In this Blog Post

Written By
Amartya Gupta
Amartya Gupta

Product Marketing Manager

Financial services companies are most susceptible to cyber-attacks and online threats. Ignorance to the need of a robust cyber security and resilient framework can lead to a series of catastrophic events.

While most companies are getting increasingly aware of the nature of cyber-attacks, they often do not know how to combat such threats or how to report attacks.

A study published in March 2016 by the Institute of Directors and Barclays found that 94% of firms believe IT security is important, but only 56% have a strategy in place to address it.

Log Management Tool can help combat this by providing a robust solution.

The Reserve Bank of India (RBI) issued guidelines on the Cyber Security Framework through circular DBS.CO/CSITE/BC.11/33.01.001/2015-16 dated June 2, 2016, highlighting the urgent need for banks to establish a robust cyber security/resilience framework to ensure adequate cyber-security preparedness on a regular basis.

RBI Cyber Security guidelines

Mentioned above regulates all financial institutes; banks included, to adhere to cyber security policy and also change/adapt as needed due to various parameters.

These guidelines aim to assist organizations in structuring proactive threat identification.

The RBI also requires all financial institutions to prepare by July 31st, 2017, to report any incident related to data security or breaches within 6 hours of its occurrence.

Organizations often neglect data security, which should be paramount.

Every employee in an organization is paranoid about its crucial data, and wants to make sure it does not reach wrong hands!

While financial institutions and banks acknowledge the significance of cyber risks, they don’t always fully recognize or address this issue across the enterprise.

What we have understood after a deeper analysis of guidelines for Cyber Security Framework that the Banks need to develop a comprehensive approach to cyber risk management specifically in the following areas:

  1. Monitor each and every activity in their IT infrastructure
  2. Best prevent, but at least detect anomaly within a couple of hours
  3. Preparedness for defending cyber-attacks for safe and sound operations

While most of the financial institutes have already invested in tools and products claiming to be able to provide comprehensive monitoring of events, logs and network data, a close examination though it shall be easy to find holes in their preparedness for meeting RBI’s requirements.

Take a look at key problems they face:

  • Banks and such financial institutes generate tremendous amount of data and events, in recent times probably due to demonetization it has reached insane levels due to more number of digital transactions and more people coming into formal financial markets. Volume is going to grow rapidly!
  • The main concern is – Do their current product/tools handle such volume? Unless their product can handle in tune of 50,000 to 100,000 events per second in single instance, they would find themselves always catching up by adding more hardware, increasing TCO every year and then scratching their heads on how to handle such an add on in their IT infrastructure!
  • Even after they manage to handle 100,000 events per second scale of incoming data – the real use would be to be able to extract real and actionable information intelligently – such as reporting breach within 6 hours and coming with a plan to plug the hole!

Current need of the hour is to replace such multiple monitoring tools giving fragmented view of situation with a unified monitoring tool.

While apps run on servers connected in a network, monitoring of these servers occurs on different systems! Each of them generate valuable log data which again go unmonitored and hence unanalyzed!

Many organizations are hardly equipped to analyze network flow data to pinpoint problems, isolate them, and fix them during outages or DDoS attacks.

Unless they invest in a true Unified monitoring system that can correlate all data and analyze in real time with actionable inputs across multiple channels – the task of meeting RBI’s requirement looks pretty daunting!

As the saying goes “Results are gained by exploiting opportunities, not by solving problems.” Using Motadata 6.x every bank will be able to proactively initiate the process of setting up of and operationalizing a Security Operations Centre to monitor and manage cyber risks in real time.

Banking IT staff can also consider monitoring solutions available in the market according to section 4.2 from Baseline control section RBI has stated that “The bank may consider implementing solutions to automate network discovery and management.”

As Peter Drucker puts it “Long-range planning does not deal with the future decisions, but with the future of present decisions.”

We understand how difficult it is for IT teams to identify problems, given the multiple tools, lack of unified monitoring, inadequate runtime log management, and escalations.

Most importantly, there is often no correlation of events for easy analysis of the generated data to determine if a problem, threat, or attack exists.

In large and complex IT systems, symptoms often manifest far from the actual root cause, and the ability to find the relationship between such events is key to managing the IT environment effectively.

Famously quoted by Mr. Abraham Lincoln “The best way to predict the future is to create it.”– with Motadata’s correlated log management tool one can proactively identify root cause of attacks, classify them into identified categories and suggest solutions to contain further attacks of similar types.

Wait! There’s more to it, Motadata’s log management tool has the ability to assess threat intelligence and then proactively identify/visualize impact of threats on the bank like,

Who did what? When? Along with preservation of evidence!

Motadata is capable of processing any kind of log data generated from multiple heterogeneous sources thus it becomes an excellent choice than anything else out there.

Its log management tool keeps a real-time check on activities being done across your IT infrastructure and detects anomalies.

Let’s you gather relevant data in case of security breach i.e. it has a room for Security Forensic Analysis too! You don’t need to be proficient in the query to drill-down conversion, just breeze through intuitive data-model mapping.

Scheduling remedy actions when something happens is just a click away! Since Motadata’s log management tool has automated rectifying actions for undesirable events.

Post RBI’s recent release on Cyber Security Guidelines for all Commercial Banks we also analysed how we could help our clients from banking sector.

We have numerous features which prove to be of great help in this case.

  • If unauthorized personnel tries to log in/access important files, Motadata has a provision to alert you instantly. We will be able to alert you within seconds along with IP address of the attacker.
  • Even if the server/interface is down and someone tries to access files/confidential data, then too logs will get generated & eventually you will receive an alert.
  • With Motadata’s Root-cause analysis you can get Nth level drill down to solve the issue.
  • Number of transactions can be tracked
  • Number of users logged in can be tracked (with source IP address).
  • Thus you will always be aware of number of users who are currently online.
  • You will get complete information on failed transactions along with reason for failure, time, date and solution.
  • Prevent unauthorized logins. Motadata’s custom alerts will notify you of any unauthorized login within seconds, allowing you to block the user. For example: Post working hours someone tries to login & access gets denied to that particular attacker/user, then Motadata identifies the same & alerts you in the nick of time.
  • Keep a track of resource utilization i.e. get updates post 80% disk/CPU/Memory utilization. Thus you can ensure 100% uptime of your transactional activities. For example – Let’s assume your server is capable of supporting 50 users at a time and if it exceeds your limit then the server goes down, with Motadata you can customize alerts (Default: 80% utilization) and ensure maximum uptime of your services.
  • You can also generate custom reports from alerts in excel & PDF format which you can forward to upper level management in case of security breach, hence helping you save more time and effort.

Motadata’s log management tool can derive intelligence out of your bulk log data & help you achieve 100% uptime of your resources making sure that there is no exploitation of the same. Try Now