfers, US domestic and international funds transfers, loan and credit card reporting, payment initiation, bank reports, and online enrollment. Why Monitor?: Payment and cash management solutions collect PII (Personal Identifiable Information) ranging from Social Security numbers to phone numbers to addresses and so on. Along with the PII, lots of financial information is available in each and every wire-transfer and account balance, such as credit card numbers, debit card numbers and account numbers. In order to prevent mishaps with customer information, companies should monitor these two apps.
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW ADVENT Advent builds financial solutions applications, which focus heavily on wealth management. They also branch out into many other areas such as compliance and reporting.  Advent’s Moxy application streamlines trading and order management. It acts as a centralized platform for making and executing trade decisions quickly and confidently. Moxy includes tools for portfolio modeling, rebalancing and drift analysis.  Black Diamond is a cloud-based management platform for advisors. The application features cloud-based portfolio management, customizable reporting and performance measurement. Why Monitor?: Any centralized platform opens up an organization to the misuse of data by various departments. Advent’s Moxy primarily focuses as a trading application. The combination of centralization and trading results in numerous departments potentially having access to loads of data they don’t require. Monitoring user actions on this data is essential to safely protect customer data. SATISFYING FFIEC MONITORING REQUIREMENTS Application administrators are now in scope of the FFIEC. High privileged accounts include individuals who can change permissions in core banking and wealth management applications. Privileged access is being regulated more tightly by the FFIEC, meaning in order to meet requirements, monitoring core banking and wealth management applications has gone from a luxury to a necessity. Financial applications can become a sore point from an audit perspective. Financial service companies need to comply with FDIC requirements surrounding the audit and logging of privileged access to applications. An FDIC audit has certain visibility requirements such as:  A holistic view of application utilization by administrator level users  Real-time alerts for creation, modification, or deletion of users  Reports centered around application access as a whole Within these applications, administrators are risky users. Their ability to create users and modify user privileges makes administrator level users very powerful, and sometimes, too powerful. In any financial application, an administrator could have the ability to create a user, grant it certain levels of access, and use the account to take company information. Thus, organizations need a system in place that can monitor the actions of administrators, but also monitor the alteration and creation of user accounts.
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW SATISFYING OCC MONITORING REQUIREMENTS The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC) requires that all national banks file a Suspicious Activity Report (SAR) when they detect certain known or suspected violations of federal law or suspicious transactions related to a money laundering activity or a violation of the Bank Secrecy Act. This SAR filing is required for any criminal activity:  Involving insider abuse regardless of the dollar amount;  Where there is identifiable suspect and the transaction involves $5,000 or more; and  Where there is no identifiable suspect and the transaction involves $25,000 or more. Insider abuse of any dollar amount results in a SAR filing. Thus companies need to be able to monitor their internal users in order to know if any abuse is taking place. Without a monitoring solution in place, organizations open themselves up to potentially breaking OCC requirements, which can result in massive fines. SATISFYING GLBA MONITORING REQUIREMENTS The Gramm-Leach-Bliley Act (GLBA) of 1999, forces banks to review their security posture. According to section 501 from the GLBA, “It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.” Furthermore the Act stipulates that each institution that is subject to the GLBA must:  Insure the Security and confidentiality of customer records and information;  Protect against any anticipated threats or hazards to the security or integrity of such records; and  Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer Today there are numerous independent auditors that organizations hire in order to comply with GLBA regulations. A monitoring solution that can accurately depict what access was authorized vs. unauthorized is a vital component of having a successful GLBA audit. As one of the main components to the creation of the GLBA, unauthorized access to customer data stands out as the major concern for any organization looking to comply with the GLBA.
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW USER ACTIVITY MONITORING Now, it’s time for some bad news and some good news. The bad news is that even if you were to implement every practice outlined above, your organization would still not be fully protected. While we strongly recommend the serious consideration of every suggestion we’ve described, none of them are iron-clad. For example, profiling business users and data is difficult, especially as businesses are dynamic and frequently changing; gaps will inevitably remain. Restricting unnecessary access to data is critical, but ultimately, many business users will still need access to the company’s most sensitive data. Restricting the use of dangerous applications is also crucial, yet dangerous applications will always be needed by some users, while other users will be able to find alternative applications not on your “block list.” And no matter how complex your passwords are, and how well you train your employees to protect them, they will always be vulnerable to the most sophisticated and determined hackers. Now, the good news: User Activity Monitoring is a comprehensive user-focused security solution that covers all the gaps left after you’ve done everything else you can. This is because when you know exactly what every user is doing in critical applications and on every desktop in the organization, you will be able to immediately detect dangerous, unauthorized and out-of-policy user activity – and you will be able to stop it in its tracks. You will also be able to quickly and accurately determine, after the fact, exactly who did what with your sensitive data and applications, when and how. OBSERVEIT – THE WORLD’S LEADING USER ACTIVITY MONITORING SOLUTION ObserveIT is the world’s leading provider of user behavior monitoring software. The software can detect and alert on abnormal behavior that indicates insider risks becoming insider threats. This provides an early warning system via user behavior analytics, activity alerting and visual forensics proven to reduce data misuse and unnecessary access, accelerate forensics investigations, and cut internal auditing efforts in half. ObserveIT provides screen- recording technology to capture all user activity across all applications, even applications that do not generate logs and converts screenshots into user activity logs that makes it easy to search, analyze, audit and act upon alerts for suspicious application users, admins and external vendors who have authorized access to an organization's data. ObserveIT has more than 1,200 customers in over 70 countries. VIDEO REPLAY AND ACTIVITY ANALYSIS Playing back a user session shows exactly what occurred on screen during the session. However, ObserveIT goes far beyond simply recording the on-screen activity to video: the software transcribes every session into an easy-to- read user activity log so that watching the video isn’t necessary to know what the user did. Clicking on any particular event in the log launches the video playback from that exact moment. This activity analysis is also used to generate real-time user activity alerts and reporting.
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW REAL-TIME USER ACTIVITY ALERTS When a user-based attack occurs, every second counts. The longer a threat goes undetected, the more damage a company will incur in terms of both financial costs and brand reputation. Without the ability to monitor user activity in real-time, companies will continue to suffer from undetected user-based threats for extended periods of time. ObserveIT’s user activity analytics instantly alert IT security teams to abnormal, suspicious or malicious user activity. The fully-customizable alerts are integrated throughout the system, and are even overlaid into session replay. Furthermore, each alert can be assigned a notification policy which designates who gets notified and at what frequency. REAL-TIME USER ACTIVITY ALERTS ObserveIT captures detailed session activity data and makes it immediately available for alert generation and free- text keyword searching. Administrators, IT security officers and auditors can search for specific mouse or keyboard actions matching:  Names of applications run  Titles of windows opened  URLs accessed via browsers  Text typed, edited, pasted, selected, auto-completed, etc.  Checkboxes and radio buttons clicked  Commands and scripts run in the CMD console Every resulting search hit is linked directly to the portion of the video where that action occurred. This makes it incredibly easy to find the exact moment that any particular action was performed from among thousands of hours of user activity!
OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW OBSERVEIT FEATURE HIGHLIGHTS  Screen capture recording plus video activity analysis for searchable, text-based logging of all user activity  Real-time alerts provide immediate awareness of suspicious, dangerous and out-of-policy behavior  Advanced keylogging enables keyword searching to instantly find any on-screen mouse or keyboard action  Records actions in all system areas and all apps – zero-gap recording of all commercial, legacy, bespoke and cloud apps plus all system areas  Supports all connection methods, including local login, Remote Desktop, Terminal Services, PC Anywhere, Citrix, VMware, VNC, Dameware, etc.  SIEM, NMS and IT ticketing system integration for better security and easier investigations – including direct links to session replay and user activity logs  Privileged User Identification, without requiring password rotation or check-in/check-out  Threat detection console detects and pinpoints suspicious activity  DBA Activity Audit monitors and audits all SQL queries executed by DBAs against production databases  Pre-built and customizable audit reports can be exported to Excel or XML, or scheduled to run automatically for email delivery TRUSTED BY 1200+ CUSTOMERS OBSERVEIT IDENTIFY AND MANAGE USER-BASED RISK Start monitoring in minutes, free: www.observeit.com/tryitnow

Recomendados

ICT4Peace snapshots for Global Knowledge Partnership
ICT4Peace snapshots for Global Knowledge Partnership ICT4Peace snapshots for Global Knowledge Partnership
ICT4Peace snapshots for Global Knowledge Partnership Sanjana Hattotuwa
 
Ensamblar Equipo de Computo
Ensamblar Equipo de ComputoEnsamblar Equipo de Computo
Ensamblar Equipo de Computoemmanoemi
 
Interaction Design Style (Part 3 of 5)
Interaction Design Style (Part 3 of 5)Interaction Design Style (Part 3 of 5)
Interaction Design Style (Part 3 of 5)Christopher Fahey
 
Las editoriales universitarias
Las editoriales universitariasLas editoriales universitarias
Las editoriales universitariasClaudio Rama
 
InfoShare Sri Lanka
InfoShare Sri LankaInfoShare Sri Lanka
InfoShare Sri LankaSanjana Hattotuwa
 
Tablas Hash (Sergio Sánchez Marcos)
Tablas Hash (Sergio Sánchez Marcos)Tablas Hash (Sergio Sánchez Marcos)
Tablas Hash (Sergio Sánchez Marcos)edi.euitio
 
Rushes log 1
Rushes log 1Rushes log 1
Rushes log 1feargz10
 
Core Banking 1
Core Banking 1Core Banking 1
Core Banking 1shezosmith
 

Recomendados

ICT4Peace snapshots for Global Knowledge Partnership
ICT4Peace snapshots for Global Knowledge Partnership ICT4Peace snapshots for Global Knowledge Partnership
ICT4Peace snapshots for Global Knowledge Partnership Sanjana Hattotuwa
 
Ensamblar Equipo de Computo
Ensamblar Equipo de ComputoEnsamblar Equipo de Computo
Ensamblar Equipo de Computoemmanoemi
 
Interaction Design Style (Part 3 of 5)
Interaction Design Style (Part 3 of 5)Interaction Design Style (Part 3 of 5)
Interaction Design Style (Part 3 of 5)Christopher Fahey
 
Las editoriales universitarias
Las editoriales universitariasLas editoriales universitarias
Las editoriales universitariasClaudio Rama
 
InfoShare Sri Lanka
InfoShare Sri LankaInfoShare Sri Lanka
InfoShare Sri LankaSanjana Hattotuwa
 
Tablas Hash (Sergio Sánchez Marcos)
Tablas Hash (Sergio Sánchez Marcos)Tablas Hash (Sergio Sánchez Marcos)
Tablas Hash (Sergio Sánchez Marcos)edi.euitio
 
Rushes log 1
Rushes log 1Rushes log 1
Rushes log 1feargz10
 
Core Banking 1
Core Banking 1Core Banking 1
Core Banking 1shezosmith
 
Art/Archive/Practice at SFAI
Art/Archive/Practice at SFAIArt/Archive/Practice at SFAI
Art/Archive/Practice at SFAIAlla Efimova
 
Demetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
Demetrio Maguigad, Community Media Workshop: Social Media Tools & TacticsDemetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
Demetrio Maguigad, Community Media Workshop: Social Media Tools & TacticsSocial Media for Nonprofits
 
Tablas hash
Tablas hashTablas hash
Tablas hashKba El Grande
 
Blake Canterbury: Real World Action from Online Campaigns
Blake Canterbury: Real World Action from Online CampaignsBlake Canterbury: Real World Action from Online Campaigns
Blake Canterbury: Real World Action from Online CampaignsSocial Media for Nonprofits
 
Choice in digital – Can you have too much of a good thing?
Choice in digital – Can you have too much of a good thing?Choice in digital – Can you have too much of a good thing?
Choice in digital – Can you have too much of a good thing?Reading Room
 
Tabla hash UO194601
Tabla hash UO194601Tabla hash UO194601
Tabla hash UO194601Jose Luis Garcia Inestal
 
Gha hack your mind process your growth
Gha hack your mind process your growthGha hack your mind process your growth
Gha hack your mind process your growthRein Mahatma
 
Alfabetário olimpíadas do rio 2016
Alfabetário olimpíadas do rio 2016Alfabetário olimpíadas do rio 2016
Alfabetário olimpíadas do rio 2016Sonia Amaral
 
Jakarta media book 2013
Jakarta media book 2013Jakarta media book 2013
Jakarta media book 2013C-media
 
~Davidson Wildcats~
~Davidson Wildcats~~Davidson Wildcats~
~Davidson Wildcats~Amanda Nickel
 
2.6 a addressing-micronutrient_deficiencies_omar_dary
2.6 a addressing-micronutrient_deficiencies_omar_dary2.6 a addressing-micronutrient_deficiencies_omar_dary
2.6 a addressing-micronutrient_deficiencies_omar_daryKatia Santos Dias
 
DESIGNING FOR THE SEGMENT OF ONE
DESIGNING FOR THE SEGMENT OF ONEDESIGNING FOR THE SEGMENT OF ONE
DESIGNING FOR THE SEGMENT OF ONEfrog
 
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...Rein Mahatma
 

Más contenido relacionado

Destacado

Art/Archive/Practice at SFAI
Art/Archive/Practice at SFAIArt/Archive/Practice at SFAI
Art/Archive/Practice at SFAIAlla Efimova
 
Demetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
Demetrio Maguigad, Community Media Workshop: Social Media Tools & TacticsDemetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
Demetrio Maguigad, Community Media Workshop: Social Media Tools & TacticsSocial Media for Nonprofits
 
Blake Canterbury: Real World Action from Online Campaigns
Blake Canterbury: Real World Action from Online CampaignsBlake Canterbury: Real World Action from Online Campaigns
Blake Canterbury: Real World Action from Online CampaignsSocial Media for Nonprofits
 
Choice in digital – Can you have too much of a good thing?
Choice in digital – Can you have too much of a good thing?Choice in digital – Can you have too much of a good thing?
Choice in digital – Can you have too much of a good thing?Reading Room
 
Gha hack your mind process your growth
Gha hack your mind process your growthGha hack your mind process your growth
Gha hack your mind process your growthRein Mahatma
 
Alfabetário olimpíadas do rio 2016
Alfabetário olimpíadas do rio 2016Alfabetário olimpíadas do rio 2016
Alfabetário olimpíadas do rio 2016Sonia Amaral
 
Jakarta media book 2013
Jakarta media book 2013Jakarta media book 2013
Jakarta media book 2013C-media
 
2.6 a addressing-micronutrient_deficiencies_omar_dary
2.6 a addressing-micronutrient_deficiencies_omar_dary2.6 a addressing-micronutrient_deficiencies_omar_dary
2.6 a addressing-micronutrient_deficiencies_omar_daryKatia Santos Dias
 
DESIGNING FOR THE SEGMENT OF ONE
DESIGNING FOR THE SEGMENT OF ONEDESIGNING FOR THE SEGMENT OF ONE
DESIGNING FOR THE SEGMENT OF ONEfrog
 
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...Rein Mahatma
 

Destacado (13)

Art/Archive/Practice at SFAI
Art/Archive/Practice at SFAIArt/Archive/Practice at SFAI
Art/Archive/Practice at SFAI
 
Demetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
Demetrio Maguigad, Community Media Workshop: Social Media Tools & TacticsDemetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
Demetrio Maguigad, Community Media Workshop: Social Media Tools & Tactics
 
Tablas hash
Tablas hashTablas hash
Tablas hash
 
Blake Canterbury: Real World Action from Online Campaigns
Blake Canterbury: Real World Action from Online CampaignsBlake Canterbury: Real World Action from Online Campaigns
Blake Canterbury: Real World Action from Online Campaigns
 
Choice in digital – Can you have too much of a good thing?
Choice in digital – Can you have too much of a good thing?Choice in digital – Can you have too much of a good thing?
Choice in digital – Can you have too much of a good thing?
 
Tabla hash UO194601
Tabla hash UO194601Tabla hash UO194601
Tabla hash UO194601
 
Gha hack your mind process your growth
Gha hack your mind process your growthGha hack your mind process your growth
Gha hack your mind process your growth
 
Alfabetário olimpíadas do rio 2016
Alfabetário olimpíadas do rio 2016Alfabetário olimpíadas do rio 2016
Alfabetário olimpíadas do rio 2016
 
Jakarta media book 2013
Jakarta media book 2013Jakarta media book 2013
Jakarta media book 2013
 
~Davidson Wildcats~
~Davidson Wildcats~~Davidson Wildcats~
~Davidson Wildcats~
 
2.6 a addressing-micronutrient_deficiencies_omar_dary
2.6 a addressing-micronutrient_deficiencies_omar_dary2.6 a addressing-micronutrient_deficiencies_omar_dary
2.6 a addressing-micronutrient_deficiencies_omar_dary
 
DESIGNING FOR THE SEGMENT OF ONE
DESIGNING FOR THE SEGMENT OF ONEDESIGNING FOR THE SEGMENT OF ONE
DESIGNING FOR THE SEGMENT OF ONE
 
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
Indonesia Internet Economy and Ecosystem Development Program - Grow Local Go ...
 

5 Must Monitor Financial Applications Whitepaper

  • 1. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW 5 MUST MONITOR FINANCIAL APPLICATIONS THE SHORTLIST OF CORE BANKING AND WEALTH MANAGEMENT SYSTEMS YOU NEED VISIBILITY INTO. In today’s financial world, banks are relying on countless financial applications to help manage important tasks. Wealth Management, Trading, Revenue Management, Investor Accounting, along with many other business needs are consistently being improved by operating them through financial applications. However, now that these apps are containing vast amounts of customer and company data, organizations are having trouble keeping track of exactly “who did what” in these apps. In a couple of cases, this lack of insight has resulted in major problems. At Morgan Stanley, a financial advisor accessed their financial application and downloaded account data on 10% of their wealth management clients – about 350,000 people. JPMorgan also endangered themselves when an employee got access to one of JP Morgan’s banking applications and stole customer accounts in order to sell customer data, which included birth dates, Social Security numbers, passwords, bank account balances, and debit card numbers. Whereas these financial applications are extremely productive for business, they can also be extremely risky from a security perspective. But due to the sheer volume of activity and necessary access, questionable actions are often hidden in the large volume of normal user actions, leading to undetected and overlooked exposure of sensitive data. Below we breakdown some of the most popular applications used in the financial sector, and why it is important to know exactly “who is doing what” within these applications. FISERV Fiserv is a leading financial services company that specializes in banking and wealth management applications. These applications have a wide array of uses and functions.  Cleartouch is an online, real-time bank platform that delivers business analytics and customizable workflows. This platform is used to understand profit potential of customers and save time by centralizing business actions.  DNA is a real-time account-processing platform. The DNA data model organizes all account, transaction and related information around an accountholder and stores it in an enterprise database.  Precision supports new account and transaction processing, document management and imaging, online banking, business intelligence and risk management. This is Fiserv’s most user-friendly application platform.  The Premier platform focuses especially on banking applications. This platform is endorsed by the American Bankers Association and is known for its feature-rich functionality, open integration and scalability.  Signature is a comprehensive customer-centric banking solution that allows organizations to offer consistent information across multiple delivery channels, streamline business processes and mitigate risk.
  • 2. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW Why Monitor?: Cleartouch is used to collect loads of customer data specifically within their bank account, such as credit and debit card numbers and bank pins. Cleartouch also centralizes business actions, which means numerous departments could have access to data they don’t necessarily need access to. It is important to monitor the activity on this application to make sure the customer data and company data are accessed solely by the correct and necessary employees. DNA uses an enterprise database, which means that there is a massive amount of data in one place. Most employees who have access to this information likely only need small bits of information at any given moment to do their jobs, but have authorized access to view large amounts of data. When modifying or setting up new accounts, application admins can adjust application entitlements to expand privileges to access more customer data such as Social Security numbers and contact information. Knowing who exactly is doing what with this data and tracking application admin entitlement changes is critical for any financial service using these applications. JACK HENRY Jack Henry supports approximately 1,300 banks – ranging from community banks to mid-tier institutions – with in-house and outsourced core processing solutions.  The SilverLake System at Jack Henry Banking is a high customizable, IBM Power System-based solution for commercial banks. The platform supports 140 applications and services aimed at information and transaction processing.  CIF 20/20 is a parameter-drive, IBM Power System-based solution. The platform is a bank-centric system that supports dynamic processing requirements by integrating robust core functionality, and supports 120 applications and services.  Core Director is a Windows-based core processing solution. Core Director is aimed at maximizing staff efficiency and productivity, by providing intuitive point-and-click operation to ensure ease-of-use. The platform supports 110 applications and services and is used by more than 200 banks. Why Monitor?: All three of these application-based solutions operate by centralizing business actions. Thus, with numerous departments within a company (Sales, Marketing, HR, R&D etc…) having access, customer and company data is significantly more vulnerable to improper or unnecessary usage. In a system like this, it is especially important to monitor administrator accounts, given their ability to create, modify or delete users. Creating a fake user or granting a user certain privileges can result in drastic consequences, such as in the case of JP Morgan mentioned earlier. Financial institutions need to be able to set parameters to trigger alerts for unnecessary access to critical information.
  • 3. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW BLOOMBERG PROFESSIONAL Bloomberg Professional is used globally for countless functions. Their financial apps are among the most recognized in the world.  The Bloomberg Terminal is one of the most famous financial applications. The application functionality serves functions such as asset management, investment banking, treasury and risk management, and private equity. The application has been used since Bloomberg’s creation in order to make trades.  Instant Bloomberg is a leading chat tool used by financial organizations all over the world. It is integrated with the Bloomberg Terminal and is a globally used communication tool. Why Monitor?: Bloomberg Terminal is used for trading world-wide. With data going from city-to-city, country-to- country, it is important to be able to identify irregular or potentially malicious activities. It is imperative that organizations using Bloomberg Terminal can see who has privileges within the applications to make certain trades or transaction policies. Another important aspect to monitoring the Bloomberg Terminal is that many employees of organizations that use the Terminal, who don’t make trades, can possibly still access and review the data with the Terminal. Thus it is vital for companies to make sure the actions taking place within the Bloomberg Terminal are inline with company policy and compliance regulations. Instant Bloomberg is also a significant application to monitor in order to detect potential abnormal activity related to insider trading. By logging all the actions within Instant Bloomberg, any forensic investigation into unethical or insider trading will be much swifter by having a full record of the communication that took place in regards to the malicious activity. FUNDTECH Fundtech offers solutions for a variety of financial services such as payments, cash management and merchant services.  PAYplus USA is a wire transfer automation solution for US national and regional banks. The wire transfer system utilizes a Windows or browser-based user interface, incorporates high levels of straight-through processing (STP) and uses exceptions-based displays.  CASHplus is a highly configurable US domestic cash management solution. It incorporates a full suite of functionality with secure access to account balance and activity reporting, account transfers, US domestic and international funds transfers, loan and credit card reporting, payment initiation, bank reports, and online enrollment. Why Monitor?: Payment and cash management solutions collect PII (Personal Identifiable Information) ranging from Social Security numbers to phone numbers to addresses and so on. Along with the PII, lots of financial information is available in each and every wire-transfer and account balance, such as credit card numbers, debit card numbers and account numbers. In order to prevent mishaps with customer information, companies should monitor these two apps.
  • 4. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW ADVENT Advent builds financial solutions applications, which focus heavily on wealth management. They also branch out into many other areas such as compliance and reporting.  Advent’s Moxy application streamlines trading and order management. It acts as a centralized platform for making and executing trade decisions quickly and confidently. Moxy includes tools for portfolio modeling, rebalancing and drift analysis.  Black Diamond is a cloud-based management platform for advisors. The application features cloud-based portfolio management, customizable reporting and performance measurement. Why Monitor?: Any centralized platform opens up an organization to the misuse of data by various departments. Advent’s Moxy primarily focuses as a trading application. The combination of centralization and trading results in numerous departments potentially having access to loads of data they don’t require. Monitoring user actions on this data is essential to safely protect customer data. SATISFYING FFIEC MONITORING REQUIREMENTS Application administrators are now in scope of the FFIEC. High privileged accounts include individuals who can change permissions in core banking and wealth management applications. Privileged access is being regulated more tightly by the FFIEC, meaning in order to meet requirements, monitoring core banking and wealth management applications has gone from a luxury to a necessity. Financial applications can become a sore point from an audit perspective. Financial service companies need to comply with FDIC requirements surrounding the audit and logging of privileged access to applications. An FDIC audit has certain visibility requirements such as:  A holistic view of application utilization by administrator level users  Real-time alerts for creation, modification, or deletion of users  Reports centered around application access as a whole Within these applications, administrators are risky users. Their ability to create users and modify user privileges makes administrator level users very powerful, and sometimes, too powerful. In any financial application, an administrator could have the ability to create a user, grant it certain levels of access, and use the account to take company information. Thus, organizations need a system in place that can monitor the actions of administrators, but also monitor the alteration and creation of user accounts.
  • 5. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW SATISFYING OCC MONITORING REQUIREMENTS The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC) requires that all national banks file a Suspicious Activity Report (SAR) when they detect certain known or suspected violations of federal law or suspicious transactions related to a money laundering activity or a violation of the Bank Secrecy Act. This SAR filing is required for any criminal activity:  Involving insider abuse regardless of the dollar amount;  Where there is identifiable suspect and the transaction involves $5,000 or more; and  Where there is no identifiable suspect and the transaction involves $25,000 or more. Insider abuse of any dollar amount results in a SAR filing. Thus companies need to be able to monitor their internal users in order to know if any abuse is taking place. Without a monitoring solution in place, organizations open themselves up to potentially breaking OCC requirements, which can result in massive fines. SATISFYING GLBA MONITORING REQUIREMENTS The Gramm-Leach-Bliley Act (GLBA) of 1999, forces banks to review their security posture. According to section 501 from the GLBA, “It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.” Furthermore the Act stipulates that each institution that is subject to the GLBA must:  Insure the Security and confidentiality of customer records and information;  Protect against any anticipated threats or hazards to the security or integrity of such records; and  Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer Today there are numerous independent auditors that organizations hire in order to comply with GLBA regulations. A monitoring solution that can accurately depict what access was authorized vs. unauthorized is a vital component of having a successful GLBA audit. As one of the main components to the creation of the GLBA, unauthorized access to customer data stands out as the major concern for any organization looking to comply with the GLBA.
  • 6. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW USER ACTIVITY MONITORING Now, it’s time for some bad news and some good news. The bad news is that even if you were to implement every practice outlined above, your organization would still not be fully protected. While we strongly recommend the serious consideration of every suggestion we’ve described, none of them are iron-clad. For example, profiling business users and data is difficult, especially as businesses are dynamic and frequently changing; gaps will inevitably remain. Restricting unnecessary access to data is critical, but ultimately, many business users will still need access to the company’s most sensitive data. Restricting the use of dangerous applications is also crucial, yet dangerous applications will always be needed by some users, while other users will be able to find alternative applications not on your “block list.” And no matter how complex your passwords are, and how well you train your employees to protect them, they will always be vulnerable to the most sophisticated and determined hackers. Now, the good news: User Activity Monitoring is a comprehensive user-focused security solution that covers all the gaps left after you’ve done everything else you can. This is because when you know exactly what every user is doing in critical applications and on every desktop in the organization, you will be able to immediately detect dangerous, unauthorized and out-of-policy user activity – and you will be able to stop it in its tracks. You will also be able to quickly and accurately determine, after the fact, exactly who did what with your sensitive data and applications, when and how. OBSERVEIT – THE WORLD’S LEADING USER ACTIVITY MONITORING SOLUTION ObserveIT is the world’s leading provider of user behavior monitoring software. The software can detect and alert on abnormal behavior that indicates insider risks becoming insider threats. This provides an early warning system via user behavior analytics, activity alerting and visual forensics proven to reduce data misuse and unnecessary access, accelerate forensics investigations, and cut internal auditing efforts in half. ObserveIT provides screen- recording technology to capture all user activity across all applications, even applications that do not generate logs and converts screenshots into user activity logs that makes it easy to search, analyze, audit and act upon alerts for suspicious application users, admins and external vendors who have authorized access to an organization's data. ObserveIT has more than 1,200 customers in over 70 countries. VIDEO REPLAY AND ACTIVITY ANALYSIS Playing back a user session shows exactly what occurred on screen during the session. However, ObserveIT goes far beyond simply recording the on-screen activity to video: the software transcribes every session into an easy-to- read user activity log so that watching the video isn’t necessary to know what the user did. Clicking on any particular event in the log launches the video playback from that exact moment. This activity analysis is also used to generate real-time user activity alerts and reporting.
  • 7. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW REAL-TIME USER ACTIVITY ALERTS When a user-based attack occurs, every second counts. The longer a threat goes undetected, the more damage a company will incur in terms of both financial costs and brand reputation. Without the ability to monitor user activity in real-time, companies will continue to suffer from undetected user-based threats for extended periods of time. ObserveIT’s user activity analytics instantly alert IT security teams to abnormal, suspicious or malicious user activity. The fully-customizable alerts are integrated throughout the system, and are even overlaid into session replay. Furthermore, each alert can be assigned a notification policy which designates who gets notified and at what frequency. REAL-TIME USER ACTIVITY ALERTS ObserveIT captures detailed session activity data and makes it immediately available for alert generation and free- text keyword searching. Administrators, IT security officers and auditors can search for specific mouse or keyboard actions matching:  Names of applications run  Titles of windows opened  URLs accessed via browsers  Text typed, edited, pasted, selected, auto-completed, etc.  Checkboxes and radio buttons clicked  Commands and scripts run in the CMD console Every resulting search hit is linked directly to the portion of the video where that action occurred. This makes it incredibly easy to find the exact moment that any particular action was performed from among thousands of hours of user activity!
  • 8. OBSERVEIT / FINANCIAL APPLICATIONS OBSERVEIT.COM/TRYITNOW OBSERVEIT FEATURE HIGHLIGHTS  Screen capture recording plus video activity analysis for searchable, text-based logging of all user activity  Real-time alerts provide immediate awareness of suspicious, dangerous and out-of-policy behavior  Advanced keylogging enables keyword searching to instantly find any on-screen mouse or keyboard action  Records actions in all system areas and all apps – zero-gap recording of all commercial, legacy, bespoke and cloud apps plus all system areas  Supports all connection methods, including local login, Remote Desktop, Terminal Services, PC Anywhere, Citrix, VMware, VNC, Dameware, etc.  SIEM, NMS and IT ticketing system integration for better security and easier investigations – including direct links to session replay and user activity logs  Privileged User Identification, without requiring password rotation or check-in/check-out  Threat detection console detects and pinpoints suspicious activity  DBA Activity Audit monitors and audits all SQL queries executed by DBAs against production databases  Pre-built and customizable audit reports can be exported to Excel or XML, or scheduled to run automatically for email delivery TRUSTED BY 1200+ CUSTOMERS OBSERVEIT IDENTIFY AND MANAGE USER-BASED RISK Start monitoring in minutes, free: www.observeit.com/tryitnow