Distributed denial-of-service attacks aim to bring portions of anetwork down by bombarding the network with requests, and largeU.S. financial institutions have been prime targets. JP MorganChase, Capital One and Bank of America were recently hit, renderingtheir websites unavailable to customers.

These five tips can help maintain your financial institution'snetwork and cyber security posture while decreasing the risk andpotential collateral damage of DDoS attacks.

Start with the Basic Security Objectives

Financial enterprises should consider implementing controls asthey relate to the three main tenants of information security, theCIA triad. These principles are confidentiality, integrityand availability and are the foundation of any information securitypolicy infrastructure. Confidentiality refers to the safeguardingof sensitive or classified data; integrity refers to keeping theoriginal data unadulterated and intact; and availability refers tothe resources and data that need to be continuously available toauthorized parties to maintain day-to-day business. While the CIAtriad is important for every network, it is especially vital forthe financial sector where classified data can consist of personalinformation that must be protected due to regulatorycompliance.

Implement an Effective Security Information ManagementSolution

Another early stage security measure is utilizing a highlyeffective Security Information Management solution or SecurityInformation and Event Management solution. The exact solutiondepends largely on the size and needs of your financial enterprise,and both are designed to increase the visibility of telemetrywithin the enterprise network or on its boundaries.

A SIM solution carries out the collection, storing, alerting andreporting on the data whereas SIEM solutions combine SIM with aSecurity Event Management component that processes logs in order tocreate alerts from connected events. Both solutions have a widerange of capabilities, including compliance-related functions suchas the retention of messages and creation of reports specificallydesigned to address audit or compliance concerns. Audit andcompliance issues are major concerns within the financial sector,and a strong SIEM can provide the additional visibility anenterprise needs to decrease the resolution time of anincident.

Integrate Advanced Evasion TechniqueProtection

Advanced Evasion Techniques consist of an evasive technique thatlets intruders bypass security detection and logging during networksecurity reconnaissance. In addition to bypassing network security,they are usually stackable through simultaneous execution onmultiple protocol layers, capable of changing dynamically even inthe midst of an attack and consist of numerous combinations ofevasion techniques and modifications.

AET protection requires zero-day protection in all layers aswell as deep packet inspection across multiple network layers andprotocols. AET protection components should also have integrationcapabilities, a full range of features, high manageability andinfrastructure patch capabilities. AETs are especially dangerous tothe financial sector where, once again, extremely sensitiveinformation is at stake due to a highly regulated environment.

Establish Web and Content Controls

Web and content controls are integral for inspecting andblocking unauthorized access to sites and dangerous active content.Active content in the broadest sense consists of electronicdocuments that are designed to automatically invoke actions ortrigger a response within a system without the assistance of anindividual, phone-home type of behavior. Such content is a majorhazard due to its automation and the fact that an individual maynot directly or knowingly execute the actions.

Electronic documents have an added component of danger when theyare actually programs or consist of programs that can beself-triggered, requiring no user intervention, and result in thesame type of actions executing a program would entail. Becauseactive content can be a death knell for the integrity of afinancial network, protection against triggered behaviors isnecessary, as is requiring user intervention to open executables,and strong authentication, authorization and accounting.

Employ Digital and Network Forensics

Digital and network forensics are particularly essential fordealing with DDoS in the financial sector as both serve to provideadded visibility, remediation and legal response capabilities.Digital forensics relates directly to legal response capabilities,as it deals with discovering and analyzing electronic data for usein a potential court case. Network forensics seeks to pinpoint thesource of a security incident or attack by capturing, recording andanalyzing network events. Lacking either process opens yourfinancial enterprise to additional legal ramifications and a higherrisk of repeated attacks.

PhilLerner is the vice president of technology forStonesoft NorthAmerica in Atlanta.