Apr 20 2015

Banks Bolster Security with Advanced Malware Protection

Business IT managers select tools that complement anti-virus software to stop threats in their tracks.

About three years ago, it became clear to CIO Wade Jones that he needed more than firewalls and anti-virus software to protect Citizens National Bank of Texas’ network.

A security consultant showed Jones the FireEye Malware Protection System security appliance, and he immediately liked that it could safeguard traffic across the bank’s 10 branch locations.

Compromised machines typically try to communicate back to the malware’s home server, enabling malware to relaunch and potentially spread. “The FireEye MPS caught some of the callbacks within a few days of doing a trial,” Jones says. “If it blocks just one callback, in my mind it’s worth the time and money to set the appliance up.”

Jones says the FireEye MPS appliance also automates what was formerly an onerous remediation process. “Realistically, it was impossible to manually go through all the logs in the firewalls,” he says. “In terms of capturing Internet-based threats, the MPS does it all.”

Frank Dickson, a research director for Frost & Sullivan who covers network security, says Citizens National Bank of Texas wisely came to the conclusion that it needed more than anti-virus software alone could provide.

What IT staffs need are tools that complement and extend anti-virus,” Dickson says. “Many of these new tools have been developed to detect and block the latest advanced persistent threats and zero-day exploits.”


The number of hits related to a recent zero-day exploit in Adobe Flash used in malvertisement attacks

SOURCE: TrendLabs Security Intelligence Blog, “Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements,” February 2, 2015

Integrated Appeal

Dan Polly, vice president and enterprise information security officer for First Financial Bank in Cincinnati, says the threat landscape has always held hazards such as sensitive data exfiltration. But today’s risks include ransomware and the malicious destruction of data.

First Financial worked closely with Cisco Systems to deploy advanced malware tools, including Sourcefire and ThreatGrid. Polly says Cisco has done a good job of integrating those products into its security ecosystem. For example, Cisco Advanced Malware Protection (Cisco AMP) incorporates ThreatGrid’s malware analysis capabilities. This eliminates many of the manual tasks that security professionals previously had to perform when examining suspect files.

What security professionals need today are complementary products that extend from the endpoint through the perimeter as well,” Polly says.

Brad Stroeh, vice president and manager of network services and security engineering for First Financial Bank, wants Cisco to integrate its acquisitions so that, over time, the IT department can manage firewalls, web content filters and advanced malware tools from a single console.

“Phase One has been centralized management of firewalls while improving the products overall, but I think we’ll see Cisco integrate many more security products in the next couple of years,” Stroeh says.

Digital Vision./ThinkStock