Last week, six major U.S. FIs — Bank of America, Citigroup, JPMorgan Chase, PNC, U.S. Bank and Wells Fargo — were the targets of cyber attacks. In each case, the bank's online systems were either severely slowed or shut down for a time by millions of computer-generated service requests that overloaded networks with traffic.
So called "denial of service" attacks are not intended to access databases; their object is simply to obstruct service. Still, they can cause serious — and costly — disruption to systems. Last week's episodes underscore the ease with which an individual (or government) with a computer and malicious intent can wreak havoc on a financial system.
Financial institutions do have tools at their disposal to fight back against outside attacks — and inside manipulation. One of the newer ones for ATM fleets is SecureVue from eIQ Networks.
The eIQ name may be new to the ATM industry, but the company is widely known in other sectors, including finance, healthcare, media and retail. The company also works with the U.S. Department of Defense, itself the recipient of 6 million hacking attempts each day.
"I've followed eIQ for a couple of years; they're actually one of the premier vendors in the SIEM space," Linda Musthaler, a principal analyst with Houston-based Essential Solutions Corporation, a firm that helps decision-makers evaluate, select and implement IT solutions.
A different kind of SIEM technology
Acton, Mass.-based eIQ was founded in 2001. The company introduced its signature product, SecureVue, some years later.
"By 2007 we were already realizing that SIEM technologies weren't really cutting it, because they were limited just to event-based information … [this wasn't] going to be enough — either to address compliance, or to address actual security requirements within an organization," said eIQ Vice President and Chief Security and Compliance Officer, John Linkous. "SecureVue was built as a solution to that problem."
Story continues below...
The product is an agentless technology that collects and analyzes security-related data on a network — advanced configuration and state data, network traffic, performance metrics, availability data and more. The application is typically used by network operating centers or security operations centers.
What makes SecureVue different from other SIEM solutions is its agentless technology, Linkous said. This allows the software to remotely connect to and monitor almost any type of banking technology, whether its a server and an operating system, a specific application, or a network device like a router, switch or firewall. These closed, self-contained systems cannot accept an agent. But they can be monitored by SecureVue.
"Not only can we agentlessly and natively collect data, but we can also basically collect data through any other sensor or agent or other API that exists on the system," Linkous said. "So if there is an RMA of some other type or remote agent sitting out there, whether it is the bank's proprietary agent or a vendor-specific agent, say like a Diebold or an NCR-type agent, we would be able to communicate with that, collect data from it and include that in our data repository for monitoring purposes."
'As real-time as it gets'
As data comes in from all sources, SecureVue collects and collates it, presenting the information in a dashboard-style screen that can be customized to the viewer's monitoring needs. Data can also be collated into reports.
For example, if the user wants to see any configuration changes over the previous 24 hours, SecureVue can generate a report based on those parameters.
"So, if remotely someone has gone in and patched an ATM or a group of ATMs, or if someone has gone in and updated the bias on the underlying hardware — things of that nature — we can monitor and respond to all of that in as close to real time as it gets," Linkous said.
Another differentiator for SecureVue is that it's built on a proprietary database, unlike products based on Oracle, MS SQL or other "relational" database products. Those products are focused on collecting log and event data only, Linkous said. And for good reason.
"[R]elational databases simply can't keep up with large volumes of traffic," he said. "So if you are a bank that has 20-, 30-, 50,000 ATMs out there and you're trying to centrally monitor and manage those systems, you're really not going to be able to collect the real-time data with a relational database on the back end. So that's why we're focused on our proprietary database."
A proprietary database also eliminates the vulnerabilities that come along with today's off-the-shelf ATMs and their commoditized operating systems and firmware. The good news, said Linkous, is that SecureVue can directly connect to existing protocols and back office monitoring systems to collect the data they provide.
Flexibility and options
SecureVue supports data collection for more than 400 operating systems, platforms, applications and network devices out-of-the-box. And the ones it doesn't support out-of-box — e.g., a proprietary banking platform — the company offers a "full-blown" software development kit that allows the end user to establish connectivity.
Additionally, eIQ supports a managed security service provider model for SMB and mid-market-sized customers, allying with names in the managed security industry such as AT&T, British Telecom, and CompuCom. These companies provide SecureVue as a managed platform, Linkous said.
"So if you're a small to mid-sized bank and you have minimal IT and security staff and personnel, the MSSP can provide the technology for you on an ASP basis … And in all those cases, if they choose to, they can also provide the actual professional services staff — the people that will actual monitor the platform 24/7."
Linkous said that SecureVue for ATMs currently is being evaluated by several major banks, including some that already use the product for other data security purposes. And the company recently released SecureVue NGS, its next-generation SIEM solution, a simple, easy-to-install version of SecureVue for SMBs.
Crossbeam Systems, a network security deployer, recently installed SecureVue NGS to safeguard its own network. According to Dan Swanson, network security manager at Crossbeam, "We were able to install SecureVue NGS, bring our critical servers, applications and network security devices onboard, and begin to gain valuable visibility into our IT security posture within an hour of downloading and installing the software."
For more on this topic, visit the security research center.