Security Architecture for Financial Services – A CyberSecOp Case Study

Written By CyberSecOp Cybersecurity & Breach News

Security Architecture for Financial Services Case Study

The Financial Services Sector encompasses a wide variety of commercial concerns, from traditional depository banking operations, to exotic investment funds and cryptocurrency exchanges.  Yet, for all of their diversity of purpose each of these concerns will pursue a common goal of maximizing returns on their information security architecture - an increasingly important institutional discipline in today’s environment of proliferating threat actor assaults. 

The purpose of this analysis is to provide a step-by-step roadmap exploring some of our sample engagements, client requirements, and solutions provided. 

Engagement

Client requested that CyberSecOp assist with an information security breach response, and provide a subsequent analysis of its information security architecture along with present risks and vulnerabilities together with a comprehensive remediation roadmap.

Procedures

CyberSecOp was engaged to perform the following procedures as an outgrowth of the incident response:

·         Breach response risk mitigation – Diagnose source and method of breach, immediately cure the vulnerability and ascertain the status of data loss (if any)

·         Post-Mortem – Provide the client with a formal report addressing our findings

·         Information Security Architecture Risk Assessment – Perform a comprehensive risk assessment of the client’s information security architecture in accordance with industry best practices and standards, providing a formal written report for the client’s review

·         Information Security Program – Formulate a security program complete with monthly reporting to ensure the ongoing integrity of the client’s information security environment

·         Implement 24 hour, 7 day per week Managed Detection and Response, covering all client networked resources through CyberSecOp’s Security Operations Center; integrate client’s information security reporting tools to CyberSecOp’s SIEM service via the Security Operations Center; recommend and implement a centrally monitored Advanced Endpoint Protection solution.

·         Design and implement a cybersecurity dashboard solution, using the client’s preferred cloud-based information security reporting software.

 

Solutions

Breach Response and Risk Mitigation

CyberSecOp maintains a dedicated team of information security breach response professionals (‘Blue Team’) that stand ready and able to assist clients at a moment’s notice.  CyberSecOp’s Blue Team professionals are some of the most skilled and best informed in the industry.  Our Blue Team professionals will also provide formal documentation detailing the particulars of breach causality, as well as make recommendations to mitigate future information security risks.

Risk Assessment and Security Program Services

CyberSecOp risk management professional will provide the client with formal, written documentation discussing the state of the client’s information security architecture and detailing any vulnerabilities revealed in the data gathering, testing and discovery process.  Our risk management professionals will then devise a comprehensive information security program designed to ensure that the client’s information security environment maintains integrity and that all covered systems and endpoints are updated with the most recent industry leading security features.

The CSO Security Operations Center (‘SOC’)

CSO’s Security Operations Centre service can be integrated with a customer’s own Security Operations Centers, should a shared, collaborative architecture be preferred. Partner Security Operations Centers may focus on areas within the customer’s own security domain or, if its business boundaries are extended by extensive collaboration with third party organizations which operate to different technology standards, monitor devices in such domains through the ‘Internet of Things’.

CSO’s Cyber Security Dashboard Service

CyberSecOp’s Security Portal and Dashboard service will provides reports and visibility on the implemented security services, including pre-defined views covering:

  • Security news, campaigns and threat information from external Threat Intelligence sources

  • Security incidents in the form of generated ‘trouble ticket’ information from analyzed security incidents

  • Security warnings, incident and alert information automatically generated by Security Incident and Event Management systems

CSO’s Security Incident and Event Management (‘SIEM’) and Managed Detection and Response (‘MDR’) Service

CSO’s SIEM Services comprise ‘always-on’ basic security analytics based on static, predefined correlation rules and are included with CyberSecOp’s Security Operation Center service.  Clients can leverage CyberSecOp’s SIEM data collectors to provide a more robust picture of threat actor behavioral analytics, as described below.

Behavioral Analytics

CSO’s SIEM Behavioral Analytics monitors use threat actor behavior to identify anomalies. During that time the service learns what the normal activities of a customer’s end user are, so that the system is then able to identify anomalies whether a compromised account, infected host, account misuse or lateral movement.

Advanced Endpoint Protection (‘AEP’)

CyberSecOp provides a comprehensive suite of AEP solutions through our Security Operations Center.  Advanced Endpoint Protection involves deploying sophisticated data protection software on all firm endpoints, including desktops, laptops, mobile devices and ‘Internet of Things’ devices.  AEP software ensures threat actors are not able to access the client environment through one or more exploitable connected devices.

 The CyberSecOp Advantage

Today’s information security environment is becoming ever more complex by the day. Concerned commercial businesses are increasingly finding themselves subject to seemingly random attacks from threat actors, who in reality select their targets carefully after extended observation and deploy tools to hold the target completely inoperable pending response to their demands. While following the steps set forth above can help inoculate the firm against such attacks and ensure that the client’s operating environment remains undisturbed, providing a competitive advantage in today’s marketplace is vital.  Here at CyberSecOp, our professionals can assist in implementing the recommended framework, providing our clients white-glove service with all of their information security needs.

 

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, DFAR, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News
Previous

Cyber Security Threat Hunting Case Study - gain visibility on hackers

Next

Education Case Studies & Forensics Analysis - Security Program Development