Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cybersecurity
    • Innovation
    • IT Management

    eWEEK IT Science: Moving from Reactive to Proactive Fintech Security

    Written by

    eWEEK EDITORS
    Published December 5, 2019
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Here is the latest article in an eWEEK feature series called IT Science, in which we look at what actually happens at the intersection of new-gen IT and legacy systems.

      Unless it’s brand new and right off various assembly lines, servers, storage and networking inside every IT system can be considered “legacy.” This is because the iteration of both hardware and software products is speeding up all the time. It’s not unusual for an app-maker, for example, to update and/or patch for security purposes an application a few times a month, or even a week. Some apps are updated daily! Hardware moves a little slower, but manufacturing cycles are also speeding up.

      These articles describe new-gen industry solutions. The idea is to look at real-world examples of how new-gen IT products and services are making a difference in production each day. Most of them are success stories, but there will also be others about projects that blew up. We’ll have IT integrators, system consultants, analysts and other experts helping us with these as needed.

      Today’s Topic: Moving from Reactive to Proactive Fintech Security

      Name the problem to be solved: Founded in 1990, Wetherby Asset Management is a portfolio management and wealth planning company with more than $5 billion in assets under management. Wetherby was struggling to keep up with the rapid changes within the information security space. The company outsourced most of its technology services, but without the internal resources to highlight issues that needed attention, the service providers were mostly reactive. And the outdated infrastructure offered no network visibility, limiting threat intelligence.

      In addition, Wetherby lacked formalized security policies, procedures and best practices for employees. The company needed to overhaul its approach to security; otherwise, a successful cyberattack was inevitable. To reduce risk with only limited resources, Wetherby would need a clear understanding of the existing security threat landscape and buy-in from senior management.

      Describe the strategy that went into finding the solution: A selection committee was assembled, composed of internal representation from the Technology, Compliance and Operations teams. Because some members of the team did not possess background knowledge of information security fundamentals, some internal training and awareness was provided to align the team in understanding what the objectives were. The solution selection criteria included consideration for solution capability, initial and ongoing cost, vendor reputation and integration points. The team assessed three solutions from different vendors, which involved demos and customer reference calls. Using a scoring mechanism based on the selection criteria, the team quickly eliminated one vendor from consideration. eSentire was ultimately selected due to its advanced behavioral analysis capability, as well as for its focus on the financial services industry.

      List the key components in the solution: Wetherby chose to deploy eSentire Managed Detection and Response, a 24/7 monitoring service that identifies and contains threats. The principal component of this service deployed was esNETWORK, a zero-latency IPS/IDS designed to provide full network visibility, eliminating attack blind spots that traditional technologies miss. It auto-detects and responds to known and unknown threats with:

      • real-time blocking of IOCs, signatures and previously unseen attacks, including phishing, malware, ransomware and botnets;
      • an extensive, proprietary rules library covering 40+ threat categories; and
      • highly customizable rules and policies, including executable white lists, geo-IP and blocking access to specific sites.

      In addition, eSentire’s analysts in the Security Operations Center (SOC) provide expert help with emerging security issues of which the organization needs to be aware.

      Describe how the deployment went, perhaps how long it took, and if it came off as planned: The deployment of eSentire services was properly managed by the eSentire project team and went as planned. Expectations for timeline and internal involvement were set early in the process and helped make sure there were no surprises along the way. From beginning to end, the implementation took approximately six weeks. After the hardware was received and installed by internal resources, the eSentire team took over remote configuration and started a three-week behavioral baseline analysis. Once the network traffic baseline was complete, the system was switched over to an active mode, enabling it to start disrupting unwanted or suspicious network activity.

      Describe the result, new efficiencies gained, and what was learned from the project: Alerts are now configured for events such as remote desktop connections and SSH sessions, which provides Wetherby with the data needed to understand what is happening in its environment, as well as to support new security policies.

      eSentire’s MDR gives Wetherby a much-needed layer of technical defense as a backstop for the company’s cybersecurity awareness initiative. If an employee forgets his/her training and clicks on a malicious link in an email or tries to open an infected file, MDR can find out what page the malicious code contacted and what payload it tried to download.

      Wetherby also replaced an entire cybersecurity program with eSentire’s Managed Vulnerability Service, which provides comprehensive risk identification and prioritization with unmatched accuracy across traditional enterprise IT assets. Before this, Wetherby had commissioned annual penetration tests from a consultancy.

      With an expert security team monitoring every network packet, eSentire’s protection has stopped significant cyberattacks on the organization. For instance, on Dec. 31, 2018, attackers began a sustained 12-hour brute force attack on the company. The SOC alerted Wetherby via email that a sustained attack was coming from several European countries. Wetherby blocked traffic from those countries for the duration of the attack so it could revisit that traffic later. 

      During Wetherby’s next quarterly phone review with eSentire, they reviewed the incident for greater clarity. eSentire also provides regular reports that include useful statistics that demonstrate to management the need for focused security investments.

      Describe ROI, carbon footprint savings, and staff time savings, if any: Had Wetherby built an in-house solution, rather than partner with eSentire, it would likely be spending 2.5 times the cost for similar capability, but with the added risk of eventual employee attrition.

      If you have a suggestion for an eWEEK IT Science article, email [email protected].

      eWEEK EDITORS
      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.