Financial Services

In order to conduct regular business, financial services companies move a lot of sensitive data across the network every work day. But deep within these gigabytes or terabytes of data traversing the wire, how do security managers in these organizations know for certain if any of these data fall into any of the following categories:

• Designer malware, worms, or other destructive program code
• Unauthorized transfer of personally identifiable or account information of customers
• Sensitive account information exfiltrated out of the network by a third party, such as organized criminal groups
• Internal employees sharing M&A transaction or SEC filing information for the company with a competitor or the press
• Resumes of key personnel shared with competitors
• Inappropriate, threatening or hostile communications
• Illegal activities and inappropriate uses of company resources

Current security countermeasures and approaches may address one or more aspects of the problems above, but most are limited in scope. For example, although IDS can detect certain types of malware and exploits, it will not detect most zero-day attacks and will provide no assistance at all with competitor or appropriate-use-related issues. Likewise, content monitoring (CMF) can fall short when asked to make correlations between malware and data exfiltration activities such as those found in beacon traffic or P2P tunneling exploits.

Moving forward, it will be critical for financial services firms to a move to a technology that can provide multidimensional views into all of these threat areas and treat them as a single security challenge.

Network Security Monitoring Must EVOLVE and Be AGILE

NetWitness solves this problem for financial services organizations by offering a powerful infrastructure that records all data on the network and performs fully automated analyses of immense volumes of reconstructed network, application, and user traffic via the NetWitness Informer application. Informer is specifically designed to provide specific and accurate threat alerts and in depth policy and regulatory compliance reports on a wide variety of categories pertinent to financial services firms, including Sarbanes-Oxley, GLBA, PCI and much more. Informer distills highly sophisticated sets of complex network data and quickly highlights common business concerns such as insider threats, data leakage, covert activities/channels, compromised hosts and malware activities.

NetWitness also delivers the NetWitness Investigator application that delivers a highly interactive, deep, real-time view into the same network traffic sets collected and reconstructed via the NetWitness infrastructure. Investigator enables security personnel to access multi-terabyte data sets and pivot them instantly in numerous dimensions based on network, application and user-level criteria. Users of Investigator Enterprise can view this data cube on a continual and real-time basis to zero in on traffic of greatest interest and impact to the organization.