UserLock® Mitigating the Security Risk from Internal Users within the Banking & Financial Sector

THE INSIDER THREAT

Some of the risks posed from Insider

Threats in the Financial Sector:

THE INSIDER THREAT

• Undesired disclosure of confidential

customer and account data

• Fraud

• Loss of intellectual property

• Disruption to critical infrastructure

• Monetary loss

• Embarrassment, Public Relations

• Destabilize, disrupt and destroy cyber

assets of financial institutions ‘Insiders already know where the company’s crown jewels are!’

IDENTIFYING THE INSIDER THREAT

Forrester research* has also shown that

the greatest volume of security breaches

come from employees inadvertently

misusing data

IDENTIFYING THE INSIDER THREAT

Dealing with both malicious and

careless activity from employees,

ex-employees or trusted partners.

IS Decisions research shown that IT

professionals consider ignorant users to

be the greatest security risk in their

organization

IN YOUR OPINION, WHICH GROUP WITHIN YOUR

ORGANIZATION REPRESENTS THE GREATEST SECURITY RISK?

The Insider Threat Security Manifesto – IS Decisions 2014

* http://www.csoonline.com/article/741148/report-indicates-insider-threats-leading-cause-of-data-breaches-in-last-12-months

TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT

Nearly 90%* of IT Professionals

consider insider threats to be a purely

cultural issue and are not aware that

technology can help them address

internal security issues.

TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT

* The Insider Threat Security Manifesto – IS Decisions 2014

TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT

TECHNOLOGY SOLUTIONS FOR THE INSIDER THREAT

UserLock is an enterprise security software

that controls and secures network access

for all authenticated users.

UserLock helps organizations reduce the

risk of security breaches from insider

threats (intentional or not), offer an

immediate response to suspicious user

behavior and get compliant with major

regulations.

1. SECURE NETWORK ACCESS

Restrictions by location – workstation, device

Limit or prevent concurrent logins

UserLock sets and enforces effective login

controls and restrictions (that cannot be

achieved in native Windows) on what

authenticated users can do. This fine-

grained access control helps ensure

inappropriate access to company data is

no longer a possibility.

ENSURE INAPPROPRIATE ACCESS IS NO LONGER POSSIBLE

Restrictions by usage/connection time

2. IMMEDIATE RESPONSE TO SUSPICIOUS USER ACCESS

Recognize improper user access and respond

to risk behavior or access attempts from

someone other than the legitimate user

Real-Time Monitoring provides the

visibility into what users are doing and

the ability to take appropriate security

measures to alleviate security threats.

IMMEDIATE RESPONSE TO SUSPICIOUS USERS

immediate and remote response to suspicious, disruptive or unusual logon connections

should be an integral part of any organizations security policy and risk mitigation strategy

3. ACCURATE IT FORENSICS IN THE EVENT OF A SECURITY BREACH

Accurate, detailed information about who was connected,

from which system(s), since what time, for how long etc…

UserLock records and archives all access

events across the whole Windows Network,

giving IT the ability to support accountability,

legal investigations and internal trend analysis.

ACCURATE IT FORENSICS IN THE EVENT OF A SECURITY BREACH

Time spent manually monitoring and auditing network access can be

significantly reduced (up to 90%), freeing up resources for other critical tasks

4. STOP EMPLOYEES SHARING LOGINS

Preventing concurrent logins reduce the ability of users to share

credentials as it impacts their ability to access the network

UserLock helps eliminate the opportunity for fraud

resulting from users sharing logins. It’s vital to

ensure that employees are limited to using only

their own personal login information.

STOP EMPLOYEES SHARING LOGINS

It provides the motivation for employees to adhere to password security policy and help protect the organization’s critical assets

Also, UserLock ensures access is attributed to an individual employee - making them responsible for each and every activity

5. STOP ATTACKERS USING STOLEN CREDENTIALS

Preventing concurrent logins makes it impossible for any rogue user to use valid credentials at the same time as the legitimate

owner

Restricting access by physical location and setting usage/connection time limits helps organizations avoid these attacks

UserLock ensures unauthorized access is

no longer possible – even when credentials

are compromised - stopping malicious

users seamlessly using valid credentials.

Such an attacker is likely to log in with

stolen credentials from an abnormal

location at an usual time.

STOP ATTACKERS USER STOLEN CREDENTIALS

6. RAISE USER SECURITY AWARENESS

Messages about legal and contractual implications discourage employees from committing cybercrime or lashing out for a

perceived injustice

UserLock notifies all users about any access denials on their account

Informed employees are an important line of

defense.

UserLocks’ notification system supports

organizations efforts to communicate security

policies, increase user security awareness and

educate about insider threats.

RAISE USER SECURITY AWARENESS

7. ENFORM COMPLIANCE WITH MAJOR REGULATIONS

UserLock provides features to identify,

search, report and archive user access for

compliance with major industry regulations,

including NIST 800-53, Sarbanes-Oxley,

NIPSOM Chapter 8, PCI, ICD 503…

ENFORCE COMPLIANCE WITH MAJOR REGULATIONS

FINANCIAL SECTOR CASE STUDIES

http://download.isdecisions.com/pdf/en/userlock/Articles/Bank-Cyprus-Case-Study.pdf

http://download.isdecisions.com/pdf/en/userlock/Articles/Leading-Banking-Group-Case-Study.pdf

QUESTIONS?

THANK YOU!