Distributed denial-of-service attacks aim to bring portions of a network down by bombarding the network with requests, and U.S. financial institutions have been prime targets, hit by attacks that rendered their websites unavailable to customers.
These five tips can help maintain your financial institution’s network and cyber security posture while decreasing the risk and potential collateral damage of DDoS attacks.
Start with the Basic Security Objectives
Financial enterprises should consider implementing controls as they relate to the three main tenets of information security, the CIA triad. These principles are confidentiality, integrity and availability and are the foundation of any information security policy infrastructure.
Confidentiality refers to the safeguarding of sensitive or classified data; integrity refers to keeping the original data unadulterated and intact; and availability refers to the resources and data that need to be continuously available to authorized parties to maintain day-to-day business.
While the CIA triad is important for every network, it is especially vital for the financial sector where classified data can consist of personal information that must be protected due to regulatory compliance.
Next: Implementing SIEM
Another early stage security measure is utilizing a highly effective Security Information Management solution or Security Information and Event Management solution. The exact solution depends largely on the size and needs of your financial enterprise, and both are designed to increase the visibility of telemetry within the enterprise network or on its boundaries.
A SIM solution carries out the collection, storing, alerting and reporting on the data whereas SIEM solutions combine SIM with a Security Event Management component that processes logs in order to create alerts from connected events.
Both solutions have a wide range of capabilities, including compliance-related functions, such as the retention of messages and creation of reports specifically designed to address audit or compliance concerns. Audit and compliance issues are major concerns within the financial sector, and a strong SIEM can provide the additional visibility an enterprise needs to decrease the resolution time of an incident.
Next: Integrating AETs
Advanced Evasion Techniques consist of an evasive technique that lets intruders bypass security detection and logging during network security reconnaissance. In addition to bypassing network security, they are usually stackable through simultaneous execution on multiple protocol layers, capable of changing dynamically even in the midst of an attack and consist of numerous combinations of evasion techniques and modifications.
AET protection requires zero-day protection in all layers as well as deep packet inspection across multiple network layers and protocols. AET protection components should also have integration capabilities, a full range of features, high manageability and infrastructure patch capabilities.
AETs are especially dangerous to the financial sector where, once again, extremely sensitive information is at stake in a highly regulated environment.
Next: Taking Control
Web and content controls are integral for inspecting and blocking unauthorized access to sites and dangerous active content. Active content in the broadest sense consists of electronic documents that are designed to automatically invoke actions or trigger a response within a system without the assistance of an individual, phone-home type of behavior. Such content is a major hazard due to its automation and the fact that an individual may not directly or knowingly execute the actions.
Electronic documents have an added component of danger when they are actually programs or consist of programs that can be self-triggered, requiring no user intervention, and result in the same type of actions executing a program would entail. Because active content can be a death knell for the integrity of a financial network, protection against triggered behaviors is necessary, as is requiring user intervention to open executables, and strong authentication, authorization and accounting.
Digital and network forensics are particularly essential for dealing with DDoS in the financial sector as both serve to provide added visibility, remediation and legal response capabilities.
Digital forensics relates directly to legal response capabilities, as it deals with discovering and analyzing electronic data for use in a potential court case. Network forensics seeks to pinpoint the source of a security incident or attack by capturing, recording and analyzing network events.
Lacking either process opens your financial enterprise to additional legal ramifications and a higher risk of repeated attacks.