Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking

    Bank Thwarts Threats From Within

    By
    Lauren Gibbons Paul
    -
    August 7, 2006
    Share
    Facebook
    Twitter
    Linkedin

      All IT managers worry about hackers, viruses and external security threats. But what really keep IT pros up at night are threats generated inside their companies firewalls. Even when they are not maliciously motivated, employees, contractors and visitors to an office building can wreak havoc by logging on to the corporate network without heeding corporate security policies.

      Ulster Savings Bank, in Kingston, N.Y., uses an outside company to conduct periodic security audits. When a 2005 audit revealed the banks procedures for protecting against internal threats were less than solid, Jim Hochstatter knew it was time to take action.

      “We had faced the outward-facing security issues and were feeling pretty good about that,” said Hochstatter, vice president of technology for the 20-branch institution. “But security issues kept popping up in the press. The next big theme was inward-facing threats.”

      Seeking advice from systems integrator Topgallant Partners, of Londonderry, N.H., Hochstatter arrived at a network access control solution that would ensure all machines connected to the corporate network complied with security policies.

      Topgallant had been working with the bank for more than a year, and Jeff Jones, managing partner at Topgallant, said he knew Hochstatter would be open to his suggestions on beefing up internal security.

      Founded in 1851, Ulster Savings Bank had a tradition of extreme caution when it came to adopting new technology. When Hochstatter came on board in 2004, he was tasked with implementing a direct Internet connection for the first time.

      And, as the bank was pursuing an aggressive growth strategy, all the systems had to be upgraded to support those plans. “This company is about $635 million in assets. Our five-year plan puts us up to $900 million,” said Hochstatter.

      Hochstatter said he wanted to put in place a solid IT infrastructure and tools that would allow his modest five-person IT staff to handle more users and a bigger network without having to increase head count. The bank currently has 355 employees.

      “We had hired a firm to harden the perimeter of the network. But we needed another piece in there,” Hochstatter said. “We needed a tool that would help us manage access to our physical network from inside.”

      In the process of evaluating network access solutions, Topgallant recommended that the bank buy the CyberGatekeeper network access control system from InfoExpress, of Mountain View, Calif. CyberGatekeeper audits the endpoint before allowing it onto the network.

      In December 2005, Hochstatter signed the purchase order for CyberGatekeeper. The project cost $75,000, including 200 software licenses, hardware and implementation services.

      CyberGatekeeper works via a software agent installed on each machine, according to Todd Nakano, executive vice president of sales for InfoExpress. The software checks that the PC, laptop or other device is in compliance with security policies. This includes running all new anti-virus definitions, disallowing instant messaging applications, checking for the most recent operating system patches and making sure the personal firewall is configured properly.

      /zimages/2/28571.gifClick here to read a review of InfoExpress CyberGatekeeper LAN 3.0.

      “It allows IT folks … visibility into all the endpoints connecting into the network, whether they are remote or in the office,” said Nakano. “[CyberGatekeeper] gives them the confidence of knowing exactly what is connected to the network and the ability to remediate instantly.”

      The rollout proceeded on at an orderly, if somewhat leisurely, pace. Since the IT department had to physically “touch” every machine to install the agent software, it took some time to get all the machines ready. There were some surprises: A few machines were woefully out of policy in terms of running the required software patches. It took about five months to bring all of them in line.

      “We didnt go to full enforcement until everything was clean,” said Hochstatter. “From a technical and users perspective, the final implementation was a nonevent.”

      As for implementation of CyberGatekeeper itself, it was a success, said Hochstatter. Though the bank now uses CyberGatekeeper only to check for the most current anti-virus definitions, he has not ruled out expanding its use down the road. “Our configuration is quite simple. It may get more elaborate over time,” Hochstatter said. “The thing is, I get a warm and fuzzy feeling being able to see every endpoint that is connected to my network.”

      Lauren Gibbons Paul is a freelance writer in Waban, Mass. E-mail her at [email protected].

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Lauren Gibbons Paul

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×